Jump to content

Freezea

hammgal

By hammgal
in Resolved Malware Removal Logs

 Share

Recommended Posts

hammgal

hammgal

Posted
Posted

I have been having trouble with my computer the past few days and have come to the conclusion I must have a virus of some sorts. I have AVG antivirus and it has found nothing. Upon the recommendation of a friend I downloaded Malwarebytes and sure enough it found 13 of the buggers. I clicked on Show Results and then Remove Selected and it then froze. It shows all 13 in quarantine, but will not remove them. I do not have a log as it never completed the removal and this was the first time I ran it. I was advised to download and run HijackThis and post it's log in addition. This is the log for that.

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/armhelper.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...476/mcfscan.cab

O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\pojobuwa.dll,C:\WINDOWS\system32\vitodowa.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
hammgal

hammgal

Posted
  • Author
Posted

Here's the log for combofix

ComboFix 09-11-08.03 - Family 11/08/2009 21:37.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.131 [GMT -5:00]

Running from: c:\documents and settings\Family\My Documents\Downloads\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))

.

2009-11-07 16:15 . 2009-11-07 16:15 -------- d-----w- c:\program files\Trend Micro

2009-11-07 03:46 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-07 03:46 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-07 03:46 . 2009-11-07 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-04 11:17 . 2009-11-04 11:17 99613 ----a-w- c:\windows\hpqins01.dat

2009-10-31 19:08 . 2009-10-31 19:08 -------- d-----w- c:\documents and settings\Family\Application Data\Skinux

2009-10-31 19:08 . 2009-10-31 19:08 -------- d-----w- c:\docume~1\Family\APPLIC~1\Skinux

2009-10-27 13:03 . 2009-10-22 14:32 3767064 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe

2009-10-27 13:03 . 2009-10-16 23:38 292632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll

2009-10-27 13:03 . 2009-10-22 14:32 5459880 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\winspamcatcher.dll

2009-10-22 14:34 . 2009-10-16 23:39 356616 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2009-10-22 14:34 . 2009-10-16 23:39 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys

2009-10-22 14:34 . 2009-10-16 23:38 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys

2009-10-22 14:34 . 2009-10-16 23:38 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys

2009-10-22 14:34 . 2009-10-16 23:38 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys

2009-10-22 14:34 . 2009-10-16 23:38 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys

2009-10-22 14:34 . 2009-10-16 23:39 161672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys

2009-10-22 14:34 . 2009-10-16 23:39 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2009-10-22 14:29 . 2009-10-16 23:38 875288 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2009-10-22 14:29 . 2009-10-16 23:38 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2009-10-17 14:44 . 2009-10-16 23:39 927000 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglvex.dll

2009-10-16 23:40 . 2009-10-17 14:16 -------- d-----w- C:\$AVG

2009-10-16 23:39 . 2009-10-22 14:32 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2009-10-16 23:39 . 2009-10-16 23:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-10-16 23:39 . 2009-10-22 14:31 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-10-16 23:39 . 2009-10-22 14:32 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-10-16 23:39 . 2009-10-16 23:39 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-10-16 23:39 . 2009-10-22 14:32 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-16 23:39 . 2009-11-09 02:09 -------- d-----w- c:\windows\system32\drivers\Avg

2009-10-16 23:38 . 2009-10-16 23:38 -------- d-----w- c:\program files\AVG

2009-10-16 23:38 . 2009-10-16 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-10-12 22:58 . 2009-10-16 02:00 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\DFH

2009-10-12 22:58 . 2009-10-16 02:00 -------- d-----w- c:\docume~1\Family\LOCALS~1\APPLIC~1\DFH

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-07 18:01 . 2006-03-13 21:38 47520 -c--a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-07 18:01 . 2006-03-13 21:38 47520 -c--a-w- c:\docume~1\Family\LOCALS~1\APPLIC~1\GDIPFONTCACHEV1.DAT

2009-11-07 17:20 . 2007-04-28 23:01 -------- d-----w- c:\program files\Coupons

2009-11-07 17:19 . 2006-03-07 03:54 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-07 17:19 . 2008-03-09 14:19 -------- d-----w- c:\documents and settings\Family\Application Data\Microsoft Games

2009-11-07 17:19 . 2008-03-09 14:19 -------- d-----w- c:\docume~1\Family\APPLIC~1\Microsoft Games

2009-11-07 17:19 . 2008-03-09 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games

2009-11-07 15:12 . 2006-03-07 04:00 -------- d-----w- c:\program files\Dell

2009-11-06 17:36 . 2009-10-06 17:44 -------- d-----w- c:\program files\Common Files\Kodak

2009-11-06 14:24 . 2006-03-13 01:59 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-06 13:54 . 2006-03-13 01:59 152 --sh--r- c:\windows\system32\A54B495086.sys

2009-10-29 14:19 . 2009-07-13 01:23 -------- d-----w- c:\program files\Common Files\ArcSoft

2009-10-24 13:11 . 2009-07-13 01:24 484 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll

2009-10-16 01:54 . 2006-12-12 21:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-06 17:25 . 2009-10-06 17:25 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe

2009-10-06 17:25 . 2009-10-06 17:25 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe

2009-10-06 17:10 . 2009-10-06 17:10 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe

2009-10-06 17:06 . 2009-10-06 17:06 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_262dc2d3\EasyShrx.Dll

2009-10-06 17:05 . 2009-10-06 17:05 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.20.1.dll

2009-10-06 17:05 . 2009-10-06 17:05 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_262c3686\EasyShrx.Dll

2009-10-06 17:05 . 2009-10-06 17:06 2684304 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_262dc2d3\Setup.exe

2009-10-06 16:59 . 2009-10-06 16:59 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.20.1.dll

2009-10-06 16:55 . 2009-07-13 01:17 -------- d-----w- c:\program files\Kodak

2009-10-01 13:18 . 2009-09-30 19:58 152576 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-09-28 13:39 . 2006-09-21 22:41 -------- d-----w- c:\program files\Yahoo!

2009-09-28 01:47 . 2009-09-28 01:47 -------- d-----w- c:\documents and settings\Family\Application Data\Apple Computer

2009-09-28 01:47 . 2009-09-28 01:47 -------- d-----w- c:\docume~1\Family\APPLIC~1\Apple Computer

2009-09-28 01:44 . 2009-07-13 01:24 -------- d-----w- c:\documents and settings\Family\Application Data\ArcSoft

2009-09-28 01:44 . 2009-07-13 01:24 -------- d-----w- c:\docume~1\Family\APPLIC~1\ArcSoft

2009-09-26 23:39 . 2009-09-26 23:39 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_Chocolatier\IAF.dll

2009-09-26 23:39 . 2009-09-26 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks

2009-09-23 02:39 . 2006-12-13 00:48 -------- d-----w- c:\program files\e-Sword

2009-09-19 00:19 . 2008-11-05 01:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-09-15 00:15 . 2008-01-03 00:26 -------- d-----w- c:\documents and settings\Family\Application Data\Move Networks

2009-09-15 00:15 . 2008-01-03 00:26 -------- d-----w- c:\docume~1\Family\APPLIC~1\Move Networks

2009-09-11 14:18 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:36 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:36 . 2009-07-16 13:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll

2009-08-26 08:00 . 2004-08-10 18:51 247326 ----a-w- c:\windows\system32\strmdll.dll

2008-03-17 19:42 . 2008-03-17 19:42 0 -c--a-w- c:\program files\temp01

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX6000"="c:\windows\vVX6000.exe" [2007-04-10 996712]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-22 2010904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-16 23:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/16/2009 6:39 PM 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/16/2009 6:39 PM 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/16/2009 6:39 PM 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/16/2009 6:39 PM 360584]

R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/16/2009 6:38 PM 906520]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/16/2009 6:38 PM 285392]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/22/2009 9:32 AM 5832712]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/16/2009 6:38 PM 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/16/2009 6:38 PM 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/16/2009 6:38 PM 25736]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/6/2008 5:46 PM 2385896]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/6/2009 10:46 PM 38224]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;c:\windows\system32\drivers\mr97310v.sys [3/9/2006 6:46 PM 114105]

S3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\drivers\usbscan.sys [9/2/2006 12:39 PM 15104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]

2008-11-29 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX6000_exe.job

- c:\windows\vVX6000.exe [2008-06-06 21:46]

2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{16C5B593-2DF0-4F33-BEA3-8732D3CA8001}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

FF - ProfilePath - c:\docume~1\Family\APPLIC~1\Mozilla\Firefox\Profiles\xbyr1j59.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\Family\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

HKCU-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-Browser Protection Volume - c:\program files\Video AX Object\bpunst.exe

AddRemove-RealArcade - c:\program files\RealArcade\Installer\bin\gameinstaller.exe

AddRemove-TaxCut Basic 2006 - c:\progra~1\TaxCut06\Program\removetc.exe

AddRemove-Yazzle1461Oin - c:\program files\Common Files\Yazzle1461OinUninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-08 21:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(492)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

.

**************************************************************************

.

Completion time: 2009-11-09 22:05 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-09 03:05

Pre-Run: 27,044,605,952 bytes free

Post-Run: 29,133,774,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6D9CE2E8CCB4B850ED607BFC6F02FA1F

Link to post
Share on other sites
hammgal

hammgal

Posted
  • Author
Posted

Here's DDS log

DDS (Ver_09-10-26.01) - NTFSx86

Run by Family at 22:23:59.96 on Sun 11/08/2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.100 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msfeedssync.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Family\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzsetup.lnk - d:\HPZstub.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5476/mcfscan.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\xbyr1j59.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-16 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-16 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-16 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-16 360584]

R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-16 906520]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-16 285392]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-10-22 5832712]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-16 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-16 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-16 25736]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-6-6 2385896]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-6 38224]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;c:\windows\system32\drivers\mr97310v.sys [2006-3-9 114105]

S3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\drivers\usbscan.sys [2006-9-2 15104]

=============== Created Last 30 ================

2009-11-09 02:35:32 0 d-sha-r- C:\cmdcons

2009-11-09 02:31:00 98816 ----a-w- c:\windows\sed.exe

2009-11-09 02:31:00 77312 ----a-w- c:\windows\MBR.exe

2009-11-09 02:31:00 267264 ----a-w- c:\windows\PEV.exe

2009-11-09 02:31:00 161792 ----a-w- c:\windows\SWREG.exe

2009-11-09 02:30:38 0 d-----w- C:\ComboFix

2009-11-07 16:15:49 0 d-----w- c:\program files\Trend Micro

2009-11-07 03:46:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-07 03:46:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-07 03:46:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-04 11:17:26 99613 ----a-w- c:\windows\hpqins01.dat

2009-10-31 19:08:22 0 d-----w- c:\docume~1\family\applic~1\Skinux

2009-10-16 23:40:09 0 d-----w- C:\$AVG

2009-10-16 23:39:49 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2009-10-16 23:39:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-10-16 23:39:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-10-16 23:39:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-10-16 23:39:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-10-16 23:39:17 0 d-----w- c:\windows\system32\drivers\Avg

2009-10-16 23:38:35 0 d-----w- c:\program files\AVG

2009-10-16 23:38:29 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2009-11-06 14:24:54 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll

2009-08-28 10:28:59 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-08-27 05:18:44 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-08-27 05:18:41 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll

2009-08-13 15:16:05 512000 ----a-w- c:\windows\system32\dllcache\jscript.dll

2008-03-17 19:42:55 0 -c--a-w- c:\program files\temp01

2009-07-16 19:46:19 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-09-04 01:15:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 22:25:03.23 ===============

Link to post
Share on other sites
hammgal

hammgal

Posted
  • Author
Posted

Finally the new hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:26:39 PM, on 11/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msfeedssync.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: hpzsetup.LNK = D:\HPZstub.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/armhelper.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...476/mcfscan.cab

O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--

End of file - 7679 bytes

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay. Is MBAM still freezing? Try renaming mbam.exe to winlogon.exe; see if it will quarantine the items now.

If no joy, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
hammgal

hammgal

Posted
  • Author
Posted

Thanks for getting back to me, Malware will quarantine the virus' but it will freeze when I push the remove button and they remain in the quarantine. I attempted to change the name like you suggested but it would not allow me to.

I also attempted to run the F-secure online scanner on Internet Explorer like you said but Internet Explorer will not load. I tried running it with Firefox and downloaded the add-on the site prompted me to and it will download and open the screen for the scanner but will not load beyond that. I have let it sit for well over 2 hours and all it says is that it is starting and will start shortly.

I was able to run the security check with no problem and the log is below.

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 9.0

McAfee AntiSpyware

``````````````````````````````

Anti-malware/Other Utilities Check:

McAfee AntiSpyware

HijackThis 2.0.2

Adobe Flash Player 10

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

AVG avgemc.exe

Family LOCALS~1 Temp fsonlinescanner.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites
hammgal

hammgal

Posted
  • Author
Posted

I attached the screen shot of malwarebytes when it freezes. There are also 25 viruses in the quarantine that I am not sure how to remove. I have attempted to run the bitdefender scan with no success, I download all the add-on's I'm prompted to but it freezes when I click start scanner.

post-24326-1258567424_thumb.jpg

Link to post
Share on other sites
hammgal

hammgal

Posted
  • Author
Posted

On a whim I tried running the bitdefender again and this time it worked, don't know why but it did so here's the report.

BitDefender QuickScan Beta v0.9.7.8

-----------------------------------

Scan date: Wed Nov 18 13:38:03 2009

Machine ID: A4ADE1E0

No infection found.

---------------------

Processes

---------

<unsigned> Digital Line Detection 3708 C:\Program Files\Digital Line Detect\DLG.exe

<unsigned> hpwuSchd Application 3480 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

<unsigned> RealPlayer 3396 C:\Program Files\Real\RealPlayer\RealPlay.exe

<unsigned> Drive Letter Access Component 3464 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

<verified> SMax4PNP MFC Application 3320 C:\Program Files\Analog Devices\Core\smax4pnp.exe

<verified> AVG Cache Server 1296 C:\Program Files\AVG\AVG9\avgchsvx.exe

<verified> AVG Scanning Core Module - Server Part 1444 C:\Program Files\AVG\AVG9\avgcsrvx.exe

<verified> AVG Scanning Core Module - Server Part 2016 C:\Program Files\AVG\AVG9\avgcsrvx.exe

<verified> AVG E-Mail Scanner 1240 C:\Program Files\AVG\AVG9\avgemc.exe

<verified> AVG Network scanner Service 1536 C:\Program Files\AVG\AVG9\avgnsx.exe

<verified> AVG Resident Shield Service 1304 C:\Program Files\AVG\AVG9\avgrsx.exe

<verified> AVG Tray Monitor 3672 C:\Program Files\AVG\AVG9\avgtray.exe

<verified> AVG Watchdog Service 320 C:\Program Files\AVG\AVG9\avgwdsvc.exe

<verified> dpupdchk.exe 3716 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

<verified> IPoint.exe 3540 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

<verified> MsCamSvc.exe 388 C:\Program Files\Microsoft LifeCam\MSCamS32.exe

<verified> Firefox 3096 C:\Program Files\Mozilla Firefox\firefox.exe

<verified> Windows Explorer 2900 C:\WINDOWS\Explorer.EXE

<verified> Application Layer Gateway Service 2404 C:\WINDOWS\System32\alg.exe

<verified> Client Server Runtime Process 616 C:\WINDOWS\system32\csrss.exe

<verified> CTF Loader 3684 C:\WINDOWS\system32\ctfmon.exe

<verified> hkcmd Module 3348 C:\WINDOWS\system32\hkcmd.exe

<verified> persistence Module 3356 C:\WINDOWS\system32\igfxpers.exe

<verified> LSA Shell (Export Version) 696 C:\WINDOWS\system32\lsass.exe

<verified> Microsoft Feeds Synchronization 2560 C:\WINDOWS\system32\msfeedssync.exe

<verified> Services and Controller app 684 C:\WINDOWS\system32\services.exe

<verified> Windows NT Session Manager 552 C:\WINDOWS\System32\smss.exe

<verified> Spooler SubSystem App 1492 C:\WINDOWS\system32\spoolsv.exe

<verified> Generic Host Process for Win32 Services 400 C:\WINDOWS\System32\svchost.exe

<verified> Generic Host Process for Win32 Services 416 C:\WINDOWS\System32\svchost.exe

<verified> Generic Host Process for Win32 Services 464 C:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 1220 C:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 1092 C:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 1044 C:\WINDOWS\System32\svchost.exe

<verified> Generic Host Process for Win32 Services 948 C:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 876 C:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 272 C:\WINDOWS\system32\svchost.exe

<verified> Windows NT Logon Application 640 C:\WINDOWS\system32\winlogon.exe

<verified> Windows Update 452 C:\WINDOWS\system32\wuauclt.exe

<verified> Microsoft LifeCam VX6000 Device Application 3512 C:\WINDOWS\vVX6000.exe

Network activity

----------------

Process firefox.exe (3096) connected on port 80 (HTTP) - 205.177.95.85

Process firefox.exe (3096) connected on port 80 (HTTP) - static.g.ash1.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - static.g.ash1.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - community.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - 205.177.95.85

Process firefox.exe (3096) connected on port 80 (HTTP) - channel19.01.05.sf2p.facebook.com

Process firefox.exe (3096) connected on port 80 (HTTP) - static.g.ash1.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - static.g.ash1.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.123

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - www-11-08-ash1.facebook.com

Process firefox.exe (3096) connected on port 80 (HTTP) - 205.177.95.85

Process firefox.exe (3096) connected on port 80 (HTTP) - static.g.ash1.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - api.10.07.snc1.facebook.com

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - 205.177.95.85

Process firefox.exe (3096) connected on port 80 (HTTP) - static.g.ash1.slide.com

Process firefox.exe (3096) connected on port 80 (HTTP) - www-11-01-snc2.facebook.com

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - 64.208.186.105

Process firefox.exe (3096) connected on port 80 (HTTP) - logging.slide.com

Process svchost.exe (948) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

<unsigned> InstallShield Update Service Scheduler C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

<unsigned> InstallShield Update Service Update Manager C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

<unsigned> hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

<unsigned> Kodak EasyShare Software C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

<unsigned> QuickTime Task C:\Program Files\QuickTime\qttask.exe

<unsigned> RealPlayer C:\Program Files\Real\RealPlayer\RealPlay.exe

<unsigned> Drive Letter Access Component C:\WINDOWS\System32\DLA\DLACTRLW.EXE

<verified> SMax4PNP MFC Application C:\Program Files\Analog Devices\Core\smax4pnp.exe

<verified> AVG Tray Monitor C:\Program Files\AVG\AVG9\avgtray.exe

<verified> IPoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe

<verified> LifeExp.exe C:\Program Files\Microsoft LifeCam\LifeExp.exe

<verified> AVG Resident Shield Starter C:\WINDOWS\system32\avgrsstx.dll

<verified> Shell Browser UI Library C:\WINDOWS\system32\browseui.dll

<verified> Crypto API32 C:\WINDOWS\system32\crypt32.dll

<verified> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll

<verified> Offline Network Agent C:\WINDOWS\system32\cscdll.dll

<verified> CTF Loader C:\WINDOWS\system32\ctfmon.exe

<verified> DIMS Notification Handler C:\WINDOWS\system32\dimsntfy.dll

<verified> hkcmd Module C:\WINDOWS\system32\hkcmd.exe

<verified> igfxdev Module C:\WINDOWS\system32\igfxdev.dll

<verified> persistence Module C:\WINDOWS\system32\igfxpers.exe

<verified> igfxTray Module C:\WINDOWS\system32\igfxtray.exe

<verified> Windows Logon UI C:\WINDOWS\system32\logonui.exe

<verified> Secondary Logon Service Notification DLL C:\WINDOWS\system32\sclgntfy.dll

<verified> Windows Shell Common Dll C:\WINDOWS\system32\shell32.dll

<verified> Systray shell service object C:\WINDOWS\system32\stobject.dll

<verified> Userinit Logon Application c:\windows\system32\userinit.exe

<verified> Web Site Monitor C:\WINDOWS\system32\webcheck.dll

<verified> Windows Genuine Advantage Notification C:\WINDOWS\system32\WgaLogon.dll

<verified> Common DLL to receive Winlogon notifications C:\WINDOWS\system32\wlnotify.dll

<verified> Windows Portable Device Shell Service Object C:\WINDOWS\system32\WPDShServiceObj.dll

<verified> Microsoft LifeCam VX6000 Device Application C:\WINDOWS\vVX6000.exe

Browser plugins

---------------

<unsigned> MetaStream 3 Plugin r4 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

<unsigned> Active DJ Studio ActiveX Control Module C:\WINDOWS\Downloaded Program Files\amp3dj.ocx

<unsigned> ATL Module for Windows (ANSI) C:\WINDOWS\Downloaded Program Files\atl.dll

<unsigned> InstallShield Update Service Setup Player Module C:\WINDOWS\Downloaded Program Files\dwusplay.dll

<unsigned> InstallShield Update Service Setup Player C:\WINDOWS\Downloaded Program Files\dwusplay.exe

<unsigned> InstallShield Update Service Web Agent C:\WINDOWS\Downloaded Program Files\isusweb.dll

<unsigned> McAfee Collector C:\WINDOWS\Downloaded Program Files\Uploader.exe

<unsigned> Drive Letter Access Component c:\windows\system32\dla\dlashx_w.dll

<verified> npmnqmp 989898989877 C:\Documents and Settings\Family\Application Data\Move Networks\plugins\npqmp071503000010.dll

<verified> Safe Search for Internet Explorer c:\program files\avg\avg9\avgssie.dll

<verified> AVG Security Toolbar c:\program files\avg\avg9\toolbar\ietoolbar.dll

<verified> WindowsLiveLogin.dll c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll

<verified> Windows Messenger C:\Program Files\Messenger\msmsgs.exe

<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

<verified> ArmHelper Control C:\WINDOWS\Downloaded Program Files\armhelper.ocx

<verified> EPUWALControl Module C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll

<verified> Adobe

Link to post
Share on other sites
  • 4 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept