Jump to content

ScoobiFreeBSD

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral

About ScoobiFreeBSD

  • Birthday June 13

Profile Information

  • Location
    Duluth, GA, USA
  1. ScoobiFreeBSD
    No change; every MBAM scan (full or quick) shows 1 or 2 instances of C:\Windows\System32\atmpvcno32.exe and several Malware.trace files. Just started a new scan to post its results. Hooray! Some recent update seems to have finally killed this one! Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7164 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/19/2011 6:04:41 AM mbam-log-2011-07-19 (06-04-41).txt Scan type: Quick scan Objects scanned: 270589 Time elapsed: 4 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I had started a Full Scan last night, but it must've run the scheduled Quick Scan this morning & I grabbed the wrong (latest) log. Only difference this time (besides the MBAM update) was I disabled the network interface on the machine. Thanks again, okay to close this thread. Anthony
  2. ScoobiFreeBSD
    Here's my logs: DDS.txt: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Compaq_Administrator at 18:45:47 on 2011-07-11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1371 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\MYOWNS~2\bar\1.bin\cwbrmon.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\Sktempdm.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nwcfg32.exe C:\WINDOWS\system32\atmpvcno32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\imapi.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uURLSearchHooks: N/A: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - c:\program files\myownsuperheroie\bar\1.bin\cwSrcAs.dll mURLSearchHooks: H - No File mURLSearchHooks: N/A: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - c:\program files\myownsuperheroie\bar\1.bin\cwSrcAs.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Search Assistant BHO: {be5bab39-39b5-45c1-83f2-10ee5ae55587} - c:\program files\myownsuperheroie\bar\1.bin\cwSrcAs.dll BHO: Toolbar BHO: {c335fe0b-1418-42fb-942f-2c1e13259052} - c:\progra~1\myowns~2\bar\1.bin\cwbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: MyOwnSuperhero: {3bcf580a-adca-4b91-86e0-3898010003e6} - c:\program files\myownsuperheroie\bar\1.bin\cwbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Detect Kbd Daemon] SK2000DM.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [MyOwnSuperheroIE Browser Plugin Loader] c:\progra~1\myowns~2\bar\1.bin\cwbrmon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/insaniquarium/popcaploader.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{32BC363E-0E44-4E0E-8E23-F7597E33FF13} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{475CDA0F-CA7F-404E-8C2E-5CABF24C6DCA} : NameServer = 10.0.1.1 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\5nz6w7ov.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b159828&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - plugin: c:\progra~1\sonyon~1\npsoe.dll FF - plugin: c:\progra~1\sonyon~1\npsoeact.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-11-28 366640] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 mnmsrvc32;NetMeeting Remote Desktop Sharing ;c:\windows\system32\nwcfg32.exe [2011-6-24 565248] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-6 22712] S0 robpiym;robpiym;c:\windows\system32\drivers\uerk.sys --> c:\windows\system32\drivers\uerk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664] S2 MyOwnSuperheroIEService;MyOwnSuperhero Service;c:\progra~1\myowns~2\bar\1.bin\cwbarsvc.exe [2010-10-30 28766] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-6 39984] S3 PAC207;Webcam Basic;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176] S3 SKUSBKBF;USB Keyboard Filter Driver;c:\windows\system32\drivers\skusbkbf.sys [2001-7-27 14048] S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?] . =============== Created Last 30 ================ . 2011-07-09 19:45:01 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-07-09 19:38:35 565248 ------w- c:\windows\system32\atmpvcno32.exe 2011-07-09 19:15:31 -------- d-sha-r- C:\cmdcons 2011-07-09 19:11:45 98816 ----a-w- c:\windows\sed.exe 2011-07-09 19:11:45 518144 ----a-w- c:\windows\SWREG.exe 2011-07-09 19:11:45 256000 ----a-w- c:\windows\PEV.exe 2011-07-09 19:11:45 208896 ----a-w- c:\windows\MBR.exe 2011-07-09 19:11:36 -------- d-----w- C:\ComboFix 2011-07-04 21:31:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-04 21:31:56 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-07-02 17:04:46 -------- d-----w- c:\program files\directx 2011-06-25 20:51:52 -------- d-----w- c:\windows\tmp 2011-06-24 04:50:45 565248 ----a-w- c:\windows\system32\nwcfg32.exe 2011-06-14 22:55:04 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-06-14 22:55:04 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2011-06-27 19:32:09 0 ----a-w- c:\windows\Pxuvifigocixaf.bin 2011-06-04 19:20:22 77824 --sha-r- c:\windows\system32\ntkrnlpal.dll 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys 2009-09-09 19:02:21 15107 ----a-w- c:\program files\common files\ituxy.reg 2009-09-09 19:02:21 13809 ----a-w- c:\program files\common files\lepozy.sys 2008-11-23 18:25:26 17336 ----a-w- c:\program files\common files\ojipadyz.com 2008-11-23 18:25:26 16440 ----a-w- c:\program files\common files\ozobereme.dll 2008-11-23 18:25:26 16425 ----a-w- c:\program files\common files\kizel.pif 2008-11-19 22:07:53 14062 ----a-w- c:\program files\common files\yxab.com 2008-11-19 22:07:53 11596 ----a-w- c:\program files\common files\idulifoda.bat . ============= FINISH: 18:47:03.95 =============== mbam-log-2011-07-16 (16-36-26).txt: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7164 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/16/2011 4:36:26 PM mbam-log-2011-07-16 (16-36-26).txt Scan type: Quick scan Objects scanned: 270911 Time elapsed: 5 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\localservice\application data\020000005cf797a21385c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000005cf797a21385o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000005cf797a21385p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000005cf797a21385s.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000005cf797a21385c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000005cf797a21385o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000005cf797a21385p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000005cf797a21385s.manifest (Malware.Trace) -> Quarantined and deleted successfully. DDS/GMER log zipped and attached here: Attach.zip Thanks in advance, Anthony
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.