PDA

View Full Version : Various Malware "Anti-Virus Programs"


Jamskies
2010-07-26, 15:35
I picked up a virus that pretended to be some sort of virus cleaner. I immediately opened spybot and it came up as a threat, and I removed it via spybot. I then attemppted an AVG scan, which would not start for some reason. I tried running my internet browser and discovered it no longer worked.

It is rather bad. I type this from another computer because i cant accsess the internet, unless i use a proxy like ultrasurf, which works for a few minutes, but then that stops suddenly.

here is my log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by EJ Davis at 9:15:26.07 on Mon 07/26/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1273 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
E:\Programs\NITRO\NitroPDFPrinterMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Windows\System32\szetyj67vx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\AUDIODG.EXE
C:\Users\EJ Davis\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://joinava.org/
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Brand Thunder Theme Manager for Internet Explorer: {0b5dee95-c164-4e3e-b4c7-15e852bde5bc} - c:\program files\brand thunder\cortez\bt-thememanager.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Facetheme: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - c:\program files\object\bho_project.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Google Update] "c:\users\ej davis\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "e:\programs\utorrent\uTorrent.exe"
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [setupupdate70700.exe] c:\users\ej davis\appdata\roaming\032ef019985a4dac649d5ce32d4b8785\setupupdate70700.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Nitro PDF Printer Monitor] "e:\programs\nitro\NitroPDFPrinterMonitor.exe"
mRun: [PWRISOVM.EXE] e:\programs\poweriso\PWRISOVM.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [sta] rundll32 "tuhip.dll",,Run
mRun: [szetyj67v] c:\windows\system32\szetyj67v.exe
mRun: [szetyj67vx] c:\windows\system32\szetyj67vx.exe
mRun: [tghlig] RUNDLL32.EXE c:\windows\system32\msgciutr.dll,w
mRun: [Ppunepinu] rundll32.exe "c:\users\ej davis\appdata\local\atobunitoba.dll",Startup
mExplorerRun: [jgyo0w] c:\users\ejdavi~1\appdata\local\temp\19aqp.exe
StartupFolder: c:\users\ejdavi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: Nitro PDF Professional - cscript //B "e:\programs\nitro\RemoveOldAddins.vbs"

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-14 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-14 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-14 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-14 108552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-07-26 12:43:40 40 ----a-w- c:\windows\system32\service.sys
2010-07-26 01:51:26 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-26 01:51:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-26 01:46:24 600 ----a-w- c:\users\ej davis\PUTTY.RND
2010-07-26 01:43:55 53248 ----a-w- c:\windows\system32\suppdll.dll
2010-07-26 01:43:55 35363 ----a-w- c:\windows\system32\windrvNT.sys
2010-07-26 01:43:54 0 d-sh--w- c:\users\ejdavi~1\appdata\roaming\.#
2010-07-26 01:07:12 217091209 ----a-w- c:\windows\MEMORY.DMP
2010-07-26 01:04:55 36865 ----a-w- c:\windows\system32\msgciutr.dll
2010-07-26 01:04:40 766464 ----a-w- c:\windows\system32\drivers\rnudidwt.sys
2010-07-26 01:04:33 134656 ----a-w- c:\windows\system32\szetyj67v.exe
2010-07-26 01:04:07 151552 ----a-w- c:\windows\system32\szetyj67vx.exe
2010-07-26 01:04:02 131072 --sh--r- c:\users\ejdavi~1\appdata\roaming\ogix.exe
2010-07-26 01:03:23 150 ----a-w- C:\zrpt.xml
2010-07-26 01:03:08 0 d-----w- c:\programdata\Update
2010-07-26 01:02:49 0 d-----w- c:\users\ejdavi~1\appdata\roaming\032EF019985A4DAC649D5CE32D4B8785
2010-07-25 01:39:15 0 d-----w- c:\program files\Brand Thunder
2010-07-21 14:11:01 0 d-----w- c:\program files\Object
2010-07-16 04:11:36 246784 ----a-w- c:\windows\system32\puhip.dll
2010-07-16 04:11:22 294912 ----a-w- c:\windows\system32\tuhip.dll
2010-07-15 20:32:49 61968 ----a-w- c:\windows\uninstall_Wonderful Madeira.ini
2010-07-14 12:45:34 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-11 02:45:42 0 d-----w- c:\program files\MSECACHE
2010-07-09 19:16:42 0 d-----w- C:\AdobeTemp
2010-07-01 20:46:13 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-01 20:45:59 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-07-01 20:42:02 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-07-01 20:41:53 0 d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
2010-06-28 17:59:47 0 d-----w- c:\program files\Shockwave 3D Lights Redux for FS9
2010-06-28 01:22:18 0 d-----w- c:\program files\iPod
2010-06-28 01:22:16 0 d-----w- c:\program files\iTunes
2010-06-28 01:07:12 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-06-23 19:33:07 34308 ----a-w- c:\programdata\mazuki.dll
2010-06-20 21:28:17 190344 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-20 19:15:47 724992 ----a-w- c:\windows\iun6002.exe
2010-06-18 00:17:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-12 18:36:38 286720 ----a-w- c:\windows\iun506.exe
2010-06-10 21:20:13 86584 ----a-w- c:\windows\fonts\LMS Hippy Chick_1.ttf
2010-06-10 21:20:13 86584 ----a-w- c:\windows\fonts\LMS Hippy Chick_0.ttf
2010-06-10 21:20:13 86584 ----a-w- c:\windows\fonts\LMS Hippy Chick.ttf
2010-06-04 23:22:18 186 ----a-w- c:\users\ej davis\FSDreamTeam_Honolulu.reg
2010-06-04 23:22:04 181 ----a-w- c:\users\ej davis\FSDreamTeam_KLAS.reg
2010-06-04 23:21:53 180 ----a-w- c:\users\ej davis\FSDreamTeam_JFK.reg
2010-06-04 23:21:43 190 ----a-w- c:\users\ej davis\FSDreamTeam_Chicago Ohare.reg
2010-06-04 23:21:27 180 ----a-w- c:\users\ej davis\FSDreamTeam_ZurichX.reg
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-20 22:28:18 119 --sh--w- c:\windows\cnerolf.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-21 02:28:47 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:17:05.23 ===============


I THANK YOU SO MUCH FOR YOUR HELP IN ADVANCE!
Jamskies
2010-07-26, 16:19
i would like to report that my computer restarted, ran the reg repair and apparently a system restore point. Now, my computer is working with 0 issues again!

I will post a new thread if something resurfaces, thanks!