Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By VirusRemover (or something that keeps popping up advertising that)


  • This topic is locked This topic is locked
2 replies to this topic

#1 dwoman2000

dwoman2000

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 06 January 2009 - 09:39 AM

I am infected by something that keep hijacking my browser to download the above mentioned software. At first it was hijacked to a redirect page 216.133.243.28 (dont go there) but I cant seem to fix it can anyone help...I went to the preparation to submit my log and performed the task.

Here is my DDS log it said to attach the Attach.txt too.


DDS (Version 1.1.0) - NTFSx86
Run by grzand at 9:35:55.45 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1336 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\grzand\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080627
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {cdcad8e5-2ab6-413f-a0e8-2f3a0b00aeb1} - c:\windows\system32\d3dimi.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
StartupFolder: c:\docume~1\grzand\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\grzand\applic~1\mozilla\firefox\profiles\qnszfabl.default\
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R0 hwvkapac;hwvkapac;c:\windows\system32\drivers\hwvkapac.sys [2004-8-11 23424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-9 99376]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-5 38496]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090105.009\naveng.sys [2009-1-5 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090105.009\navex15.sys [2009-1-5 876112]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

=============== Created Last 30 ================

2009-01-06 02:55 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-05 15:26 <DIR> --d----- c:\docume~1\grzand\applic~1\Malwarebytes
2009-01-05 15:26 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-05 15:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 15:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 15:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-05 14:23 1,172 a------- c:\windows\mozver.dat
2009-01-05 12:50 230 a------- c:\windows\system32\spupdsvc.inf
2009-01-05 11:19 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-05 11:18 <DIR> --d----- c:\documents and settings\grzand\.housecall6.6
2008-12-29 16:44 41,984 a------- c:\windows\system32\rpcc.exe.vir
2008-12-29 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-29 16:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-29 16:42 <DIR> --d----- c:\docume~1\grzand\applic~1\SUPERAntiSpyware.com
2008-12-29 16:15 99,840 a------- c:\windows\system32\d3dimi.dll
2008-12-22 11:04 <DIR> --d----- c:\docume~1\grzand\applic~1\j2 Global
2008-12-22 11:04 0 a------- c:\windows\system32\eFax_4_4_Port
2008-12-22 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eFax Messenger 4.4 Output
2008-12-22 11:03 <DIR> --d----- c:\program files\eFax Messenger 4.4
2008-12-15 14:14 <DIR> --d----- c:\program files\Lavasoft
2008-12-15 14:13 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-12 09:59 <DIR> --d----- c:\docume~1\grzand\applic~1\GetRightToGo

==================== Find3M ====================

2008-12-12 12:01 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-03 10:13 87,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 15:38 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-10-16 15:38 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2008-10-16 15:38 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2008-10-16 15:38 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-16 15:38 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-16 15:38 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 20:00 619,520 a------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
1765-05-09 14:53 4,263 ---sh--- c:\windows\windllreg1c.sys

============= FINISH: 9:36:09.65 ===============

Attached Files


Edited by dwoman2000, 06 January 2009 - 10:04 AM.


BC AdBot (Login to Remove)

 


#2 dwoman2000

dwoman2000
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 January 2009 - 07:42 AM

This thread can be closed.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:12:34 AM

Posted 13 January 2009 - 10:59 AM

Thanks for informing us.

If you find other problems please start a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users