Jump to content

p0ng

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I had an infection in July that pretended to be an antivirus which asked me to pay for registration. The effects are still lingering. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26 Run by Michael D'Amico at 21:05:07 on 2011-08-08 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1470 [GMT -4:00] . AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\Visioneer OneTouch\OneTouchMon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bMUpdate] c:\windows\system32\BMUpdate.exe uRun: [Google Update] "c:\documents and settings\michael d'amico\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [bYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280104430609 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280116085125 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{874582AC-2E8D-49B2-A853-812278A2FCA3} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\michael d'amico\application data\mozilla\firefox\profiles\ccdgjkr9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p= FF - component: c:\documents and settings\michael d'amico\application data\mozilla\firefox\profiles\ccdgjkr9.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll FF - plugin: c:\documents and settings\michael d'amico\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-28 28552] R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-21 532224] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-14 366640] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143752] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456] R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2007-11-21 86098] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-14 22712] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896] S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?] S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [2007-12-28 40672] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624] S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?] . =============== Created Last 30 ================ . 2011-08-07 21:42:32 -------- d-----w- c:\documents and settings\michael d'amico\application data\Panda Security 2011-08-07 19:47:47 -------- d-----w- c:\documents and settings\michael d'amico\local settings\application data\panda2_0dn 2011-08-07 19:47:46 -------- d-----w- c:\documents and settings\all users\application data\Panda Security URL Filtering 2011-08-07 19:47:13 -------- d-----w- c:\documents and settings\all users\application data\Panda Security 2011-08-07 19:46:51 -------- d-----w- C:\temp 2011-08-01 03:39:30 44544 ----a-w- c:\windows\system32\msxml4a.dll 2011-08-01 03:38:44 -------- d-----w- c:\documents and settings\all users\application data\LGMOBILEAX 2011-08-01 03:34:56 -------- d-----w- c:\program files\LG Electronics 2011-08-01 03:29:21 -------- d-----w- c:\documents and settings\michael d'amico\local settings\application data\Spotify 2011-08-01 03:29:21 -------- d-----w- c:\documents and settings\michael d'amico\application data\Spotify 2011-08-01 03:29:18 -------- d-----w- c:\program files\Spotify 2011-07-15 11:05:24 -------- d-----w- c:\documents and settings\michael d'amico\application data\Malwarebytes 2011-07-15 02:52:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-15 02:52:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-07-15 02:52:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-15 02:52:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2011-07-05 16:12:43 143752 ----a-w- c:\windows\system32\drivers\PSINAflt.sys . ============= FINISH: 21:06:52.15 =============== Attach.zip mbam-log-2011-07-15 (07-15-00).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.