Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with frmwrk.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zero85

Zero85

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 May 2009 - 12:16 PM

I've manged to obtain the frmwrk.exe on my laptop, and I believe I've removed it. However, when I click links on google I get redirected, If I use my USB pen drive or connect an iPod the computer does not seem to pick it up, system restore does not work and If I go on hotmail, the page is not fully displayed. Any help would be great, thanks for you time


Zero


DDS (Ver_09-03-16.01) - NTFSx86
Run by user1 at 18:09:06.37 on 01/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.135 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: AntiVir Desktop *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = google.net-studio.org
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
uRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
StartupFolder: c:\docume~1\user1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\rituvuza.dll c:\windows\system32\tikiyabu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\rituvuza.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1\applic~1\mozilla\firefox\profiles\0smum5sf.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-15 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-17 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-17 26824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-4-30 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-15 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-15 55640]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-10-20 14976]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-15 185089]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-17 231704]

=============== Created Last 30 ================

2009-05-01 17:40 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-01 07:17 <DIR> --d----- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-04-30 15:49 24,064 a--sh--- c:\documents and settings\user1\protect.dll
2009-04-30 15:18 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-30 15:16 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-30 15:16 <DIR> --d----- c:\docume~1\user1\applic~1\Spyware Terminator
2009-04-30 15:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-04-30 15:16 <DIR> --d----- c:\program files\Spyware Terminator
2009-04-30 12:50 1 a------- c:\windows\system32\uniq.tll
2009-04-30 12:12 1,398,048 ---sh--- c:\windows\system32\aneroyoy.ini
2009-04-29 13:07 <DIR> --d----- c:\docume~1\user1\applic~1\OpenOffice.org
2009-04-29 13:01 <DIR> --d----- c:\program files\JRE
2009-04-29 13:01 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-28 12:59 <DIR> --d----- c:\program files\SP31763
2009-04-28 12:29 172,032 a------- c:\windows\system32\igfxres.dll
2009-04-28 12:23 389,120 a------- c:\windows\system32\igxpun.exe
2009-04-28 12:23 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-28 12:23 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-04-28 12:23 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-04-28 12:23 <DIR> --d----- c:\windows\system32\Lang
2009-04-28 12:23 <DIR> --d----- C:\Intel
2009-04-27 12:13 <DIR> --d----- C:\Sierra
2009-04-26 19:00 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-26 19:00 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-26 18:59 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-04-26 17:23 <DIR> --d----- c:\program files\Steam
2009-04-23 20:05 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-16 13:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-15 14:17 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-14 12:09 <DIR> --d----- c:\program files\Avira
2009-04-14 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-14 12:09 <DIR> --d----- c:\program files\CCleaner
2009-04-14 12:08 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-14 12:08 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-14 12:08 <DIR> --d----- c:\program files\True Sword 5
2009-04-14 12:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-14 12:08 <DIR> --d----- c:\program files\Project64 1.6
2009-04-14 12:08 <DIR> --d----- c:\program files\Pcsx2
2009-04-14 12:08 <DIR> --d----- c:\program files\LimeWire
2009-04-14 12:08 <DIR> --d----- c:\program files\Handbrake
2009-04-14 12:08 <DIR> --d----- c:\program files\GIMP-2.0
2009-04-14 12:08 <DIR> --d----- c:\program files\DiskInternals
2009-04-14 12:08 <DIR> --d----- c:\program files\Panda Security
2009-04-14 12:08 <DIR> --d----- c:\program files\mupen64 0.5
2009-04-14 12:08 <DIR> --d----- c:\program files\Auslogics
2009-04-14 11:43 <DIR> --d----- c:\program files\SoftLogica
2009-04-13 17:59 <DIR> --d----- c:\program files\SUPERAntiSpyware(2)
2009-04-13 17:15 <DIR> --d----- c:\program files\ToniArts
2009-04-13 16:58 <DIR> --d----- c:\program files\CleanMem
2009-04-13 16:50 <DIR> --d----- c:\program files\Mozilla Firefox(2)
2009-04-13 16:42 <DIR> --d----- c:\program files\IObit
2009-04-13 15:03 <DIR> --d----- c:\docume~1\user1\applic~1\iolo
2009-04-13 15:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-04-13 13:53 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-13 13:25 <DIR> --d----- c:\program files\Avira(2)
2009-04-13 13:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira(2)
2009-04-13 13:11 <DIR> --d----- c:\program files\VS Revo Group
2009-04-11 12:26 28,672 a------- c:\windows\system32\regclass.dll
2009-04-07 14:46 <DIR> --d----- c:\program files\iPod
2009-04-07 14:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-06 00:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2008-03-25 17:41 14,290 a------- c:\program files\settings.dat
2008-11-20 20:32 2 a--shrot c:\windows\winstart.bat

============= FINISH: 18:09:58.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:51 AM

Posted 14 May 2009 - 11:17 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DSS log back here :thumbup2:
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:51 AM

Posted 18 May 2009 - 07:50 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users