Jump to content

Annoying Virus/Malware


Recommended Posts

My PC seems to have acquired a virus/malware yesterday that I can't seem to shake. The PC is running extremely slow in general, and on top of that certain (not all) .exe programs refuse to open. For some programs (malwarebytes included) I receive the message "Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the program". I've tried both redownloading and renaming after redownloading MBAM and I can get the program to open but then maybe 20-30 seconds into the scan it just disappears. I've included all the required logs except for the MBAM log (for obvious reasons).

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

Run by Geigus Family at 10:07:55 on 2011-08-31

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.199 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Labtec\WebCam10\WebCam10.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gamesbar\SearchEngineProtection.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.82\oberontb.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.82\oberontb.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [searchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe

uRun: [Google Update] "c:\documents and settings\geigus family\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [<NO NAME>]

mRun: [LogitechQuickCamRibbon] "c:\program files\labtec\webcam10\WebCam10.exe" /hide

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunServicesOnce: [Windows Security] c:\docume~1\admini~1\locals~1\temp\iexplorer.exe

dRun: [MKasK] c:\windows\drweb .exe

dRun: [HNUHVOXRpH] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [HNUHVOXRnEK] c:\docume~1\geigus~1\locals~1\temp\fj797 .exe

dRun: [MKeaK] c:\windows\user .exe

dRun: [HNUHVOXRpEc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKea0] c:\windows\user .exe

dRun: [HNUHVOXRpEK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaj] c:\windows\user .exe

dRun: [HNUHVOXRpE0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagc] c:\windows\user .exe

dRun: [HNUHVOXRpEj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagK] c:\windows\user .exe

dRun: [HNUHVOXRpEgc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeag0] c:\windows\user .exe

dRun: [HNUHVOXRpEgK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagj] c:\windows\user .exe

dRun: [HNUHVOXRpEg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggc] c:\windows\user .exe

dRun: [HNUHVOXRnEKmd.com/dw/dw.php?id=%s&ver=d01] c:\docume~1\geigus~1\locals~1\temp\fj797 .exe

dRun: [HNUHVOXRpEgggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeta] c:\windows\services.exe

dRun: [MKeaggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggggK] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggggg0] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggggK] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeagggggggggggggggggggggggggggggggggj] c:\windows\user .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggggg0] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [MKeaggggggggggggggggggggggggggggggggggc] c:\windows\user .exe

dRun: [HNUHVOXRpEgggggggggggggggggggggggggggggggggj] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRun: [HNUHVOXRpEggggggggggggggggggggggggggggggggggc] c:\docume~1\geigus~1\locals~1\temp\mdm .exe

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

StartupFolder: c:\docume~1\geigus~1\startm~1\programs\startup\epsona~1.lnk - e:\titles\epsonreg\EpsonReg.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.82\oberontb.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: mswsock.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{36FA46BF-6548-462B-A8A8-483441ABC819} : DhcpNameServer = 192.168.2.254 192.168.2.60 68.87.64.146 68.87.75.194

TCP: Interfaces\{95823309-E5FC-4742-B793-81FF199ADD89} : DhcpNameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{FC212F1F-8EA2-4845-821E-8A65101CD137} : DhcpNameServer = 68.87.75.198 68.87.64.150

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\geigus family\application data\mozilla\firefox\profiles\kk2eixru.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - plugin: c:\documents and settings\geigus family\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

.

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-2 54760]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

S0 lqebnr;lqebnr; [x]

S1 SASDIFSV;SASDIFSV; [x]

S1 SASKUTIL;SASKUTIL; [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\adm8511.sys [2010-7-14 0]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-4-16 23456]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-19 41272]

S3 SASENUM;SASENUM; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

.

=============== Created Last 30 ================

.

2011-08-31 04:14:23 -------- d-----w- c:\program files\MBblah

2011-08-30 19:26:12 4194304 ----a-w- c:\windows\system32\jitjikfp.dll

2011-08-15 16:00:53 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-15 16:00:24 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-08-15 15:57:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-06 21:01:41 -------- d-----w- c:\documents and settings\geigus family\application data\Oberonv1001

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

1601-01-01 00:03:52 55808 --sha-w- c:\windows\system32\nanuleya.dll.tmp

1601-01-01 00:03:52 55808 --sha-w- c:\windows\system32\nozegako.dll.tmp

1601-01-01 00:03:52 55808 --sha-w- c:\windows\system32\wofuhipe.dll.tmp

.

============= FINISH: 10:09:14.62 ===============

Attatch&Ark.rar

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Apparently you didn't read my original post. I can't open MBAM. I will post the ComboFix and new DDS log as soon as I finish running them.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.