Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Searching Hijacked, and can't install SpyBot SD

  • This topic is locked This topic is locked
2 replies to this topic

#1 ejaf


  • Members
  • 2 posts
  • Local time:04:30 PM

Posted 07 March 2009 - 04:06 PM

Just looking for a little help...Tried to determine what this hijacker is by running SDFix, HijackThis, and SmitFraud, to no avail

Here the DDS log:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 15:58:41.59 on Sat 03/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2561 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [vptray] c:\program files\navnt\vptray.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222914354031
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://mydesk-hq01.morganstanley.com/prx/000/http/rc.ms.com:8180/md/1.1/common/htdocs/SPX/
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll

============= SERVICES / DRIVERS ===============

R2 ASTRA32;ASTRA32 Kernel Driver;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2002-6-7 17968]
R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2002-8-2 483328]
R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2002-6-7 186096]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090304.017\NAVENG.sys [2009-3-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090304.017\NAVEX15.sys [2009-3-6 876144]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]

=============== Created Last 30 ================

2009-03-07 15:42 <DIR> --d----- C:\HijackThis
2009-03-06 23:23 1,544 a------- c:\windows\system32\tmp.reg
2009-03-06 23:13 <DIR> --d----- C:\SmitfraudFix
2009-03-06 20:54 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-06 20:53 <DIR> --d----- c:\windows\ERUNT
2009-03-06 20:50 <DIR> --d----- C:\SDFix
2009-03-06 20:33 <DIR> --d----- c:\program files\Trend Micro
2009-03-06 00:46 <DIR> --d----- c:\program files\FreeUndelete
2009-03-06 00:29 <DIR> --d----- c:\temp\elise
2009-03-06 00:23 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-03-05 22:48 2,385,208 a------- c:\temp\VirtualLab Data Recovery Software v5.5.13.exe
2009-03-05 21:38 <DIR> --d----- c:\temp\testdisk-6.10
2009-03-04 21:58 147 a------- c:\windows\RECMGRUN.INI
2009-03-04 21:58 3,455 a------- c:\windows\RECVCALL.INI
2009-03-04 21:58 306,688 a------- c:\windows\IsUninst.exe
2009-03-04 19:50 <DIR> --d----- c:\temp\dsRoot

==================== Find3M ====================

2008-12-27 10:26 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-25 23:59 36,932 a------- c:\windows\cmijack.dat

============= FINISH: 15:58:51.60 ===============

Thanks very much in advance...Eric

Attached Files

BC AdBot (Login to Remove)


#2 ejaf

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:30 PM

Posted 08 March 2009 - 06:27 PM

Please disregard this post...I have successfully removed a rootkit malware from my PC following steps outlined in another forum.

Thanks anyway...


#3 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:30 PM

Posted 18 March 2009 - 09:36 PM

Thanks for informing us. Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users