Jump to content

PriceGong


Recommended Posts

Sorry - I think I messed up and posted the mbam logs and the Avira AntiVir logs to the original post in error! I got confused with the email message and the message on the Malwarebytes posting.

The MBAM log is as follows:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4469

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/24/2010 12:22:16 PM

mbam-log-2010-08-24 (12-22-16).txt

Scan type: Quick scan

Objects scanned: 163491

Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 28

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Lynn\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.

I cannot get the DDS/GMER program to complete it's process. It keeps locking up and I cannot softboot out.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Lynn at 12:42:37.89 on Tue 08/24/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1025 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lynn\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTran.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTran.dll

uRun: [incrediMail] c:\program files\incredimail\bin\IncMail.exe /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: &Search

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-24 11608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-4 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-4 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-4 243024]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-8-19 18816]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-24 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-24 267432]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-18 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-18 308136]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-24 60936]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-4 430152]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\45.tmp --> c:\windows\system32\45.tmp [?]

=============== Created Last 30 ================

2010-08-24 18:39:15 0 d-----w- c:\docume~1\lynn\applic~1\PriceGong

2010-08-24 18:28:17 0 ----a-w- c:\documents and settings\lynn\defogger_reenable

2010-08-24 15:55:09 0 d-----w- c:\docume~1\lynn\applic~1\Avira

2010-08-24 15:48:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-08-24 15:48:28 0 d-----w- c:\program files\Avira

2010-08-24 15:48:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-08-23 18:03:03 1402880 ----a-w- C:\HiJackThis.msi

2010-08-20 21:58:46 0 d-----w- c:\program files\Microsoft Easy Assist

2010-08-20 21:58:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications

2010-08-20 20:35:23 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-20 20:33:24 0 d-----w- c:\program files\Microsoft Security Essentials

2010-08-20 17:35:43 0 d-----w- c:\docume~1\lynn\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-08-20 17:32:42 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-08-20 17:32:39 0 d-----w- c:\program files\McAfee Security Scan

2010-08-19 22:08:53 0 d-----w- c:\program files\SpywareBlaster

2010-08-19 20:22:52 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2010-08-18 20:43:21 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-08-18 20:43:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-08-18 14:43:53 0 d-----w- c:\windows\system32\appmgmt

2010-08-11 18:02:42 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-08-10 04:48:35 0 d-----w- c:\program files\TranslatorBar_1.2

2010-08-10 04:48:35 0 d-----w- c:\program files\Conduit

2010-08-09 19:09:03 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-09 19:09:03 215920 ----a-w- c:\windows\system32\muweb.dll

2010-08-09 19:09:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-08-05 08:17:09 40960 ----a-w- c:\windows\system32\wh2robo.dll

2010-08-05 08:17:09 1044480 ----a-w- c:\windows\system32\Roboex32.dll

2010-08-04 16:55:38 0 d-----w- c:\docume~1\lynn\applic~1\Watchtower

2010-08-03 20:42:08 0 d-----w- c:\program files\MSECache

2010-08-03 15:09:59 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-07-28 18:20:06 0 d-----w- c:\program files\Watchtower

==================== Find3M ====================

2010-08-24 14:48:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-07-19 04:16:53 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-07-19 04:10:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-19 04:10:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-19 04:10:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 11:30:00 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-05-03 21:11:30 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

2010-05-04 00:29:39 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2010-05-03 21:11:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat

2010-05-03 06:46:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010050320100504\index.dat

2010-05-03 21:11:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 12:43:32.32 ===============

Attach.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.