1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Beginner's Help

Discussion in 'Malware and Virus Removal Archive' started by AtomicTyson, 2010/04/02.

Page 3 of 4
  1. 2010/04/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem, take your time.
    I'm fairly sure, your MBAM problem is not caused by any infection, because your computer looks pretty clean already.
     
    broni,
    #41
  2. 2010/04/18
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Sorry but I keep getting the same errors. Once while it first starts updating and when it almost finishes.
    I get the EXPANDING VARIABLES and ERROR LOAD DATABASE and I am very confused sorry I couldnt be of more help.

    Going to class but I will talk to you tonight
     
    AtomicTyson,
    #42


  3. to hide this advert.

  4. 2010/04/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, let's forget about MBAM for now...

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Post fresh HijackThis log as well.
     
    broni,
    #43
  5. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Having the express scan run as I sleep thanks for the advice.
     
    AtomicTyson,
    #44
  6. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. See you tomorrow :)
     
    broni,
    #45
  7. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Started the complete scan and you know the length of that lol. Began in the morning and its not even halfway through. Gonna keep checking on it and let you know the outcome.
     
    AtomicTyson,
    #46
  8. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'll be around :)
     
    broni,
    #47
  9. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Ok sorry it posted the information in a weird program that I haven't deleted yet so hope this works still for you. This is from Drweb:

    12a49b83-72b58140\myf/y/AppletX.class;C:\Documents and Settings\John\DoctorWeb\Quarantine\12a49b83-72b58140;Exploit.CVE2008.5353;;
    12a49b83-72b58140\myf/y/LoaderX.class;C:\Documents and Settings\John\DoctorWeb\Quarantine\12a49b83-72b58140;Exploit.CVE2008.5353;;
    12a49b83-72b58140\myf/y/PayloadX.class;C:\Documents and Settings\John\DoctorWeb\Quarantine\12a49b83-72b58140;Exploit.CVE2008.5353;;
    12a49b83-72b58140;C:\Documents and Settings\John\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
    2220e1f4-5140e210\myf/y/AppletX.class;C:\Documents and Settings\John\DoctorWeb\Quarantine\2220e1f4-5140e210;Exploit.CVE2008.5353;;
    2220e1f4-5140e210\myf/y/LoaderX.class;C:\Documents and Settings\John\DoctorWeb\Quarantine\2220e1f4-5140e210;Exploit.CVE2008.5353;;
    2220e1f4-5140e210\myf/y/PayloadX.class;C:\Documents and Settings\John\DoctorWeb\Quarantine\2220e1f4-5140e210;Exploit.CVE2008.5353;;
    2220e1f4-5140e210;C:\Documents and Settings\John\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
    Setup.ex0.bac_a03364\data001;C:\Documents and Settings\John\DoctorWeb\Quarantine\Setup.ex0.bac_a03364;Adware.Zango;;
    Setup.ex0.bac_a03364;C:\Documents and Settings\John\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
    ZAN9C26.exe0.bac_a02640\___\Install.dll;C:\Documents and Settings\John\DoctorWeb\Quarantine\ZAN9C26.exe0.bac_a02640;Adware.Shopper.37;;
    ZAN9C26.exe0.bac_a02640\Resource.dll;C:\Documents and Settings\John\DoctorWeb\Quarantine\ZAN9C26.exe0.bac_a02640;Trojan.Popclick.44;;
    ZAN9C26.exe0.bac_a02640;C:\Documents and Settings\John\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
    ZAN9C26.exe0.bac_a03364\___\Install.dll;C:\Documents and Settings\John\DoctorWeb\Quarantine\ZAN9C26.exe0.bac_a03364;Adware.Shopper.37;;
    ZAN9C26.exe0.bac_a03364\Resource.dll;C:\Documents and Settings\John\DoctorWeb\Quarantine\ZAN9C26.exe0.bac_a03364;Trojan.Popclick.44;;
    ZAN9C26.exe0.bac_a03364;C:\Documents and Settings\John\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:08:25 PM, on 4/19/2010
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 3600 bytes
     
    AtomicTyson,
    #48
  10. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This is good. Dr. Web didn't detect any new threats.
    As you can see, all files came from quarantine folder.
    We're getting there.

    Last scan....

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.

    Post fresh HijackThis log as well.
     
    broni,
    #49
  11. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    QuickScan Beta 32-bit v0.9.9.18
    -------------------------------

    Scan date: Mon Apr 19 18:23:45 2010
    Machine ID: C02890E4



    No infection found.
    -------------------



    Processes
    ---------
    <verified> Adobe Reader and Acrobat Manager 2324 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    <verified> Apple Mobile Device Service 1640 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    <verified> Bonjour 1660 C:\Program Files\Bonjour\mDNSResponder.exe
    <verified> Firefox 1848 C:\Program Files\Mozilla Firefox\firefox.exe
    <verified> Google Update 2396 C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
    <verified> iTunes 3096 C:\Program Files\iPod\bin\iPodService.exe
    <verified> iTunes 2336 C:\Program Files\iTunes\iTunesHelper.exe
    <verified> Microsoft® Windows® Operating System 2348 C:\Program Files\Windows Sidebar\sidebar.exe
    <verified> Microsoft® Windows® Operating System 1472 C:\Windows\Explorer.EXE
    <verified> Microsoft® Windows® Operating System 2540 C:\Windows\servicing\TrustedInstaller.exe
    <verified> Microsoft® Windows® Operating System 392 C:\Windows\system32\csrss.exe
    <verified> Microsoft® Windows® Operating System 440 C:\Windows\system32\csrss.exe
    <verified> Microsoft® Windows® Operating System 1444 C:\Windows\system32\Dwm.exe
    <verified> Microsoft® Windows® Operating System 540 C:\Windows\system32\lsass.exe
    <verified> Microsoft® Windows® Operating System 548 C:\Windows\system32\lsm.exe
    <verified> Microsoft® Windows® Operating System 2836 C:\Windows\system32\NOTEPAD.EXE
    <verified> Microsoft® Windows® Operating System 1088 C:\Windows\system32\NOTEPAD.EXE
    <verified> Microsoft® Windows® Operating System 3352 C:\Windows\system32\SearchFilterHost.exe
    <verified> Microsoft® Windows® Operating System 1928 C:\Windows\system32\SearchIndexer.exe
    <verified> Microsoft® Windows® Operating System 1092 C:\Windows\system32\SearchProtocolHost.exe
    <verified> Microsoft® Windows® Operating System 516 C:\Windows\system32\services.exe
    <verified> Microsoft® Windows® Operating System 1036 C:\Windows\system32\SLsvc.exe
    <verified> Microsoft® Windows® Operating System 328 C:\Windows\System32\smss.exe
    <verified> Microsoft® Windows® Operating System 1412 C:\Windows\System32\spoolsv.exe
    <verified> Microsoft® Windows® Operating System 696 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1436 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1200 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1864 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1076 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 904 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 884 C:\Windows\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 860 C:\Windows\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 768 C:\Windows\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1728 C:\Windows\system32\taskeng.exe
    <verified> Microsoft® Windows® Operating System 2004 C:\Windows\system32\taskeng.exe
    <verified> Microsoft® Windows® Operating System 2256 C:\Windows\system32\taskeng.exe
    <verified> Microsoft® Windows® Operating System 448 C:\Windows\system32\wininit.exe
    <verified> Microsoft® Windows® Operating System 496 C:\Windows\system32\winlogon.exe
    <verified> NVIDIA Driver Helper Service, Version 1 740 C:\Windows\system32\nvvsvc.exe
    <verified> NVIDIA Driver Helper Service, Version 1 1176 C:\Windows\system32\nvvsvc.exe
    <verified> Oracle Information Rights Management De 2296 C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    <verified> Pando Media Booster 2404 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    <verified> SoftK56 Modem Driver 2016 C:\Windows\system32\DRIVERS\xaudio.exe
    <verified> Windows Live Messenger 2356 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


    Network activity
    ----------------
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 66.102.7.104
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 66.102.7.104
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 66.102.7.104
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 66.102.7.104
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.25
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.25
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.25
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.25
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.25
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.25
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 72.14.213.118
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 72.14.213.118
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 72.14.213.118
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 69.192.204.20
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 74.125.11.37
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 74.125.53.139
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 69.192.197.115
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 66.235.143.54
    Process firefox.exe (1848) connected on port 80 (HTTP) --> 96.17.8.8

    Process wininit.exe (448) listens on ports: 49152 (RPC)
    Process services.exe (516) listens on ports: 49157 (RPC)
    Process lsass.exe (540) listens on ports: 49155 (RPC)
    Process svchost.exe (768) listens on ports: 135 (RPC)
    Process svchost.exe (860) listens on ports: 49153 (RPC)
    Process svchost.exe (904) listens on ports: 49156 (RPC)
    Process svchost.exe (1076) listens on ports: 49154 (RPC)
    Process PMB.exe (2404) listens on ports: 443 (HTTP over SSL), 563 (NNTP over SSL), 57951


    Autoruns and critical files
    ---------------------------
    <unsigned> Microsoft Age of Empires II D:\aoesetup.exe
    <unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
    <unsigned> SuperAntiSpyware c:\program files\superantispyware\sasseh.dll
    <unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    <verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    <verified> Google Update C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
    <verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
    <verified> Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
    <verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
    <verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    <verified> Oracle Information Rights Management De C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    <verified> Pando Media Booster C:\Program Files\Pando Networks\Media Booster\PMB.exe
    <verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    <verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


    Browser plugins
    ---------------
    <unsigned> ijji Optimizer Application C:\Windows\Downloaded Program Files\ijjiOptimizer.exe
    <unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    <unsigned> ChannelingPluginforReactor Dynamic Link C:\Windows\Downloaded Program Files\ChannelingPluginforReactor.dll
    <unsigned> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    <unsigned> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    <unsigned> ijjiPCPlugin C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll
    <unsigned> libcurl.dll C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
    <unsigned> libexpatw.dll C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
    <unsigned> Microsoft® Visual Studio .NET C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
    <unsigned> Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    <unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    <unsigned> Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
    <unsigned> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    <unsigned> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    <unsigned> The OpenSSL Toolkit C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
    <unsigned> The OpenSSL Toolkit C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
    <unsigned> zlib C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll

    <verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    <verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
    <verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    <verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    <verified> BitDefender QuickScan C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    <verified> BitDefender QuickScan C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    <verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    <verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    <verified> Java Deployment Toolkit 6.0.160.1 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    <verified> Microsoft® Visual Studio .NET C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
    <verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
    <verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    <verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
    <verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
    <verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
    <verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
    <verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    <verified> Move Streaming Media Player C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    <verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    <verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    <verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    <verified> Pando Web Installer C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
    <verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
    <verified> TVU Web Player for FireFox C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    <verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll


    Missing files
    -------------
    File not found: C:\Windows\System32\appmgmts.dll
    referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\ "ServiceDll "

    File not found: C:\Windows\System32\termsrv.dll
    referenced in: HKLM\System\ControlSet001\services\TermService\Parameters\ "ServiceDll "

    File not found: C:\Windows\system32\seclogon.dll
    referenced in: HKLM\System\ControlSet001\services\seclogon\Parameters\ "ServiceDll "


    Scan
    ----
    <unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
    <unsigned> MD5: ad2e6fb5da47fb720f39186282dbe4fd C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    <unsigned> MD5: b0d9d329def844443cc6698a76291c64 C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    <unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
    <unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
    <unsigned> MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    <unsigned> MD5: ad2e6fb5da47fb720f39186282dbe4fd C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    <unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    <unsigned> MD5: eed2ce7bd9e43b8500d906d944460d22 C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    <unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
    <unsigned> MD5: a6a361d639229a3349c3789507599993 C:\Program Files\Oracle\Information Rights Management\Desktop\Languages.dll
    <unsigned> MD5: 69f09caf3d4297ba697f7041b230e97b C:\Program Files\Oracle\Information Rights Management\Desktop\MsgError.dll
    <unsigned> MD5: ae25f7059c202d9593ef76c215730145 C:\Program Files\Oracle\Information Rights Management\Desktop\seal.dll
    <unsigned> MD5: d32a96793005edc15613f9d7bfc21bdd C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll
    <unsigned> MD5: 3d30e29073160e72da74ac4fb7f761fe C:\Program Files\Oracle\Information Rights Management\Desktop\smFilt.dll
    <unsigned> MD5: cd30e20513a26b56ca8245a7a43986fb C:\Program Files\Oracle\Information Rights Management\Desktop\smSearchResource.dll
    <unsigned> MD5: 4ec7edc6030c7caa65f4d76c54c4bd7d C:\Program Files\Oracle\Information Rights Management\Desktop\smSyncMgrResource.dll
    <unsigned> MD5: dd23b351b05bece521f34c014389073a C:\Program Files\Pando Networks\Media Booster\freebl3.dll
    <unsigned> MD5: 6915c68032bf662f771470241b94a74b C:\Program Files\Pando Networks\Media Booster\nspr4.dll
    <unsigned> MD5: c5a2579589de9d0b4bd3199b8d65b7f6 C:\Program Files\Pando Networks\Media Booster\nss3.dll
    <unsigned> MD5: 78de71ab719fbfee7191deb94004aac2 C:\Program Files\Pando Networks\Media Booster\plc4.dll
    <unsigned> MD5: 80128ca2478ec3f7ae0702d2fa9bc3d9 C:\Program Files\Pando Networks\Media Booster\plds4.dll
    <unsigned> MD5: de12f030db309a4fd933f8df5d722e85 C:\Program Files\Pando Networks\Media Booster\smime3.dll
    <unsigned> MD5: 2775d1104ed4aa6af4a4fc5c86c5ae23 C:\Program Files\Pando Networks\Media Booster\softokn3.dll
    <unsigned> MD5: 3ea70dee83aa019f0b59014577cb0a35 C:\Program Files\Pando Networks\Media Booster\ssl3.dll
    <unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files\QuickTime\QTSystem\QTCF.dll
    <unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
    <unsigned> MD5: eadfcaf6888b10183a0ef881453fa0ba C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
    <unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
    <unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files\QuickTime\QTTask.exe
    <unsigned> MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
    <unsigned> MD5: ecd5517a6633826057d4f050927ddf56 c:\program files\superantispyware\sasseh.dll
    <unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    <unsigned> MD5: f11fe030158f8ef14a56a3ea9e9bd47d C:\Program Files\WinRAR\RarExt.dll
    <unsigned> MD5: 210ed49a46fdaf2fd05cfef82a6c7327 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    <unsigned> MD5: 596ae98746cea4c2b4a54266b26b433a C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
    <unsigned> MD5: 2e07a92527c8ab899f5a42e1df5dc283 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
    <unsigned> MD5: 41813f05f1babc907640550d1c41b456 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
    <unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
    <unsigned> MD5: 2f53a197cf546a7ca5e4927b42013240 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
    <unsigned> MD5: 80e41408f6d641dc1c0f5353a0cc8125 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\707tt871.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
    <unsigned> MD5: e802baf0b20ccca90ec32d1d7d0ba05a C:\Windows\Downloaded Program Files\ChannelingPluginforReactor.dll
    <unsigned> MD5: 9956cb0a1a1c8886a956efaa3bbd6ff0 C:\Windows\Downloaded Program Files\ijjiOptimizer.exe
    <unsigned> MD5: 12444cf981dfea709343c071e3c11d76 C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll
    <unsigned> MD5: 07154b27860b999cc70eb6f7a1528794 C:\Windows\system32\Adobe\Director\np32dsw.dll
    <unsigned> MD5: 3eb293211b3adfa50c5bd84660c6ef33 C:\Windows\system32\DRIVERS\LVcKap.sys
    <unsigned> MD5: f323ba024da94ec7524755a3b3625097 C:\Windows\system32\DRIVERS\LVMVDrv.sys
    <unsigned> MD5: 026f7f224f088ee11e383bca448fff81 C:\Windows\System32\Drivers\usbaapl.sys
    <unsigned> MD5: cf1d75e7b4a7cc6d2a21fe64c9e50a12 C:\Windows\System32\shell32.dll
    <unsigned> MD5: 9ee3ab2b115d5762c6c7c194f2e1f595 D:\aoesetup.exe


    No file uploaded.

    Scan finished - communication took 4 sec
    Total traffic - 0.08 MB sent, 3.01 KB recvd
    Scanned 1281 files and modules - 58 seconds

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:25:20 PM, on 4/19/2010
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 3591 bytes
     
    AtomicTyson,
    #50
  12. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't recall what happened with your AVG, but if you uninstalled it at some point, keep it that way.
    You surely have to have some AV program, so I suggest, you install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html


    When done...


    Your computer is clean :)

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #51
  13. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Sorry step 4 is confusing me because I dont see any pop up. I have vista btw
     
    AtomicTyson,
    #52
  14. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you have UAC turned off, there will be no pop-up.
    Instead, "System Properties" window will open.
     
    broni,
    #53
  15. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Well I cant find the rest of the things to continue with the steps. Like system protection I cant seem to find that
     
    AtomicTyson,
    #54
  16. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go Start and in "Start search" type in:
    restore
    Click on "System Restore ", which will show at the top.
    "System Properties" window will open with "System Protection" tab already open.
    Remove checkmark from C drive checkbox.
    OK your way out
    Restart computer.
    Repeat all steps.
    Put checkmark back.
    OK your way out.
     
    broni,
    #55
  17. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Sorry but I am not getting those results
     
    AtomicTyson,
    #56
  18. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Where exactly are your results different?
     
    broni,
    #57
  19. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    All I get for results for search are:

    Files
    -Log
    -Attach

    I searched system restore and restore and checked online for methods for how it should work out. I just dont seem to have the program
     
    AtomicTyson,
    #58
  20. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #59
  21. 2010/04/19
    AtomicTyson

    AtomicTyson Inactive Thread Starter

    Joined:
    2010/04/02
    Messages:
    70
    Likes Received:
    0
    Wish I knew how to do that but yeah mine doesnt do that like I know it should
     
    AtomicTyson,
    #60
Page 3 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...