Jump to content

Recommended Posts

Forgot to add the log above lol

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26

Run by test at 12:01:46 on 2011-09-01

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\mbam\mbamservice.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\vVX1000.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\mbam\mbamgui.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\test\My Documents\Downloads\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL

BHO: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ooVoo] C\ooVoo.exe /minimized

uRun: [Google Update] "c:\documents and settings\test\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\mbam\mbamgui.exe" /starttray

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 213.109.65.25 213.109.77.62 1.1.1.1

TCP: Interfaces\{CFBBEA7E-052E-454B-8773-C60CD82C29F1} : DhcpNameServer = 213.109.65.25 213.109.77.62 1.1.1.1

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\test\application data\mozilla\firefox\profiles\3dc16tce.default\

FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\test\local settings\application data\google\update\1.3.21.68\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

S? BHDrvx86;BHDrvx86

S? EraserUtilRebootDrv;EraserUtilRebootDrv

S? IDSxpx86;IDSxpx86

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? NAV;Norton AntiVirus

S? NAVENG;NAVENG

S? NAVEX15;NAVEX15

S? NPF;NetGroup Packet Filter Driver

S? SymDS;Symantec Data Store

S? SymEFA;Symantec Extended File Attributes

S? SymIRON;Symantec Iron Driver

.

=============== Created Last 30 ================

.

2011-09-01 02:59:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-01 02:59:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-01 02:59:26 -------- d-----w- c:\program files\mbam

2011-08-31 15:08:42 -------- d-----w- c:\documents and settings\test\application data\Malwarebytes

2011-08-31 15:07:27 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes

2011-08-30 17:15:15 -------- d-----w- c:\documents and settings\test\application data\LibreOffice

2011-08-30 17:10:52 -------- d-----w- c:\program files\LibreOffice 3.4

2011-08-30 06:52:47 -------- d-----w- c:\documents and settings\test\local settings\application data\Temp

2011-08-30 06:52:47 -------- d-----w- c:\documents and settings\test\local settings\application data\Adobe

2011-08-29 19:41:31 215920 ----a-w- c:\windows\system32\muweb.dll

2011-08-29 19:41:31 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-08-29 19:41:30 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-08-28 09:57:25 -------- d-----w- c:\program files\MetaStream

2011-08-28 08:09:01 -------- d-s---w- c:\documents and settings\test\UserData

2011-08-28 08:08:39 -------- d-----w- c:\documents and settings\test\local settings\application data\AskToolbar

2011-08-28 08:06:27 52080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll

2011-08-28 08:06:23 111472 ----a-w- c:\windows\system32\gotomon.dll

2011-08-28 08:06:22 -------- d-----w- c:\documents and settings\all users.windows\application data\CitrixLogs

2011-08-28 08:06:15 -------- d-----w- c:\program files\Citrix

2011-08-28 08:05:24 7053264 ----a-w- c:\documents and settings\test\gosetup.exe

2011-08-28 00:34:10 -------- d-----w- c:\documents and settings\all users.windows\application data\hya5HOh

2011-08-28 00:32:36 -------- d-----w- c:\windows\StormPredator

2011-08-28 00:32:36 -------- d-----w- c:\program files\StormPredator

2011-08-28 00:32:36 -------- d-----w- c:\documents and settings\all users.windows\application data\StormPredator

2011-08-27 23:54:23 -------- d-----w- c:\documents and settings\all users.windows\application data\{720A5268-5219-4F56-9770-974CAFAC2282}

2011-08-27 23:54:22 -------- d-----w- c:\program files\weathersaver

2011-08-25 00:40:49 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2011-08-25 00:40:32 -------- d-----w- c:\program files\common files\xing shared

2011-08-25 00:40:22 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2011-08-25 00:40:17 107008 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2011-08-25 00:40:08 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-08-23 18:11:02 -------- d-----w- c:\documents and settings\test\local settings\application data\Identities

2011-08-22 12:21:09 -------- d-----w- c:\documents and settings\test\application data\Tific

2011-08-22 12:20:57 -------- d-----w- c:\documents and settings\test\local settings\application data\Symantec

2011-08-19 03:44:36 -------- d-----w- c:\program files\Network Stumbler

.

==================== Find3M ====================

.

2011-08-25 00:40:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-13 17:22:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-13 17:22:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-08 20:06:03 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-07-08 20:06:03 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-07-08 17:34:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 12:02:35.81 ===============

Link to post
Share on other sites

Hi, business:

Sorry to hear that your computer may be infected.

Alas, we cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

The following information will help you get started on the cleaning process.

Excellent, self-help troubleshooting info for getting MBAM to run on an infected machine can be found here.

And there are specific, self-help malware removal instructions here.

If you would like expert assistance with cleaning your system, there are 3 support options from which to choose:

  • Option 1 -- Free, Expert advice in the Malware Removal Forum
  • Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  • Option 3 -- Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in this General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware related problems/infections you may have.

  • First, please print out, read and follow the directions here, skipping any steps you are unable to complete.
  • If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  • Then please post a NEW topic here.
  • When posting your new thread, please make sure that, under "options", you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you free, one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE:Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.


  • o If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
    o You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the zMn2t.jpg button instead of other ones when you reply here and at the other forums, so that it will be easier to read. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.