Jump to content

C Jones

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I followed the instructions to follow when you're infected. However when I ran GMER - the whole system locked up and I couldn't save the file. I have not re-run GMER. Thanks in advance. Here's the DDS info. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 23:17:44.82 on Sat 03/27/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2359 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe svchost.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe C:\Documents and Settings\Owner\Desktop\dds.scr C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: H - No File uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll mURLSearchHooks: H - No File BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {6afbe8fb-227f-4042-aca0-b261d6f2f0a5} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: {c1d62ddc-8c06-45fa-9ea9-e369f9615a81} - No File BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [sansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf professional 5\ereg\Ereg.ini" mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200881447015 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200881681375 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {F60A0B68-AF3A-C1D2-CD09-5A80A136D2BA} - No File SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll LSA: Notification Packages = scecli c:\windows\system32\jikonaze.dll ============= SERVICES / DRIVERS =============== R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-8 28552] R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-1-26 3968] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-29 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-29 29512] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-29 242696] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-19 308064] R2 Eagletron TrackerPod Service;Eagletron TrackerPod Service;c:\program files\common files\eagletron\TrackerPodSvcSvr.exe [2010-2-13 135168] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-4 236368] R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672] R2 trackcam;TrackerCam Video Capture Driver;c:\windows\system32\drivers\trackcam.sys [2010-2-13 78152] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-4 19160] S0 btopb;btopb; [x] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 memchk;memchk;\??\c:\windows\system32\memchk.sys --> c:\windows\system32\memchk.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000] =============== Created Last 30 ================ 2010-03-28 04:10:45 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-03-20 01:40:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-13 05:10:41 0 d-----w- c:\program files\Real Alternative 2010-03-12 01:53:44 0 d-----w- c:\program files\Vstplugins 2010-03-11 17:44:29 3566 ----a-w- c:\windows\system32\anb 2010-03-09 02:08:40 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-03-09 02:08:05 0 d-----w- c:\program files\Panda Security 2010-03-08 00:06:12 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-07 22:56:16 0 d-s---w- C:\ComboFix 2010-03-07 21:55:50 0 d-----w- c:\docume~1\owner\applic~1\AVG9 2010-03-07 17:43:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-05 12:52:29 146432 ----a-w- c:\windows\regedit.com 2010-03-05 01:19:32 54156 ---ha-w- c:\windows\QTFont.qfn 2010-03-05 01:19:32 1409 ----a-w- c:\windows\QTFont.for 2010-03-04 05:59:56 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-03-04 05:59:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-04 05:59:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-04 05:59:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-04 05:59:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-04 01:32:30 0 d-----w- c:\docume~1\owner\applic~1\NetMedia Providers 2010-03-04 01:04:31 0 d-----w- c:\program files\Sony Setup 2010-03-02 02:40:02 102884 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-28 05:16:10 0 d-----w- C:\Billy Joel Elton John ==================== Find3M ==================== 2010-03-20 04:05:58 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-03-20 01:40:56 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-20 01:39:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-01-30 20:20:58 256 ----a-w- c:\documents and settings\owner\pool.bin 2009-09-27 14:35:14 7379 ----a-w- c:\program files\moviemk.inf 2009-09-27 14:35:14 15196 ----a-w- c:\program files\moviemk.PNF 2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll 2005-06-26 22:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-22 06:37:42 45568 --sha-r- c:\windows\system32\cygz.dll 2009-03-27 19:57:07 2098 --sh--w- c:\windows\system32\kuzapiso.exe ============= FINISH: 23:24:56.51 =============== Attach.zip mbam_log_2010_03_27__23_06_13_.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.