Jump to content

Infected and GMER crashed system


Recommended Posts

I followed the instructions to follow when you're infected.

However when I ran GMER - the whole system locked up and I couldn't save the file. I have not re-run GMER.

Thanks in advance.

Here's the DDS info.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 23:17:44.82 on Sat 03/27/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2359 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll

mURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {6afbe8fb-227f-4042-aca0-b261d6f2f0a5} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: {c1d62ddc-8c06-45fa-9ea9-e369f9615a81} - No File

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf professional 5\ereg\Ereg.ini"

mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: turbotax.com

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200881447015

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200881681375

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {F60A0B68-AF3A-C1D2-CD09-5A80A136D2BA} - No File

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

LSA: Notification Packages = scecli c:\windows\system32\jikonaze.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-8 28552]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-1-26 3968]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-29 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-29 29512]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-29 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-19 308064]

R2 Eagletron TrackerPod Service;Eagletron TrackerPod Service;c:\program files\common files\eagletron\TrackerPodSvcSvr.exe [2010-2-13 135168]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-4 236368]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]

R2 trackcam;TrackerCam Video Capture Driver;c:\windows\system32\drivers\trackcam.sys [2010-2-13 78152]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-4 19160]

S0 btopb;btopb; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 memchk;memchk;\??\c:\windows\system32\memchk.sys --> c:\windows\system32\memchk.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

=============== Created Last 30 ================

2010-03-28 04:10:45 0 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-03-20 01:40:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-13 05:10:41 0 d-----w- c:\program files\Real Alternative

2010-03-12 01:53:44 0 d-----w- c:\program files\Vstplugins

2010-03-11 17:44:29 3566 ----a-w- c:\windows\system32\anb

2010-03-09 02:08:40 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-03-09 02:08:05 0 d-----w- c:\program files\Panda Security

2010-03-08 00:06:12 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-03-07 22:56:16 0 d-s---w- C:\ComboFix

2010-03-07 21:55:50 0 d-----w- c:\docume~1\owner\applic~1\AVG9

2010-03-07 17:43:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-05 12:52:29 146432 ----a-w- c:\windows\regedit.com

2010-03-05 01:19:32 54156 ---ha-w- c:\windows\QTFont.qfn

2010-03-05 01:19:32 1409 ----a-w- c:\windows\QTFont.for

2010-03-04 05:59:56 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2010-03-04 05:59:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-04 05:59:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-04 05:59:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-04 05:59:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-04 01:32:30 0 d-----w- c:\docume~1\owner\applic~1\NetMedia Providers

2010-03-04 01:04:31 0 d-----w- c:\program files\Sony Setup

2010-03-02 02:40:02 102884 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-28 05:16:10 0 d-----w- C:\Billy Joel Elton John

==================== Find3M ====================

2010-03-20 04:05:58 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-03-20 01:40:56 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-20 01:39:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-01-30 20:20:58 256 ----a-w- c:\documents and settings\owner\pool.bin

2009-09-27 14:35:14 7379 ----a-w- c:\program files\moviemk.inf

2009-09-27 14:35:14 15196 ----a-w- c:\program files\moviemk.PNF

2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

2005-06-26 22:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 06:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

2009-03-27 19:57:07 2098 --sh--w- c:\windows\system32\kuzapiso.exe

============= FINISH: 23:24:56.51 ===============

Attach.zip

mbam_log_2010_03_27__23_06_13_.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.