Jump to content

Recommended Posts

Here are the logs from the second computer

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6493

Windows 5.1.2600 Service Pack 3, v.3264

Internet Explorer 7.0.5730.13

5/2/2011 3:13:59 PM

mbam-log-2011-05-02 (15-13-59).txt

Scan type: Quick scan

Objects scanned: 151585

Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by User at 15:41:08.21 on Mon 05/02/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.311 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ezSP_Px.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Documents and Settings\User\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sony.com/vaiopeople

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/platforms

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [sunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302723008031

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-2 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-2 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-2 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-3-24 308136]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2010-6-2 86098]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-4-4 517448]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

.

=============== Created Last 30 ================

.

2011-04-24 23:10:02 -------- d-----w- c:\program files\DIY DataRecovery MBRtool

2011-04-21 22:20:15 -------- d-----w- c:\program files\MSECache

2011-04-21 19:34:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG

2011-04-21 19:29:25 -------- d-----w- c:\docume~1\user\locals~1\applic~1\HP

2011-04-21 19:23:45 -------- d-----w- c:\windows\hpojp8500a909

2011-04-21 19:23:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2011-04-21 19:19:00 -------- d-----w- c:\program files\common files\HP

2011-04-21 19:18:59 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-04-21 19:17:53 -------- d-----w- c:\program files\HP

2011-04-21 19:17:49 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-04-21 19:17:49 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-04-19 06:12:33 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes

2011-04-19 06:12:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-19 06:12:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-19 06:12:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-19 06:12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-14 18:03:28 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-14 18:03:28 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-04-13 21:50:58 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-13 21:50:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 21:47:42 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Adobe

2011-04-04 20:23:29 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

.

==================== Find3M ====================

.

2011-03-24 22:29:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

============= FINISH: 15:41:39.12 ===============

GMER 1.0.15.15572 - http://www.gmer.net

Rootkit scan 2011-05-02 15:52:13

Windows 5.1.2600 Service Pack 3, v.3264 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.3.04

Running: lmvqjzwe.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxtdipow.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamW 7E425204 5 Bytes JMP 009D5415 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 7E432082 5 Bytes JMP 00B6C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectA 7E43A08A 5 Bytes JMP 00B6C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamA 7E43B14C 5 Bytes JMP 00B6C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExW 7E4507F8 5 Bytes JMP 00B6C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExA 7E45081C 5 Bytes JMP 00B6C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamA 7E456D78 5 Bytes JMP 00B6C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectW 7E4664CD 5 Bytes JMP 00B6C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attach.zip

Link to post
Share on other sites

Those logs looked OK.

Let's do two other.

Step 1.

Clean temp locations:

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2.

Scan with aswMBR:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 3.

Scan with ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 4.

Things I would like to see in your reply:

  1. The content of the report from aswMBR from Step 2.
  2. The content of the report from ESET Online Scanner from Step 3.

Link to post
Share on other sites

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-03 11:23:06

-----------------------------

11:23:06.656 OS Version: Windows 5.1.2600 Service Pack 3, v.3264

11:23:06.656 Number of processors: 2 586 0x304

11:23:06.671 ComputerName: TWO UserName:

11:23:09.453 Initialize success

11:23:15.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

11:23:15.390 Disk 0 Vendor: ST3160021A 3.04 Size: 152627MB BusType: 3

11:23:17.421 Disk 0 MBR read successfully

11:23:17.421 Disk 0 MBR scan

11:23:17.421 Disk 0 Windows XP default MBR code

11:23:19.421 Disk 0 scanning sectors +312560640

11:23:19.437 Disk 0 scanning C:\WINDOWS\system32\drivers

11:23:31.250 Service scanning

11:23:32.968 Disk 0 trace - called modules:

11:23:32.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

11:23:32.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82394ab8]

11:23:32.984 3 CLASSPNP.SYS[f8596fd7] -> nt!IofCallDriver -> \Device\00000057[0x823ceeb0]

11:23:32.984 5 ACPI.sys[f84ed620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82342d98]

11:23:32.984 Scan finished successfully

11:26:07.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"

11:26:07.953 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=cb09cba52b42f6488ae4dbcd75bb1a07

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-03 06:56:57

# local_time=2011-05-03 11:56:57 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3, v.3264

# compatibility_mode=1024 16777175 100 0 28842728 28842728 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=49179

# found=0

# cleaned=0

# scan_time=1260

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.