sutherlandly Posted August 24, 2010 ID:304597 Share Posted August 24, 2010 Sorry - I think I messed up and posted the mbam logs and the Avira AntiVir logs to the original post in error! I got confused with the email message and the message on the Malwarebytes posting.The MBAM log is as follows:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4469Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/24/2010 12:22:16 PMmbam-log-2010-08-24 (12-22-16).txtScan type: Quick scanObjects scanned: 163491Time elapsed: 9 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 28Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Documents and Settings\Lynn\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.Files Infected:C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Lynn\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.I cannot get the DDS/GMER program to complete it's process. It keeps locking up and I cannot softboot out. DDS (Ver_10-03-17.01) - NTFSx86 Run by Lynn at 12:42:37.89 on Tue 08/24/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1025 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\IncrediMail\bin\IncMail.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\IncrediMail\bin\IMApp.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Lynn\Desktop\dds.scr============== Pseudo HJT Report ===============mWinlogon: SfcDisable=-99 (0xffffff9d)BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTran.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTran.dlluRun: [incrediMail] c:\program files\incredimail\bin\IncMail.exe /cuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:bootmRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /mindRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEIE: &SearchIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: avgrsstarter - avgrsstx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-24 11608]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-4 216400]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-4 29584]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-4 243024]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-8-19 18816]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-24 135336]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-24 267432]R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-18 921952]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-18 308136]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-24 60936]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 135664]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-4 430152]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\45.tmp --> c:\windows\system32\45.tmp [?]=============== Created Last 30 ================2010-08-24 18:39:15 0 d-----w- c:\docume~1\lynn\applic~1\PriceGong2010-08-24 18:28:17 0 ----a-w- c:\documents and settings\lynn\defogger_reenable2010-08-24 15:55:09 0 d-----w- c:\docume~1\lynn\applic~1\Avira2010-08-24 15:48:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys2010-08-24 15:48:28 0 d-----w- c:\program files\Avira2010-08-24 15:48:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira2010-08-23 18:03:03 1402880 ----a-w- C:\HiJackThis.msi2010-08-20 21:58:46 0 d-----w- c:\program files\Microsoft Easy Assist2010-08-20 21:58:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications2010-08-20 20:35:23 221568 ------w- c:\windows\system32\MpSigStub.exe2010-08-20 20:33:24 0 d-----w- c:\program files\Microsoft Security Essentials2010-08-20 17:35:43 0 d-----w- c:\docume~1\lynn\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12010-08-20 17:32:42 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan2010-08-20 17:32:39 0 d-----w- c:\program files\McAfee Security Scan2010-08-19 22:08:53 0 d-----w- c:\program files\SpywareBlaster2010-08-19 20:22:52 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys2010-08-18 20:43:21 0 d-----w- c:\program files\Spybot - Search & Destroy2010-08-18 20:43:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2010-08-18 14:43:53 0 d-----w- c:\windows\system32\appmgmt2010-08-11 18:02:42 149504 ------w- c:\windows\system32\dllcache\schannel.dll2010-08-10 04:48:35 0 d-----w- c:\program files\TranslatorBar_1.22010-08-10 04:48:35 0 d-----w- c:\program files\Conduit2010-08-09 19:09:03 274288 ----a-w- c:\windows\system32\mucltui.dll2010-08-09 19:09:03 215920 ----a-w- c:\windows\system32\muweb.dll2010-08-09 19:09:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2010-08-05 08:17:09 40960 ----a-w- c:\windows\system32\wh2robo.dll2010-08-05 08:17:09 1044480 ----a-w- c:\windows\system32\Roboex32.dll2010-08-04 16:55:38 0 d-----w- c:\docume~1\lynn\applic~1\Watchtower2010-08-03 20:42:08 0 d-----w- c:\program files\MSECache2010-08-03 15:09:59 8462336 ------w- c:\windows\system32\dllcache\shell32.dll2010-07-28 18:20:06 0 d-----w- c:\program files\Watchtower==================== Find3M ====================2010-08-24 14:48:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2010-07-19 04:16:53 348160 ----a-w- c:\windows\system32\msvcr71.dll2010-07-19 04:10:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-07-19 04:10:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll2010-07-19 04:10:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys2010-06-23 11:30:00 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll2010-05-03 21:11:30 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat2010-05-04 00:29:39 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat2010-05-03 21:11:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat2010-05-03 06:46:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010050320100504\index.dat2010-05-03 21:11:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat============= FINISH: 12:43:32.32 ===============Attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted August 27, 2010 Staff ID:305549 Share Posted August 27, 2010 Duplicate topic closed. Link to post Share on other sites More sharing options...
Recommended Posts