News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
July 31, 2014, 17:39:58
Pages: [1]   Go Down
  Print  
Topic: Trojans found - Please help removing  (Read 2238 times)
0 Members and 1 Guest are viewing this topic.
« on: January 14, 2010, 14:38:34 »
Dev Offline
Newbie

*

Karma: 0
Posts: 19



Hi. A recent scan of my desktop found a trojan.  I unhooked it from my router and did a scan today on my notebook and a trojan was found with Avast. It is said to be quarantined but I need help with getting it off my notebook and the one that is on my desktop. 

My desktop (XP 2002 Service Pack 3) hooks into the router by an Ethernet cable. 
My notebook (Vista Home Service Pack 2, 64 bit OS) is connected wireless through the router. 

Since finding the trojans I unhooked the desktop and will only connect up when I get help with cleaning.  Right now I am connected wirelessly with my notebook to post. 

The trojan that was found on my notebook is :   JS:Illredir-C [Trj] - found by Avast and was sent to the chest.

The trojan found on my desktop is:  Trojan.Agent/Gen-Nullo (Short).Process - found with SuperAntiSpyware and quarantined.


Below are the HiJackThis log and mbam log for the notebook pc.  I ran into a couple of problems when running the HiJackThis log, below are the error messages from the two windows that popped up:


For some reason your system denied write access to the Hosts file.
If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself.  To do this, click Start, Run and type:

  notepad "C:\Windows\System32\drivers\etc\hosts"

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as "hosts." (with quotes), and reboot.

===============

An unexpected error has occurred at procedure:
modMain_CheckOther1Item()
Error #75 - Path/File access error



Thanks for any help.

----------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:09:23 PM, on 1/14/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Hijackthis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\SysWOW64\atashost.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

----------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3553
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/14/2010 3:52:54 PM
mbam-log-2010-01-14 (15-52-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 320393
Time elapsed: 1 hour(s), 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged
« Reply #1 on: January 14, 2010, 23:38:22 »
Unzy
Guest

It's best to perform an online scan first

http://www.bitdefender.com/scanner/online/free.html
Logged
« Reply #2 on: January 15, 2010, 11:42:47 »
Dev Offline
Newbie

*

Karma: 0
Posts: 19



Thank you.  I scanned my laptop with bitdefender and nothing was found.  I also scanned with SuperAntiSpyware and Malwarebytes and Malware found an adware and removed it.  That pc seems to be clean now as I rescanned with all three plus downloaded a new virus program Vipre and scanned nothing is now found with any.   It is another story with my desktop of which I hope to get further help for.

I uninstalled Avast after downloading and before scanning with the new anti-virus program Vipre.

I scanned my desktop pc with Bitdefender, SuperAntiSpyware, Malwarebytes and Vipre.  Below are the logs from each.

Any help will be appreciated.

BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Scan date:  Fri Jan 15 10:48:02 2010
Machine ID: 9CD3507D



No infection found.
---------------------


Processes
---------
<unsigned>  Advanced SystemCare 3                               1132    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
<unsigned>  APC PowerChute Personal Edition                     2016    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
<unsigned>  HP PML                                               604    C:\WINDOWS\system32\HPZipm12.exe
<unsigned>  KodakSvc                                             312    C:\Program Files\Kodak\printer\center\KodakSvc.exe

<verified>  Ati2evxx.exe                                        1108    C:\WINDOWS\system32\Ati2evxx.exe
<verified>  avast! Antivirus                                     756    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified>  avast! Antivirus                                    2448    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
<verified>  avast! Antivirus                                    1544    C:\Program Files\Alwil Software\Avast4\ashServ.exe
<verified>  avast! Antivirus                                    2484    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
<verified>  avast! Antivirus                                    1488    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
<verified>  Firefox                                             2996    C:\Program Files\Mozilla Firefox\firefox.exe
<verified>  GoogleToolbarNotifier                               1320    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified>  Intuit Update Service                                152    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
<verified>  Java(TM) Platform SE 6 U14                           256    C:\Program Files\Java\jre6\bin\jqs.exe
<verified>  Microsoft® Visual Studio .NET                        380    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified>  Microsoft® Windows® Operating System                1700    C:\WINDOWS\Explorer.EXE
<verified>  Microsoft® Windows® Operating System                2756    C:\WINDOWS\System32\alg.exe
<verified>  Microsoft® Windows® Operating System                 860    C:\WINDOWS\system32\csrss.exe
<verified>  Microsoft® Windows® Operating System                1712    C:\WINDOWS\system32\ctfmon.exe
<verified>  Microsoft® Windows® Operating System                 940    C:\WINDOWS\system32\lsass.exe
<verified>  Microsoft® Windows® Operating System                 928    C:\WINDOWS\system32\services.exe
<verified>  Microsoft® Windows® Operating System                 812    C:\WINDOWS\System32\smss.exe
<verified>  Microsoft® Windows® Operating System                1908    C:\WINDOWS\system32\spoolsv.exe
<verified>  Microsoft® Windows® Operating System                 676    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System                1212    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System                1252    C:\WINDOWS\System32\svchost.exe
<verified>  Microsoft® Windows® Operating System                1360    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System                1124    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System                1984    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System                2420    C:\WINDOWS\System32\svchost.exe
<verified>  Microsoft® Windows® Operating System                 752    C:\WINDOWS\system32\wdfmgr.exe
<verified>  Microsoft® Windows® Operating System                 884    C:\WINDOWS\system32\winlogon.exe
<verified>  Microsoft® Windows® Operating System                1328    C:\WINDOWS\system32\wuauclt.exe
<verified>  PC Tools Firewall Plus                               616    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
<verified>  PC Tools Firewall Plus                               448    C:\Program Files\PC Tools Firewall Plus\FWService.exe


Network activity
----------------
Process ashWebSv.exe (2484) connected on port 80 (HTTP) - 75.105.128.60
Process ashWebSv.exe (2484) connected on port 80 (HTTP) - 75.105.128.60
Process firefox.exe (2996) connected on port 443 (HTTP over SSL) - 74.125.157.103
Process firefox.exe (2996) connected on port 443 (HTTP over SSL) - 74.125.157.103
Process firefox.exe (2996) connected on port 443 (HTTP over SSL) - 74.125.65.18
Process firefox.exe (2996) connected on port 443 (HTTP over SSL) - 74.125.65.91

Process svchost.exe (1212) listens on ports: 135 (RPC)
Process svchost.exe (1360) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
<unsigned>  Advanced SystemCare 3                               C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
<unsigned>  GetCounterInfo Application                          C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
<unsigned>  hp digital imaging - hp all-in-one series           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
<unsigned>  SuperAntiSpyware                                    C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned>  SUPERAntiSpyware WinLogon Processor                 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

<verified>  Apple Software Update                               C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified>  avast! Antivirus                                    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified>  Google Update                                       C:\Documents and Settings\Dvorah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified>  GoogleToolbarNotifier                               C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\browseui.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\crypt32.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\cryptnet.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\cscdll.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\system32\ctfmon.exe
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\dimsntfy.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\system32\logonui.exe
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\system32\rundll32.exe
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\system32\sclgntfy.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\shell32.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\stobject.dll
<verified>  Microsoft® Windows® Operating System                c:\windows\system32\userinit.exe
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\wlnotify.dll
<verified>  PC Tools Firewall Plus                              C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
<verified>  Windows Genuine Advantage                           C:\WINDOWS\SYSTEM32\WgaLogon.dll
<verified>  Windows® Internet Explorer                          C:\WINDOWS\SYSTEM32\webcheck.dll


Browser plugins
---------------
<unsigned>  cpcScan                                             C:\WINDOWS\Downloaded Program Files\cpcScan.dll
<unsigned>  Diagnostic Collection ActiveX control               C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll
<unsigned>  DivX Player Netscape Plugin                         C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<unsigned>  DivX Player Netscape Plugin                         C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<unsigned>  DivX® Web Player                                    C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<unsigned>  DivX® Web Player                                    C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<unsigned>  F-Secure Automatic Update Agent                     C:\WINDOWS\Downloaded Program Files\auc_lib.dll
<unsigned>  F-Secure Corporation daas                           C:\WINDOWS\Downloaded Program Files\daas_s.dll
<unsigned>  F-Secure Online Scanner                             C:\WINDOWS\Downloaded Program Files\fscax.dll
<unsigned>  frozen.dll                                          C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned>  googletoolbar-ff2.dll                               C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned>  googletoolbar-ff3.dll                               C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned>  googletoolbarloader.dll                             C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned>  HouseCall                                           C:\WINDOWS\Downloaded Program Files\xscan60.ocx
<unsigned>  Java(TM) Platform SE 6 U14                          c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned>  MetaStream 3 Plugin                                 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned>  Mozilla                                             C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.5.5                             C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  RealJukebox NS Plugin                               C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  RealJukebox NS Plugin                               C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  RealPlayer Version Plugin                           C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  RealPlayer Version Plugin                           C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  SuperAdBlocker FireFox Plugin                       C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
<unsigned>  SuperAdBlocker FireFox Plugin                       C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll
<unsigned>  Trend Micro HouseCall Server Edition                C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll

<verified>  2007 Microsoft Office system                        C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified>  AcroIEHelper Library                                c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified>  Adobe Acrobat                                       C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified>  AtHoc Toolbar                                       C:\WINDOWS\Downloaded Program Files\eBayBand.dll
<verified>  AtHoc Toolbar                                       C:\WINDOWS\Downloaded Program Files\eBayTBar.exe
<verified>  BitDefender QuickScan                               C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
<verified>  BitDefender QuickScan                               C:\Documents and Settings\Dvorah\Application Data\Mozilla\Firefox\Profiles/nk2dn9uy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified>  eBay Toolbar HTML Module                            C:\WINDOWS\Downloaded Program Files\eBayHtml.dll
<verified>  F-Secure GateLauncher                               C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
<verified>  Fast Search                                         c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
<verified>  Google Toolbar for Internet Explorer                c:\program files\google\google toolbar\googletoolbar.dll
<verified>  GoogleToolbarNotifier                               C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
<verified>  ICSScanner Module                                   C:\WINDOWS\Downloaded Program Files\ICSScan.dll
<verified>  Java Deployment Toolkit 6.0.140.8                   C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified>  Java(TM) Platform SE 6 U14                          c:\program files\java\jre6\bin\jp2ssv.dll
<verified>  Malware Cleaner ActiveX Control                     C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
<verified>  Microsoft Office 2003                               C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified>  Microsoft® Windows Media Player Firefox Plugin      C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\mswsock.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\system32\rsvpsp.dll
<verified>  Microsoft® Windows® Operating System                C:\WINDOWS\SYSTEM32\winrnr.dll
<verified>  Mozilla Default Plug-in                             C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified>  NPSWF32.dll                                         C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
<verified>  PC Pitstop                                          C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
<verified>  RadarSync WebBased Update Service                   C:\WINDOWS\Downloaded Program Files\RSActiveX.ocx
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified>  Spybot - Search & Destroy                           c:\program files\spybot - search & destroy\sdhelper.dll
<verified>  Windows Presentation Foundation                     c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified>  Windows® Internet Explorer                          C:\WINDOWS\SYSTEM32\ieframe.dll
<verified>  Yahoo! activeX Plug-in Bridge                       C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<verified>  Yahoo! Toolbar                                      c:\program files\yahoo!\companion\installs\cpn\yt.dll


Scan
----

No file uploaded.

Scan finished - communication took 25 sec
Total traffic - 0.06 MB sent, 3.39 KB recvd
Scanned 1236 files and modules - 193 seconds

========================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2010 at 09:35 AM

Application Version : 4.27.1000

Core Rules Database Version : 4481
Trace Rules Database Version: 2299

Scan type       : Complete Scan
Total Scan Time : 01:05:22

Memory items scanned      : 272
Memory threats detected   : 0
Registry items scanned    : 6663
Registry threats detected : 0
File items scanned        : 30860
File threats detected     : 0

================================


Malwarebytes' Anti-Malware 1.44
Database version: 3569
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/15/2010 10:40:17 AM
mbam-log-2010-01-15 (10-39-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 313200
Time elapsed: 47 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ComboFix\Combo-Fix.sys (Malware.Trace) -> No action taken.
C:\SDFix\dummy.sys (Malware.Trace) -> No action taken.
C:\SDFix\apps\dummy.sys (Malware.Trace) -> No action taken.


===============================

I can't find how to get a log for the Vipre scan so I have typed below the results of the scan report:

Quarantined
HiJacker
CWS.CameUp
3 risk traces
elevated security
Registry HKEY_USERS\S-1-5-21-1155080308-1357152115-3177420520-1007\software\microsoft\internet explorer\main\Search Bar_bak 1

Registry HKEY_USERS\S-1-5-21-1155080308-1357152115-3177420520-1007\software\microsoft\internet explorer\main\Search Page bak_1

Registry HKEY_USERS\S-1-5-21-1155080308-1357152115-3177420520-1007\software\microsoft\internet explorer\main\Start Page bak_1

---

Quarantined
Tojan
Tojan.Win32.Agent
1 risk trace
High

C:\Program Files\Adolix\eCover Engineer\eCoverEngineer.exe

---------

Quarantined
Tojan
LooksLike.Win32.Malware!A (v)
1 risk trace
High
C:\Documents and Settings\Dvorah\My Documents\Downloads\yahoo_scrabble1-1_tm1-1.exe

Logged
« Reply #3 on: January 16, 2010, 12:52:24 »
Unzy
Guest

When you scan with MBAM after the scan you have to still select the clean button to remove the infected items
Logged
« Reply #4 on: January 17, 2010, 04:16:35 »
Dev Offline
Newbie

*

Karma: 0
Posts: 19



Hi.  I did another scan and made sure to click the clean.

Malwarebytes' Anti-Malware 1.44
Database version: 3575
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/16/2010 7:08:57 AM
mbam-log-2010-01-16 (07-08-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 321430
Time elapsed: 1 hour(s), 40 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged
« Reply #5 on: January 17, 2010, 06:24:43 »
Unzy
Guest

well perfect that looks clean!
Logged
« Reply #6 on: January 17, 2010, 06:54:28 »
Dev Offline
Newbie

*

Karma: 0
Posts: 19



Yes, all the scans seem to not find anything now but it is still really slow and when I turn it on the power button flashes orange for about 2-3 minutes and then finally will turn green and boot up.  Do you have an idea what that may be or a program I can run to check further?

Btw, thank you for your responses, appreciate.
Logged
« Reply #7 on: January 17, 2010, 11:27:12 »
Unzy
Guest

That is a power or a hardware problem

It's best to post help for this on some hardware issues forums, best in relation with the brand of your pc (dell ...)

I assure you no malware is doing this,  you are clean
Logged
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.338 seconds with 18 queries.