Jump to content

Recommended Posts

A friend had accounts hacked, as well as the internet being disconnected frequently. Malwarebytes didn't catch anything. Here are the log files.

DDS (Ver_10-10-21.02) - NTFSx86

Run by AMD at 13:50:42.65 on Sun 10/24/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1244 [GMT -4:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\AVG\AVG PC Tuneup 2011\boostspeed.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\AMD\LOCALS~1\Temp\TeamViewer\Version5\TeamViewer.exe

c:\docume~1\amd\locals~1\temp\teamviewer\version5\TeamViewer_Desktop.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\AMD\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wow-petopia.com/

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

IE: &Search

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249420604105

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-7-31 13696]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-18 38224]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-21 517448]

=============== Created Last 30 ================

2010-10-24 16:39:23 -------- d-----w- c:\docume~1\amd\applic~1\AVG

2010-10-21 15:01:19 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-10-21 15:01:19 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2010-10-21 15:01:19 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-10-21 15:01:19 8192 ----a-w- c:\windows\system32\kbdkor.dll

2010-10-21 15:01:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-10-21 15:01:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-10-21 15:01:19 6144 ----a-w- c:\windows\system32\kbd101c.dll

2010-10-21 15:01:19 6144 ----a-w- c:\windows\system32\kbd101b.dll

2010-10-21 15:01:19 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2010-10-21 15:01:19 5632 ----a-w- c:\windows\system32\kbd103.dll

2010-10-21 15:01:18 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2010-10-21 15:01:18 6144 ----a-w- c:\windows\system32\kbd106.dll

2010-10-21 11:33:03 -------- d-----w- c:\docume~1\amd\applic~1\AVG10

2010-10-21 11:31:43 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-10-21 11:31:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-10-21 11:29:53 -------- d-----w- c:\windows\system32\drivers\AVG

2010-10-21 11:29:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-10-20 21:38:09 -------- d--h--w- C:\$AVG

2010-10-20 21:34:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-10-19 11:16:01 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-10-19 11:16:01 215920 ----a-w- c:\windows\system32\muweb.dll

2010-10-19 11:16:01 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-10-18 13:59:42 -------- d-----w- c:\documents and settings\amd\Tracing

2010-10-18 13:59:01 -------- d-----w- c:\program files\Microsoft

2010-10-18 13:58:47 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-10-18 13:55:04 -------- d-----w- c:\program files\common files\Windows Live

2010-10-18 13:36:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 13:36:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 13:36:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-18 13:33:09 -------- d-----w- c:\docume~1\amd\applic~1\TeamViewer

2010-10-16 20:10:27 -------- d-----w- c:\windows\pss

2010-10-14 11:07:14 -------- d-----w- C:\0bce43e8a11e7be311959202

2010-10-14 10:52:19 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 10:52:19 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-11 00:31:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2010-10-11 00:31:05 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-10-11 00:31:04 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-10-11 00:31:04 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-10-11 00:30:54 -------- d-----w- c:\program files\NVIDIA Corporation

2010-10-02 14:43:09 -------- d-----w- c:\docume~1\amd\applic~1\W Photo Studio

2010-10-02 14:40:00 -------- d-----w- c:\docume~1\amd\applic~1\W Photo Studio Viewer

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ------w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ------w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 13:51:06.34 ===============

attach.zip

hijackthis.log

mbam_log_2010_10_24__13_30_13_.txt

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.