Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on my PC


  • Please log in to reply
1 reply to this topic

#1 thura

thura

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 25 March 2009 - 10:16 AM

Hello,
One of my PC has malware. Whenever I click on the search result from google, it redirects me to different site. I've heard about your site so I tried to type in the www.bleepingcomputer.com and the internet explore closes automatically. I tried with different site and works perfectly. Also, I follow the instruction and downloaded DDS but when i double click on it, it would not run. I tried to open up command prompt and it would not open.

Please Help.

Thura

I run the DDS on safe mode. Please see below for the log.


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by thura at 11:49:51.78 on Wed 03/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1724 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSsystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesGFIEndPointSecurity 4.0 Agentesecagntservice.exe
C:WINDOWSExplorer.EXE
C:Documents and SettingsthuraDesktopdds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Fairfax County FCU IT Dept.
uStart Page = hxxp://intranet
mDefault_Page_URL = hxxp://intranet
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://intranet/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:program filesstopzilla!SZSG.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_05binssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:program filesstopzilla!SZIEBHO.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:program filesstopzilla!SZSG.dll
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:program filescommon filessymantec sharedccApp.exe"
mRun: [vptray] c:progra~1symant~1VPTray.exe
mRun: [Track-It! Workstation Manager Service Monitor] c:windowstiremoteTIServiceMonitor.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre1.6.0_05binjusched.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~1.lnk - c:program filesadobeacrobat 7.0readerreader_sl.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphotsyn~1.lnk - c:program filespalmHotsync.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_05binssv.dll
LSP: c:program filescommon filesis3anti-spywareiS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: {12C0B3F6-90BB-4660-A126-1C0584C047E3} = 10.1.100.108,10.1.100.101
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Notify: NavLogon - c:windowssystem32NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1thuraapplic~1mozillafirefoxprofilesxwuz1w9e.default

============= SERVICES / DRIVERS ===============

R0 esecdrv;esecdrv;c:windowssystem32driversesecdrv.sys [2008-10-24 36784]
R0 szkg5;szkg;c:windowssystem32driversSZKG.sys [2009-3-12 54656]
R2 EsecAgentSvc;GFI EndPointSecurity Agent Service;c:program filesgfiendpointsecurity 4.0 agentesecagntservice.exe [2008-10-24 148776]
S1 SAVRT;SAVRT;c:program filessymantec antivirussavrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:program filessymantec antivirusSavrtpel.sys [2005-2-4 53896]
S2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccEvtMgr.exe [2005-4-8 185968]
S2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSetMgr.exe [2005-4-8 161392]
S2 CRISocketService;CRI Remote Admin Manager;c:cfw32protectedservicesCRISocketService.exe [2009-3-9 32768]
S2 SavRoam;SAVRoam;c:program filessymantec antivirusSavRoam.exe [2005-4-17 124608]
S2 Symantec AntiVirus;Symantec AntiVirus;c:program filessymantec antivirusRtvscan.exe [2005-4-17 1706176]
S2 TIRmtSvc;Track-It! Workstation Manager;c:windowstiremoteTIRemoteService.exe [2008-3-31 212480]
S3 ccPwdSvc;Symantec Password Validation;c:program filescommon filessymantec sharedccPwdSvc.exe [2005-4-8 83568]
S3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120090324.003naveng.sys [2009-3-25 89104]
S3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120090324.003navex15.sys [2009-3-25 876144]

=============== Created Last 30 ================

2009-03-25 11:09 <DIR> --d----- c:docume~1thuraapplic~1Malwarebytes
2009-03-25 10:23 <DIR> --d----- c:docume~1alluse~1applic~1SITEguard
2009-03-25 10:21 <DIR> --d----- c:program filesSTOPzilla!
2009-03-25 10:21 <DIR> --d----- c:program filescommon filesiS3
2009-03-25 10:21 <DIR> --d----- c:docume~1alluse~1applic~1STOPzilla!
2009-03-24 11:56 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-03-24 08:28 <DIR> --d----- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2009-03-19 10:40 17,408 a----r-- c:windowssystem32SZIO5.dll
2009-03-19 10:39 294,912 a----r-- c:windowssystem32SZBase5.dll
2009-03-19 10:38 540,672 a----r-- c:windowssystem32SZComp5.dll
2009-03-12 12:18 54,656 a----r-- c:windowssystem32driversSZKG.sys
2009-03-09 10:56 198 a------- c:windowsCFW32USR.INI
2009-03-09 10:53 <DIR> --d----- c:program filesCRIWS
2009-03-09 10:04 <DIR> --d----- c:program filesCRIApps
2009-03-09 09:58 <DIR> --d----- C:cfw32
2009-03-02 10:40 754 a------- c:windowsWORDPAD.INI

==================== Find3M ====================

2009-02-06 13:55 126,976 a----r-- c:windowssystem32IS3HTUI5.dll
2009-02-06 13:54 393,216 a----r-- c:windowssystem32IS3DBA5.dll
2009-02-06 13:54 372,736 a----r-- c:windowssystem32IS3UI5.dll
2009-02-06 13:53 61,440 a----r-- c:windowssystem32IS3Hks5.dll
2009-02-06 13:53 23,040 a----r-- c:windowssystem32IS3XDat5.dll
2009-02-06 13:53 221,184 a----r-- c:windowssystem32IS3Win325.dll
2009-02-06 13:52 94,208 a----r-- c:windowssystem32IS3Inet5.dll
2009-02-06 13:52 90,112 a----r-- c:windowssystem32IS3Svc5.dll
2009-02-06 13:49 716,800 a----r-- c:windowssystem32IS3Base5.dll

============= FINISH: 11:49:57.59 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume2
Install Date: 3/12/2008 10:01:56 AM
System Uptime: 3/25/2009 11:47:09 AM (0 hours ago)

Motherboard: Dell Inc | | 0HY175
Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2 | 2004/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 49.229 GiB free.
D: is CDROM (CDFS)
F: is NetworkDisk (NTFS) - 117 GiB total, 8.631 GiB free.
G: is NetworkDisk (NTFS) - 117 GiB total, 8.631 GiB free.
I: is NetworkDisk (NTFS) - 117 GiB total, 8.631 GiB free.
O: is NetworkDisk (NTFS) - 20 GiB total, 2.809 GiB free.
R: is NetworkDisk (NTFS) - 117 GiB total, 8.631 GiB free.
S: is NetworkDisk (NTFS) - 20 GiB total, 2.809 GiB free.
Y: is NetworkDisk (NTFS) - 117 GiB total, 8.631 GiB free.
Z: is NetworkDisk (NTFS) - 12 GiB total, 2.853 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP294: 12/26/2008 3:02:53 AM - System Checkpoint
RP295: 12/27/2008 4:02:49 AM - System Checkpoint
RP296: 12/28/2008 5:02:47 AM - System Checkpoint
RP297: 12/29/2008 6:02:46 AM - System Checkpoint
RP298: 12/30/2008 7:02:38 AM - System Checkpoint
RP299: 12/31/2008 8:02:36 AM - System Checkpoint
RP300: 1/1/2009 9:02:26 AM - System Checkpoint
RP301: 1/2/2009 1:59:22 PM - System Checkpoint
RP302: 1/3/2009 2:02:20 PM - System Checkpoint
RP303: 1/4/2009 2:02:24 PM - System Checkpoint
RP304: 1/5/2009 2:35:02 PM - System Checkpoint
RP305: 1/6/2009 3:01:53 PM - System Checkpoint
RP306: 1/7/2009 3:57:00 PM - System Checkpoint
RP307: 1/8/2009 4:21:03 PM - System Checkpoint
RP308: 1/9/2009 6:10:53 PM - System Checkpoint
RP309: 1/10/2009 7:02:10 PM - System Checkpoint
RP310: 1/11/2009 8:02:08 PM - System Checkpoint
RP311: 1/12/2009 9:02:05 PM - System Checkpoint
RP312: 1/13/2009 10:01:59 PM - System Checkpoint
RP313: 1/14/2009 11:01:56 PM - System Checkpoint
RP314: 1/16/2009 12:01:52 AM - System Checkpoint
RP315: 1/17/2009 1:01:48 AM - System Checkpoint
RP316: 1/18/2009 1:01:51 AM - System Checkpoint
RP317: 1/19/2009 2:01:48 AM - System Checkpoint
RP318: 1/20/2009 3:01:45 AM - System Checkpoint
RP319: 1/21/2009 4:01:41 AM - System Checkpoint
RP320: 1/22/2009 5:01:35 AM - System Checkpoint
RP321: 1/23/2009 6:01:28 AM - System Checkpoint
RP322: 1/24/2009 7:01:29 AM - System Checkpoint
RP323: 1/25/2009 8:01:31 AM - System Checkpoint
RP324: 1/26/2009 8:42:27 AM - System Checkpoint
RP325: 1/27/2009 9:20:29 AM - System Checkpoint
RP326: 1/28/2009 10:05:50 AM - System Checkpoint
RP327: 1/29/2009 10:09:13 AM - System Checkpoint
RP328: 1/30/2009 11:01:08 AM - System Checkpoint
RP329: 1/31/2009 12:01:05 PM - System Checkpoint
RP330: 2/1/2009 1:01:03 PM - System Checkpoint
RP331: 2/2/2009 2:52:28 PM - System Checkpoint
RP332: 2/3/2009 5:14:28 PM - System Checkpoint
RP333: 2/4/2009 6:21:07 PM - System Checkpoint
RP334: 2/5/2009 8:27:02 AM - Removed Microsoft Office XP Standard
RP335: 2/5/2009 8:39:19 AM - Installed Microsoft Office XP Standard
RP336: 2/5/2009 9:31:02 AM - Removed Microsoft Office XP Standard
RP337: 2/5/2009 9:33:39 AM - Installed Microsoft Office XP Standard
RP338: 2/6/2009 11:18:07 AM - System Checkpoint
RP339: 2/7/2009 1:29:05 PM - System Checkpoint
RP340: 2/8/2009 1:30:03 PM - System Checkpoint
RP341: 2/9/2009 2:24:48 PM - System Checkpoint
RP342: 2/10/2009 3:19:55 PM - System Checkpoint
RP343: 2/11/2009 6:05:03 PM - System Checkpoint
RP344: 2/12/2009 6:33:07 PM - System Checkpoint
RP345: 2/13/2009 6:46:40 PM - System Checkpoint
RP346: 2/14/2009 7:29:45 PM - System Checkpoint
RP347: 2/15/2009 8:29:41 PM - System Checkpoint
RP348: 2/16/2009 9:29:40 PM - System Checkpoint
RP349: 2/17/2009 10:29:36 PM - System Checkpoint
RP350: 2/18/2009 11:29:33 PM - System Checkpoint
RP351: 2/19/2009 11:29:38 PM - System Checkpoint
RP352: 2/21/2009 12:29:18 AM - System Checkpoint
RP353: 2/22/2009 12:30:23 AM - System Checkpoint
RP354: 2/23/2009 1:29:49 AM - System Checkpoint
RP355: 2/24/2009 2:29:17 AM - System Checkpoint
RP356: 2/25/2009 2:29:41 AM - System Checkpoint
RP357: 2/26/2009 3:29:08 AM - System Checkpoint
RP358: 2/27/2009 4:29:06 AM - System Checkpoint
RP359: 2/28/2009 5:29:05 AM - System Checkpoint
RP360: 3/1/2009 6:29:03 AM - System Checkpoint
RP361: 3/2/2009 7:29:00 AM - System Checkpoint
RP362: 3/3/2009 1:25:50 PM - System Checkpoint
RP363: 3/4/2009 2:06:12 PM - System Checkpoint
RP364: 3/5/2009 2:36:42 PM - System Checkpoint
RP365: 3/6/2009 3:50:26 PM - System Checkpoint
RP366: 3/7/2009 4:28:42 PM - System Checkpoint
RP367: 3/8/2009 5:28:40 PM - System Checkpoint
RP368: 3/9/2009 9:04:27 AM - Installed Visual Basic for Applications Core
RP369: 3/9/2009 9:04:41 AM - Installed Visual Basic for Applications Core - English
RP370: 3/9/2009 9:12:04 AM - Installed Windows XP KB931836.
RP371: 3/10/2009 12:23:03 PM - System Checkpoint
RP372: 3/11/2009 2:02:30 PM - System Checkpoint
RP373: 3/12/2009 2:05:18 PM - System Checkpoint
RP374: 3/13/2009 2:58:10 PM - System Checkpoint
RP375: 3/14/2009 2:58:26 PM - System Checkpoint
RP376: 3/15/2009 4:58:20 PM - System Checkpoint
RP377: 3/16/2009 5:11:03 PM - System Checkpoint
RP378: 3/17/2009 6:38:35 PM - System Checkpoint
RP379: 3/18/2009 6:58:11 PM - System Checkpoint
RP380: 3/19/2009 7:58:10 PM - System Checkpoint
RP381: 3/20/2009 8:58:08 PM - System Checkpoint
RP382: 3/21/2009 9:58:03 PM - System Checkpoint
RP383: 3/22/2009 10:58:03 PM - System Checkpoint
RP384: 3/23/2009 11:58:02 PM - System Checkpoint
RP385: 3/24/2009 8:27:54 AM - Installed SUPERAntiSpyware Free Edition
RP386: 3/24/2009 11:43:00 AM - Removed SUPERAntiSpyware Free Edition
RP387: 3/25/2009 10:21:44 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Reader 7.0
Athlon 64 Processor Driver
AVerMedia M779 Driver
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
CRIterion32
GFI EndPointSecurity 4.0 Agent
High Definition Audio Driver Package - KB835221
Java™ 6 Update 5
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 2.0
Microsoft ODBC .NET Data Provider
Microsoft Office XP Standard
Mozilla Firefox (3.0.7)
NVIDIA Drivers
Palm
Security Update for Windows XP (KB912812)
SigmaTel Audio
STOPzilla
Symantec AntiVirus
Update for Windows XP (KB931836)
WebEx
WebFldrs XP
Windows XP Hotfix - KB839210

==== Event Viewer Messages From Past Week ========

3/24/2009 11:46:27 AM, error: PlugPlayManager [11] - The device RootLEGACY_SASDIFSV0000 disappeared from the system without first being prepared for removal.
3/24/2009 11:46:27 AM, error: PlugPlayManager [11] - The device RootLEGACY_SASENUM0000 disappeared from the system without first being prepared for removal.
3/24/2009 11:46:27 AM, error: PlugPlayManager [11] - The device RootLEGACY_SASKUTIL0000 disappeared from the system without first being prepared for removal.
3/25/2009 11:47:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/25/2009 11:49:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 eeCtrl Fips SAVRT SAVRTPEL SYMTDI

==== End Of File ===========================

Merged posts. ~ OB

Edited by Orange Blossom, 26 March 2009 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:05 AM

Posted 04 April 2009 - 06:57 AM

hi,

Sorry for delay no shortage of posters. We will get a download to use. Link and directions below. After MBAM is finsihed rescan and post a new hjt log also.

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click **Remove Selected.**
**A restart of your computer most likely will be required to remove some items.**
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users