Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SWP2009 demo and possible other problems?


  • This topic is locked This topic is locked
2 replies to this topic

#1 bryan767

bryan767

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 14 March 2009 - 05:12 PM

Pasting in contextual information from another post. ~ OB

well i got hit by the SWP2009 demo virus today, and im having difficulties removing it since i no longer have a valid regrun which would normally take care of all my virus needs. i really noticed a problem when in firefox google is redirected to scam websites when i click on hyperlinks. if i type the actual url into the browser the site works which how im posting this.. i tried installing a new firewall as well as a notifier listed on this site but it caused me not to be able to use my internet. speaking of my internet lately its being pretty slow as in taking 10 min to load a 40 second video (i have DSL and can normally download files at 180kps) lastly when i click on files, or folders it gives me a error saying "This file does not have a program associated with it for preforming this action. Create an association in the Folder Options control panel." if i click okay then the file or folder opens.

End of added material. ~ OB

DDS (Ver_09-02-01.01) - NTFSx86
Run by Games at 18:06:13.54 on Sat 03/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.427 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Games\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\games\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [system tool] c:\windows\sysguard.exe
mRun: [AS00_Netgear] c:\program files\netgear\wireless smart configuration\utility\NetgearAG.exe -hide
mRun: [LXBSCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /QS
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [DriverLoad]
mExplorerRun: [DriverCheck]
mExplorerRun: [SystemDriverLoad]
mExplorerRun: [Winhost]
mExplorerRun: [Winhost1]
mExplorerRun: [Winhost2]
mExplorerRun: [Winhost3]
mExplorerRun: [Winhost4]
mExplorerRun: [SystemDriver]
mExplorerRun: [FDriver]
mExplorerRun: [ADriver]
StartupFolder: c:\docume~1\games\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\games\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\games\startm~1\programs\startup\mru-bl~1.lnk - c:\program files\mru-blaster\scheduler.exe
StartupFolder: c:\docume~1\games\startm~1\programs\startup\mru-bl~2.lnk - c:\program files\mru-blaster\mrublaster.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Download all by WellGet - c:\program files\wellget\nxall.htm
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download by &WellGet - c:\program files\wellget\nxcatch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\games\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/070552351df2fa6e1020/netzip/RdxIE601.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146528318900
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: gepfrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\\windows\\system32\\byXnKBus

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\games\applic~1\mozilla\firefox\profiles\tmgxfddu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\games\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-2-21 3968]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-9-13 11840]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-6-10 34312]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-10 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-1-8 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-1-8 41680]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-10 394952]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-9-13 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-9-13 151297]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-6-10 468224]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-9-13 52032]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2005-6-6 16194]
R3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [2002-12-27 8384]
R3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [2002-12-27 98560]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [2005-6-6 307904]
S0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys --> c:\windows\system32\drivers\ikfilesec.sys [?]
S1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys --> c:\windows\system32\drivers\iksysflt.sys [?]
S1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys --> c:\windows\system32\drivers\iksyssec.sys [?]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-23 24652]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-29 38496]
S3 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-1-28 29584]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Sytlontidfa;Sytlontidfa; [x]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-1-26 728083]

=============== Created Last 30 ================

2009-03-14 17:11 <DIR> --d----- c:\program files\SpywareGuard
2009-03-14 17:10 <DIR> --d----- c:\program files\Sunbelt Software
2009-03-14 16:59 <DIR> --d----- C:\!KillBox
2009-03-14 15:56 26,543 a------- C:\MGlogs.zip
2009-03-14 15:56 <DIR> --d----- C:\MGtools
2009-03-14 15:54 9,728 a------- c:\windows\system32\iehelper.dll
2009-03-14 15:44 353,808 a------- c:\windows\sysguard.exe
2009-03-12 21:08 <DIR> --d----- c:\program files\Gish demo
2009-03-11 20:20 <DIR> --d----- C:\e5058889fa19b0bfd4f4c83aa467
2009-02-18 17:09 <DIR> --d----- c:\program files\MSECache

==================== Find3M ====================

2009-03-14 15:43 40,194,592 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-14 01:03 538,916 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-26 19:26 29,584 a------- c:\windows\system32\drivers\regguard.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-29 22:39 1,336,053 a------- C:\MGtools.exe
2009-01-28 19:08 0 a------- c:\windows\system32\drivers\seneka.sys
2009-01-28 19:06 368,839 a--sh--- c:\windows\system32\VDKTAcfe.ini2
2009-01-28 16:55 1,640 a------- c:\windows\system32\senekanaklbgfc.dat
2009-01-18 03:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-14 17:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 17:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-12 01:53 100 a------- c:\docume~1\games\applic~1\temp.dll
2006-06-19 16:15 54,784 a------- c:\documents and settings\games\EcstaticCheat.dll
2003-03-17 20:27 307,904 a------- c:\windows\inf\wg311nd5.sys
2001-11-23 13:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL
2005-06-18 19:12 105,738 a--shr-- c:\windows\system32\cxjgvbl.exe
2008-09-02 17:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 18:08:48.27 ===============

Attached Files


Edited by bryan767, 14 March 2009 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 bryan767

bryan767
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 17 March 2009 - 12:37 PM

i believe i fixed the problem. i downloaded avast, ran the scan during the boot process and it removed 12 infected files mostly in the system files. the swp2009 demo is no longer no the system, and when i click a google search it takes me to the correct site.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:42 PM

Posted 18 March 2009 - 11:39 PM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users