Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan/spyware, not sure


  • This topic is locked This topic is locked
2 replies to this topic

#1 quercus29

quercus29

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 18 May 2009 - 11:47 PM

for example, if i try to go to a forum at mcaffee, it redirects me to some site about buying antivirus software.

i've done a bunch of stuff already. run combofix. that seemed to help, bc the original problem was that the entire computer was locked up, but i was able to remove the really bad stuff and now it doesn't show up in hjt or anything.

but my browser is still messed up

thank you. please let me know what else i can do to help. here is dds and i've attached attach.txt


DDS (Ver_09-05-14.01) - NTFSx86
Run by Brad at 21:41:08.21 on Mon 05/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1928 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TP4EX] tp4ex.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [kmw_run.exe] kmw_run.exe
mRun: [PrintServer Diagnostic] c:\program files\print server\ptp\PSDiagnostic.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\shs0j38r.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

P3 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2004-9-22 221191]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-8-20 58464]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-6-9 4442]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-8-20 102463]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2004-9-22 28672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-8-20 108480]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys --> c:\windows\system32\drivers\portd2k.sys [?]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-5-27 162304]
S4 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\brad\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\brad\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-05-18 20:43 <DIR> --d----- c:\program files\Avira GmbH
2009-05-18 10:15 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-18 02:21 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-18 02:15 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 02:15 <DIR> --d----- c:\program files\Lavasoft
2009-05-16 15:29 <DIR> --d----- c:\documents and settings\all users\AdobeTemp
2009-05-15 22:23 <DIR> --d----- c:\docume~1\brad\applic~1\Malwarebytes
2009-05-15 22:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-15 22:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 22:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-15 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-15 22:02 <DIR> --d----- C:\cmdcons
2009-05-15 22:01 161,792 a------- c:\windows\SWREG.exe
2009-05-15 22:01 98,816 a------- c:\windows\sed.exe
2009-05-15 21:09 1,336,632 a------- c:\program files\LaunchU3.exe
2009-05-08 18:27 <DIR> --d----- c:\program files\iPod
2009-05-08 18:27 <DIR> --d----- c:\program files\iTunes
2009-05-08 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-08 18:26 <DIR> --d----- c:\program files\Bonjour
2009-04-24 21:01 <DIR> --d----- c:\program files\Print Server
2009-04-24 20:27 13,147 a------- c:\windows\hpbins01.dat
2009-04-24 20:27 1,380 -------- c:\windows\hpbmdl01.dat

==================== Find3M ====================

2009-04-11 10:46 7,304 a------- c:\windows\TMP0001.TMP
2009-04-06 15:57 114,048 a------- c:\windows\system32\drivers\snapman.sys
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-11-15 17:45 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-11-10 21:53 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT
2008-11-03 22:32 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2008-08-29 21:07 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLck.DAT
2007-08-05 20:20 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT

============= FINISH: 21:41:21.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 quercus29

quercus29
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 23 May 2009 - 06:14 PM

my computer is ok now, thanks.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:20 PM

Posted 28 May 2009 - 04:42 PM

Thanks for informing us.

Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users