Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not sure of what virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 patrick333

patrick333

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 14 February 2009 - 02:25 PM

I get redirected when clicking on links in internet explorer and firefox .Also cant access any anti virus sites(had to use another computer to get to this forum
I tried to run mbam and combofix but neither will run.... the mbam shows the hourglass for a second then nothing happens.The combofix just dissapears after i click on the run window that comes up when I double click the icon

here are the files from dds the other one is zipped at the bottom of this post .I also zipped and put the hjt file down below also. Thanks in advance for your help Pat oh I also get the "your computer is infected " box when online and it wants to scan for viruses I have not let it do so (at least i immediatly x'ed out of the page) again thanks Pat If one of you computer guys could put all your knowlege in a "needle file" I will stick it in my arm Ha Ha

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 14:00:09.53 on Sat 02/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1608 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Administrator\Desktop\share\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://optonline.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live Sign-in Helper
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228168156390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1228268236_169a9e72bf1fa98daa083f0cee9fab60&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 85.255.116.89;85.255.112.204
TCP: {7EF8D7B2-8C70-4371-BD9C-CC5B8A21A12A} = 167.206.251.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\3qn9rwzv.default\
FF - prefs.js: browser.startup.homepage - hxxp://optonline.net
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3qn9rwzv.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-13 226832]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]

=============== Created Last 30 ================

2009-02-14 03:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-14 03:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 03:36 <DIR> -cd----- c:\documents and settings\administrator\Malwarebytes' Anti-Malware
2009-02-14 03:36 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-14 03:19 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 13:44 <DIR> -cd----- c:\program files\Trend Micro
2009-02-13 00:04 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-02-13 00:04 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-02-13 00:03 <DIR> -cd----- c:\program files\Kaspersky Lab
2009-02-13 00:03 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-02-12 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-02-12 22:01 <DIR> -cd----- c:\program files\NoAdware
2009-02-08 13:05 <DIR> -cd----- c:\program files\WM Converter
2009-02-08 03:16 <DIR> -cd----- c:\docume~1\admini~1\applic~1\DVD Flick
2009-02-08 03:15 609,824 a------- c:\windows\system32\comctl32.ocx
2009-02-08 03:15 164,144 a------- c:\windows\system32\comct232.ocx
2009-02-08 03:15 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-02-08 03:15 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-02-08 03:15 28,672 a------- c:\windows\system32\mousewheel.ocx
2009-02-08 03:15 212,240 a------- c:\windows\system32\richtx32.ocx
2009-02-08 03:15 <DIR> -cd----- c:\program files\DVD Flick
2009-02-08 01:48 1,208,320 a------- c:\windows\system32\cygxml2-2.dll
2009-02-08 01:48 1,153,417 a------- c:\windows\system32\cygwin1.dll
2009-02-08 01:48 980,992 a------- c:\windows\system32\cygiconv-2.dll
2009-02-08 01:48 62,464 a------- c:\windows\system32\cygz.dll
2009-02-08 01:48 <DIR> -cd----- c:\program files\Cucusoft
2009-02-07 23:24 <DIR> -cd----- C:\MPEGTmp
2009-02-07 23:23 205 a------- c:\windows\cucon.xml
2009-02-07 23:16 139,264 a------- c:\windows\system32\Mpeg2Decoder.ax
2009-02-07 23:16 94,208 a------- c:\windows\system32\Mpeg2Parser.ax
2009-02-06 20:03 719,872 a------- c:\windows\system32\devil.dll
2009-02-06 20:03 318,976 a------- c:\windows\system32\avisynth.dll
2009-02-06 20:03 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-02-06 20:03 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-02-06 20:03 70,656 a------- c:\windows\system32\i420vfw.dll
2009-02-06 20:03 <DIR> -cd----- c:\program files\AviSynth 2.5
2009-02-06 19:59 186,880 ---shr-- c:\windows\system32\RLOgg.ax
2009-02-06 19:59 179,200 ---shr-- c:\windows\system32\DiracSplitter.ax
2009-02-06 19:59 175,104 ---shr-- c:\windows\system32\CoreAAC.ax
2009-02-06 19:59 92,672 ---shr-- c:\windows\system32\RLVorbisDec.ax
2009-02-06 19:59 67,584 ---shr-- c:\windows\system32\RLTheoraDec.ax
2009-02-06 19:59 51,712 ---shr-- c:\windows\system32\RLSpeexDec.ax
2009-02-06 19:59 81,920 ---shr-- c:\windows\system32\aac_parser.ax
2009-02-06 19:58 <DIR> -cd----- c:\program files\eRightSoft
2009-02-06 16:27 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Any Video Converter
2009-02-06 16:27 <DIR> -cd----- c:\program files\Any Video Converter
2009-02-06 14:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-02-06 02:40 <DIR> -cd----- c:\program files\DVDSmith Movie Backup
2009-02-05 21:27 <DIR> -cd----- c:\docume~1\admini~1\applic~1\AVS4YOU
2009-02-05 21:27 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-02-05 21:25 974,848 a------- c:\windows\system32\mfc70.dll
2009-02-05 21:25 487,424 a------- c:\windows\system32\msvcp70.dll
2009-02-05 21:25 <DIR> -cd----- c:\program files\common files\AVSMedia
2009-02-05 21:25 344,064 a------- c:\windows\system32\msvcr70.dll
2009-02-05 21:25 24,576 a------- c:\windows\system32\msxml3a.dll
2009-02-05 21:09 <DIR> -cd----- c:\program files\VideoLAN
2009-02-04 14:49 43,136 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-02-04 14:49 <DIR> -cd----- c:\program files\Broadcom
2009-02-03 22:19 <DIR> -cd----- c:\program files\RegSupreme
2009-02-03 21:14 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Thinstall
2009-02-03 20:03 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Elaborate Bytes
2009-02-03 20:02 <DIR> -cd----- c:\program files\Elaborate Bytes
2009-02-03 16:12 <DIR> -cd----- C:\MAGICDVDCOPY_TEMP
2009-02-03 16:12 87,608 ac------ c:\docume~1\admini~1\applic~1\inst.exe
2009-02-03 16:12 47,360 ac------ c:\docume~1\admini~1\applic~1\pcouffin.sys
2009-02-03 16:12 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-03 16:12 <DIR> -cd----- c:\program files\MagicDVDCopier
2009-02-03 12:17 <DIR> -cd----- c:\program files\SlySoft
2009-02-03 11:28 365 a------- c:\windows\MenuModder.ini
2009-02-03 10:51 <DIR> -cd----- c:\program files\DVD Shrink
2009-02-03 10:46 <DIR> -cd----- c:\program files\DVD Decrypter
2009-02-02 16:48 <DIR> -cd----- c:\docume~1\admini~1\applic~1\WinFF
2009-02-02 16:48 <DIR> -cd----- c:\program files\WinFF
2009-02-02 02:23 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-02 02:22 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-30 17:42 <DIR> -cd----- c:\program files\WebKeySoft
2009-01-26 03:44 <DIR> -cd----- c:\docume~1\admini~1\applic~1\ErrorRepairTool
2009-01-26 02:21 42 a------- c:\windows\system32\Jiii_PNUCT.pnc
2009-01-26 02:21 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-01-26 02:21 <DIR> -cd----- c:\program files\Perfect Uninstaller
2009-01-25 18:50 <DIR> -cd----- c:\program files\Windows Live SkyDrive
2009-01-25 17:52 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-25 11:32 <DIR> -cd----- c:\program files\MagicDVDRipper
2009-01-23 18:12 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-01-23 14:16 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-23 14:16 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-23 13:02 118 a------- c:\windows\system32\MRT.INI
2009-01-23 12:39 <DIR> -cd----- C:\dbfe961ab4d59a15de0f396e
2009-01-22 22:36 <DIR> -cd----- c:\program files\Microsoft Bootvis
2009-01-22 15:06 <DIR> --d-h--- c:\windows\PIF
2009-01-22 12:28 <DIR> -cd----- c:\documents and settings\administrator\Tracing
2009-01-22 12:23 <DIR> -cd----- c:\program files\Microsoft Office Outlook Connector
2009-01-22 12:17 20 a------- c:\windows\
2009-01-22 12:16 <DIR> -cd----- c:\program files\Microsoft
2009-01-22 12:07 <DIR> -cd----- c:\program files\common files\Windows Live
2009-01-22 01:42 <DIR> -cd----- c:\program files\Conduit
2009-01-22 01:10 <DIR> -cd----- c:\docume~1\admini~1\applic~1\LimeWire
2009-01-21 20:19 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-21 17:18 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Ashampoo
2009-01-21 17:17 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-01-21 17:16 <DIR> -cd----- c:\program files\Ashampoo
2009-01-21 13:35 <DIR> -cd----- c:\program files\ARRL 2008 Handbook
2009-01-18 13:37 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-01-18 13:36 251,672 a------- c:\windows\system32\xactengine2_5.dll
2009-01-18 13:32 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-18 13:32 <DIR> --d----- c:\windows\Logs

==================== Find3M ====================

2009-02-13 00:13 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-08 16:32 0 ac------ c:\program files\EasyPalx.bmp
2009-01-08 16:11 103,488 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-01-01 21:15 24,872 -------- c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-03 15:10 137,644 a------- c:\windows\HPHins15.dat
2008-12-02 20:36 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-01 21:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-01 15:08 188,416 a------- c:\windows\NSUnInst.exe
2008-12-01 15:08 9,728 a------- c:\windows\system32\RNAPH.DLL
2008-11-30 19:55 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-11-19 12:21 93,128 -------- c:\windows\system32\ElbyCDIO.dll
2004-10-01 15:00 40,960 ac------ c:\program files\Uninstall_CDS.exe

============= FINISH: 14:00:58.79 ===============

Attached Files


Edited by patrick333, 15 February 2009 - 12:25 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:55 AM

Posted 25 February 2009 - 07:29 PM

Hello patrick333,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 patrick333

patrick333
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 25 February 2009 - 11:47 PM

I will have to use the "F" word here format .I decided to start over and now all is well .Thanks for the reply patrick333

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:55 AM

Posted 25 February 2009 - 11:49 PM

Agh....the dreaded f word! :)

Thanks so much for letting me know. :thumbup2:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:55 AM

Posted 01 March 2009 - 06:17 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users