Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser google's link redirection and occasional tab:blank creation


  • This topic is locked This topic is locked
3 replies to this topic

#1 lo zaffo

lo zaffo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 02 May 2009 - 11:45 AM

Hello!

I'm experiencing internet browser link redirections since a week, both IE and Firefox, which I intalled for avoiding redirections. I lurked this mighty forum for some days, actually redirection seems to be not so frequent but I still feel unsafe.

Here're DDS.src outputs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/12/2006 18.50.03
System Uptime: 05/02/2009 14.11.36 (2068 hours ago)

Motherboard: Quanta | | 30BC
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U2E1 | 1663/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 103 GiB total, 30,135 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1,257 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C489C8009FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C489C8009FC000
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6111
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6111
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP1: 27/04/2009 1.40.23 - Punto di arresto del sistema
RP2: 27/04/2009 20.45.05 - Avg8 Update
RP3: 27/04/2009 22.40.42 - Removed SUPERAntiSpyware Free Edition
RP4: 29/04/2009 2.34.20 - Punto di arresto del sistema
RP5: 29/04/2009 8.20.40 - Software Distribution Service 3.0
RP6: 01/05/2009 4.22.01 - Punto di arresto del sistema
RP7: 02/05/2009 3.10.26 - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================


"Minimal SYStem 1.0.10"
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9 - Italiano
Adobe Reader Japanese Fonts
Agent Ransack Version 1.7.3
Aggiornamento critico per Windows Media Player 11 (KB959772)
Aggiornamento cumulativo 2 per Windows XP Media Center Edition 2005
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)
Aggiornamento della protezione per Step by Step Interactive Training (KB923723)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB928090)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB929969)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB931768)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB933566)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB937143)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB939653)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player 10 (KB911565)
Aggiornamento della protezione per Windows Media Player 10 (KB917734)
Aggiornamento della protezione per Windows Media Player 11 (KB936782)
Aggiornamento della protezione per Windows Media Player 11 (KB954154)
Aggiornamento della protezione per Windows Media Player 6.4 (KB925398)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB938464-v2)
Aggiornamento della protezione per Windows XP (KB938464)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950760)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951376)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB953839)
Aggiornamento della protezione per Windows XP (KB954211)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956391)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB957095)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960715)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB961373)
Aggiornamento per Windows Media Player 10 (KB910393)
Aggiornamento per Windows Media Player 10 (KB913800)
Aggiornamento per Windows Media Player 10 (KB926251)
Aggiornamento per Windows XP (KB951072-v2)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento rapido per Microsoft Visual Studio 2008 Professional Edition - ITA (KB952241)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)
Aggiornamento rapido per Windows Media Player 11 (KB939683)
Aggiornamento rapido per Windows XP (KB952287)
Apple Software Update
Assistente per l'accesso a Windows Live
AVG 8.5
BufferChm
CCleaner (remove only)
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Italian Language Pack for Visual Studio 2008
CSDiff
CueTour
Destinations
DeviceManagementQFolder
Digi Vox A/D
ffdshow [rev 2099] [2008-09-03]
File di supporto dell'installazione di Microsoft SQL Server (Italiano)
FullDPAppQFolder
GIMP 2.4.4
Google Toolbar for Internet Explorer
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
HP Help and Support
HP Imaging Device Functions 6.0
HP Pavilion Webcam
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0035
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
InstantShareDevices
Intel® C++ Compiler 11.0 Integration(s) in Microsoft Visual Studio*
Intel® C++ Compiler for applications running on IA-32, version 11.0.066
Intel® C++ Compiler for applications running on Intel® 64, version 11.0.066
Intel® C++ Compiler Professional 11.0.066 for Windows*
Intel® Integrated Performance Primitives for applications running on IA-32, version 6.0.066
Intel® Integrated Performance Primitives for applications running on Intel® 64, version 6.0.066
Intel® Math Kernel Library for applications running on IA-32, version 10.1.066
Intel® Math Kernel Library for applications running on Intel® 64, version 10.1.066
Intel® PRO Network Connections Drivers
Intel® Threading Building Blocks , version 2.1.066
iTunes
Java™ 6 Update 13
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 - Language Pack (italiano)
Microsoft .NET Framework 3.5 Language Pack - ita
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator versione 3.0 - ITA
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 Language Pack - ITA
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (Italian) 2007
Microsoft Office Word Viewer 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Compact 3.5 Design Tools ITA
Microsoft SQL Server Compact 3.5 for Devices ITA
Microsoft SQL Server Compact 3.5 ITA
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 2008 Professional Edition - ITA
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
Miglioramenti all'esperienza del cliente
MinGW 5.1.3
Mozilla Firefox (3.0.9)
MSI Digi Vox A/D BDA Drivers
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
Nokia Connectivity Adapter Cable DKU-5
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
OpenOffice.org 2.2
OptionalContentQFolder
不思議のダンジョン 風来のシレン外` 女剣士アスカ見参! for Windows
Parser MSXML 6.0
PC Connectivity Solution
PhotoGallery
Project64 1.6
QuickTime
RandMap
RuMSX
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Servizi Internet
SkinsHP1
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Strumenti di Microsoft SQL Server 2005 Express Edition
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TomTom HOME 2.5.2.60
Unload
Update for 2007 Microsoft Office System (KB967642)
VC_MergeModuleToMSI
Vim 7.1 (self-installing)
Visual Studio 2005 Tools per Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - ITA
Visual Studio Tools per Office System 3.0 Runtime Language Pack - ITA
Vuze
WebFldrs XP
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinMerge 2.10.0.0
WinZip
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Then GMER.log :

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-05-02 17:50:54
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs B69CE400

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACbmuwyrjnlgnwflf.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbmuwyrjnlgnwflf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbmuwyrjnlgnwflf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChxfoqpeppjovmyy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvtgrpasupkcgfmt.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChrnmxlumylxnnpt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACltikktkkdljsxrx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACjetkpifbierdrrd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACyuyarfhmojomuis.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UAClnarlchjgrqkkhs.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACuvouknktgynqfmy.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UAChrdkoysblrvgchs.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbmuwyrjnlgnwflf.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbmuwyrjnlgnwflf.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChxfoqpeppjovmyy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvtgrpasupkcgfmt.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChrnmxlumylxnnpt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACltikktkkdljsxrx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACjetkpifbierdrrd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACyuyarfhmojomuis.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UAClnarlchjgrqkkhs.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACuvouknktgynqfmy.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UAChrdkoysblrvgchs.log

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes

---- EOF - GMER 1.0.15 ----

Please somebody help. Some evidences of ROOTKIT from GMER.log are here.
Thanks a lot.

Attached Files



BC AdBot (Login to Remove)

 


#2 lo zaffo

lo zaffo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 02 May 2009 - 12:29 PM

Opps I forgot to paste actual DDS.src output, I noticed afer a couple o re-read of my first post. Here's DDS.txt:


DDS (Ver_09-03-16.01) - NTFSx86
Run by giangiacomo at 18.03.59,17 on 02/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1436 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msdriver.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\giangiacomo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = 192.168.100.254:80
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmi\avg\avg8\avgssie.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\programmi\avg\avg8\avgtoolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\googletoolbar2.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\programmi\avg\avg8\avgtoolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\programmi\windows live\messenger\MsnMsgr.Exe" /background
uRun: [TomTomHOME.exe] "c:\programmi\tomtom home 2\HOMERunner.exe"
uRun: [WMPNSCFG] c:\programmi\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\programmi\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\programmi\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\programmi\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\programmi\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [PCSuiteTrayApplication] c:\programmi\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [MSDriver] "c:\windows\system32\msdriver.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [PcSync] c:\programmi\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\avvior~1.lnk - c:\programmi\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\avviov~1.lnk - c:\programmi\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\hppavi~1.lnk - c:\programmi\hewlett-packard\hp pavilion webcam\HPWebcam.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240760472605&h=5b7473736daf8bf5fd9146c0fbeb718c/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmi\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\giangi~1\applic~1\mozilla\firefox\profiles\6ic01mig.default\
FF - component: c:\programmi\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\programmi\avg\avg8\toolbarff\components\vmAVGConnector.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-27 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-27 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-27 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-27 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-27 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-18 99328]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2006-12-24 1240576]
S3 SASENUM;SASENUM;c:\programmi\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-05-02 03:09 <DIR> --d----- c:\programmi\file comuni\Wise Installation Wizard
2009-04-29 22:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-29 22:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 22:09 <DIR> --d----- c:\programmi\Malwarebytes' Anti-Malware
2009-04-27 22:47 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-27 01:37 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-27 01:37 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-27 01:37 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-27 01:37 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-27 01:37 <DIR> --d----- c:\docume~1\giangi~1\applic~1\AVGTOOLBAR
2009-04-27 01:06 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Azureus
2009-04-27 01:05 <DIR> --d----- c:\programmi\Vuze
2009-04-27 00:10 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\SUPERAntiSpyware.com
2009-04-27 00:10 <DIR> --d----- c:\programmi\SUPERAntiSpyware
2009-04-27 00:10 <DIR> --d----- c:\docume~1\giangi~1\applic~1\SUPERAntiSpyware.com
2009-04-26 19:35 <DIR> --d----- c:\programmi\CCleaner
2009-04-26 18:35 224 a------- c:\windows\system32\UACvtgrpasupkcgfmt.dat
2009-04-26 18:05 <DIR> --d----- c:\docume~1\giangi~1\applic~1\Malwarebytes
2009-04-26 18:05 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2009-04-26 17:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-26 17:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-25 15:58 3,549,552 a------- c:\programmi\procexp.exe
2009-04-23 21:54 23,552 a------- c:\windows\system32\calc.ifo
2009-04-16 20:46 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 20:46 219,136 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 20:45 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 20:45 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 20:45 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 20:45 286,208 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 20:45 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 20:45 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 20:45 736,256 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 20:45 734,720 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 20:45 683,520 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 20:45 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll

==================== Find3M ====================

2009-04-28 00:43 14,828 a------- c:\programmi\startuplist.txt
2009-04-17 07:27 555,564 a------- c:\windows\system32\perfh010.dat
2009-04-17 07:27 109,224 a------- c:\windows\system32\perfc010.dat
2009-03-21 16:06 1,033,728 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 16:19 286,208 a------- c:\windows\system32\pdh.dll
2009-03-03 02:03 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 02:03 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:02 2,069,760 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 16:04 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 16:04 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:23 2,192,768 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 13:23 2,027,520 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:23 2,027,520 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 13:22 2,148,864 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:22 2,148,864 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:22 111,104 a------- c:\windows\system32\services.exe
2009-02-09 12:51 734,720 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:51 683,520 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:51 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:51 736,256 a------- c:\windows\system32\ntdll.dll
2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 21:57 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 21:57 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-07-28 14:49 4,378,624 a------- c:\programmi\mplayerc.exe
2008-03-24 15:38 535 a------- c:\documents and settings\giangiacomo\ivzikfnc.exe
2008-03-24 15:35 535 a------- c:\documents and settings\giangiacomo\pdvabbst.exe
2007-08-31 06:36 72,138 -------- c:\programmi\procexp.chm
2007-06-28 14:36 401,720 a------- c:\programmi\HijackThis.exe
2007-06-05 23:56 172 a------- c:\docume~1\giangi~1\applic~1\wklnhst.dat
2007-02-22 22:08 925,696 a------- c:\programmi\GSpot.exe
2007-02-19 17:28 117,974 a----r-- c:\programmi\GSpot27.dat
2007-01-17 00:37 10,684 a----r-- c:\programmi\ExportFormat.txt
2007-01-17 00:37 3,615 a----r-- c:\programmi\license.txt
2006-07-28 09:32 7,005 -------- c:\programmi\Eula.txt
2004-07-06 22:47 290,816 a------- c:\programmi\fsum.exe
2006-12-09 21:13 22 a--sh--- c:\windows\sminst\HPCD.sys
2008-10-20 21:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\impostazioni locali\cronologia\history.ie5\mshist012008102020081021\index.dat

============= FINISH: 18.04.16,10 ===============

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:57 AM

Posted 16 May 2009 - 05:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:57 AM

Posted 20 May 2009 - 03:16 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users