Jump to content

Possibly infected


Recommended Posts

Hi, ignore my last post.

Here are my logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:56:49 AM, on 29/08/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

C:\Program Files\Metacafe\MetacafeAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell.com/content/default.as...;l=en&s=gen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

F2 - REG:system.ini: UserInit=Userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9015550B-81C4-45C6-9ECD-636FDF247ADA} - C:\Program Files\Windows Media Player\holemuny4444.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: (no name) - {B0DFBB09-B474-40E2-8E31-8793D648A29F} - C:\Program Files\Windows Media Player\holemuny83122.dll (file missing)

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GEST] m

Link to post
Share on other sites

Hello nick.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not nick and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Please advise me about the McAfee antivirus & the AVG8 antivirus. Did you recently add AVG8? Did the McAfee come as a free trial or came installed with pc, or is a freebie from your internet provider?

If you do not have a current subscription to McAfee, do un-install it now, and then reboot/restart the system.

Having 2 antivirus programs running will cause some serious conflicts.

If you are with a current McAfee license, then un-install AVG8, and then restart the system.

=

Do NOT use this system for web searches or web surfing, online games, etc.

If unable to download tools on this system, use another and copy / burn to CD DVD or clean USB thumb-flash drive, and copy onto Desktop of this pc.

Do this:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

=

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O2 - BHO: (no name) - {9015550B-81C4-45C6-9ECD-636FDF247ADA} - C:\Program Files\Windows Media Player\holemuny4444.dll (file missing)

O2 - BHO: (no name) - {B0DFBB09-B474-40E2-8E31-8793D648A29F} - C:\Program Files\Windows Media Player\holemuny83122.dll (file missing)

O4 - HKCU\..\Run: [sen] "C:\DOCUME~1\Nic\MYDOCU~1\YMANTE~1\userinit.exe" -vt yazb

O4 - HKCU\..\Run: [Pibrh] C:\WINDOWS\s?curity\??ool32.exe

O20 - Winlogon Notify: dfrlpk - dfrlpk.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

=

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

When done, DDS.txt will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop.

Go >> here <<

and download RootRepeal and SAVE to your Desktop.

Doubleclick RootRepeal.exe icon on your Desktop.

Click on the Report tab at bottom of window and then click on Scan button.

A Windows will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers

Files

Processes

SSDT

Hidden Services

Stealth Objects

You will then be asked which drive to scan.

Check C: (or the drive your operating system is installed on if not C) and click Ok again.

The scan will start.

It will take a little while so please be patient. When the scan has finished, click on Save Report.

Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

When you have done this, please copy and paste it in this thread.

=

Please include the following logs in your next reply:

DDS.txt

Attach.txt

RootRepeal.txt

Link to post
Share on other sites

Hi, thanks for the detailed instructions.

To answer your questions, yes, i have only recently installed avg8 free edition. (about 3 weeks ago.)

But i am not entirely sure about mcaffe. This is used to be my brothers computer and he must of installed it. So i do not know.

How would i tell if i have a current subscription with mcaffe?

Anyway,

Here are my logs:

DDS.txt:

DDS (Ver_09-07-30.01) - NTFSx86

Run by Nic at 15:11:28.28 on Sat 29/08/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2129 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\new folder\steam.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

C:\Program Files\Metacafe\MetacafeAgent.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\PROGRA~1\mcafee\msc\mcshell.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Documents and Settings\Nic\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb

uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb

uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen

uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s

mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mWinlogon: SFCDisable=4 (0x4)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [steam] "c:\new folder\steam.exe" -silent

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [GEST] m

Link to post
Share on other sites

The logs still show 2 active antivirus apps. I'll repeat my comments from before:

Please advise me about the McAfee antivirus & the AVG8 antivirus. Did you recently add AVG8? Did the McAfee come as a free trial or came installed with pc, or is a freebie from your internet provider?

If you do not have a current subscription to McAfee, do un-install it now, and then reboot/restart the system.

Having 2 antivirus programs running will cause some serious conflicts.

If you are with a current McAfee license, then un-install AVG8, and then restart the system.

=

This sys has 2 or so "torrent"/filesharing apps. I'd urge you to de-install Limewire & bittorrent.

I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

=

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 2718 or later. The latest program version is 1.40

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.
    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

How To Use Compressed (Zipped) Folders in Windows XP

Compress and uncompress files (zip files) in Vista

=

javaicon.gif See this topic in the AumHa Security forum and get the latest Java run-time

http://aumha.net/viewtopic.php?f=26&t=41698

Reply with copy of the latest MBAM scan log

and the Sysclean.log

and tell me, How is your system now ?

Link to post
Share on other sites

Hi,

i deleted both P2P file sharing programs and AVG8 Free edition.

Here is my scan for Quick scan Malwarebytes:

Malwarebytes' Anti-Malware 1.40

Database version: 2719

Windows 5.1.2600 Service Pack 3

31/08/2009 8:49:26 PM

mbam-log-2009-08-31 (20-49-26).txt

Scan type: Quick Scan

Objects scanned: 134509

Time elapsed: 13 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Sysclean has been running for a while now, about 3 hours, ill post that As soon as its done.

Link to post
Share on other sites

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 2734 or later. The latest program version is 1.40

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Please reply with the latest MBAM scan log AND

the Sysclean.log

Link to post
Share on other sites

  • 4 weeks later...

This thread is closed due to lack of response. The procedures used here were specific to this system and only for this system. Do not apply them to another; doing so will likely damage your system.

If you are a casual observer and having same issues, please follow forum procedures and create your own New topic.

I'm infected - What do I do now?

Procedures to help resolve issues preventing MBAM from running

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.