Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Cannot Access Windows Updates and Virus Updates etc...

Started by kildarmac , May 19 2009 01:59 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 kildarmac

kildarmac

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:12:42 PM

Posted 19 May 2009 - 01:59 PM

My computer will not allow me to go to any Malwarebytes' Anti-Malware sites, update virus definitions, windows update. I am having trouble with google searches and if i need to allow a pop-up when I click allow i get spammed and re-directed. I have followed all the directions of how to correctly post to this forum. I have downloaded several programs that i may need from a different computer and transferred them to this computer. I will not run any of these files until I am asked to do so.


DDS.txt


DDS (Ver_09-05-14.01) - NTFSx86
Run by Kildarmac at 14:51:09.70 on Tue 05/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1321 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\War-ftpd\war-ftpd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\WINDOWS\System32\svchost -k DComLaunch
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\D-Link Media Server\MediaGUI.exe
C:\Program Files\War-ftpd\WarTrayIcon.exe
C:\Program Files\D-Link Media Server\MediaServer.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kildarmac\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\kildar~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link media server\MediaGUI.exe
StartupFolder: c:\docume~1\kildar~1\startm~1\programs\startup\warftp~1.lnk - c:\program files\war-ftpd\WarTrayIcon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195679899250
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.74,85.255.112.102
TCP: {412B3EBB-2B8A-47CA-99E8-905D444F86EE} = 85.255.112.74,85.255.112.102
TCP: {B176437D-07FB-4254-AAEC-53642AFB0D43} = 85.255.112.74,85.255.112.102
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: wcnotify - wcnotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kildar~1\applic~1\mozilla\firefox\profiles\1mc62gg3.default\

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2007-11-21 16640]
R1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [2007-8-9 13640]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2007-10-9 1190912]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 WARSVR;WARSVR;c:\program files\war-ftpd\war-ftpd.exe [2007-12-28 544768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090515.003\naveng.sys [2009-5-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090515.003\navex15.sys [2009-5-15 876144]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-7-22 18560]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]

=============== Created Last 30 ================

2009-05-19 14:32 <DIR> --d----- c:\docume~1\kildar~1\applic~1\Malwarebytes
2009-05-19 14:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-19 14:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-19 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-19 12:23 <DIR> --d----- C:\cmdcons
2009-05-19 12:22 <DIR> --d----- C:\ComboFix
2009-05-01 00:31 1,626,112 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 442,368 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 425,984 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,703,936 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,478,656 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,019,904 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-05-01 00:31 73,728 a------- c:\windows\system32\nvtuicpl.cpl
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-22 11:11 <DIR> --d----- c:\program files\iPod
2009-04-22 11:11 <DIR> --d----- c:\program files\iTunes
2009-04-22 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-22 11:07 1,900,544 a------- c:\windows\system32\usbaaplrc.dll

==================== Find3M ====================

2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-22 00:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-13 12:56 28,392 a------- c:\docume~1\kildar~1\applic~1\GDIPFONTCACHEV1.DAT
2007-11-27 22:10 1,024 a------- c:\docume~1\alluse~1\applic~1\imgdoc2.dll
2008-11-07 13:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110720081108\index.dat

============= FINISH: 14:51:41.48 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:42 AM

Posted 24 May 2009 - 12:51 PM

Hello kildarmac,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 9
    Java™ 6 Update 12
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
Your Mozilla Firefox is out of date. You need to update it to the latest version 3.0.10


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.





Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 kildarmac

kildarmac
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:12:42 PM

Posted 27 May 2009 - 08:52 PM

I have done everything in the request above.

Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
SymantecAntiVirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Malwarebytes' Anti-Malware
Java™ 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)

Scan took 25 seconds.
`````````End of Log```````````



Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/27/2009 9:25:24 PM
mbam-log-2009-05-27 (21-25-24).txt

Scan type: Quick Scan
Objects scanned: 91107
Time elapsed: 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BestPlayerSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{412b3ebb-2b8a-47ca-99e8-905d444f86ee}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b176437d-07fb-4254-aaec-53642afb0d43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{412b3ebb-2b8a-47ca-99e8-905d444f86ee}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b176437d-07fb-4254-aaec-53642afb0d43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{412b3ebb-2b8a-47ca-99e8-905d444f86ee}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b176437d-07fb-4254-aaec-53642afb0d43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74,85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_09-05-14.01) - NTFSx86
Run by Kildarmac at 21:47:19.18 on Wed 05/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1436 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\War-ftpd\war-ftpd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe -k DComLaunch
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\D-Link Media Server\MediaGUI.exe
C:\Program Files\War-ftpd\WarTrayIcon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\D-Link Media Server\MediaServer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Kildarmac\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\kildar~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link media server\MediaGUI.exe
StartupFolder: c:\docume~1\kildar~1\startm~1\programs\startup\warftp~1.lnk - c:\program files\war-ftpd\WarTrayIcon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195679899250
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {B176437D-07FB-4254-AAEC-53642AFB0D43} = 192.168.1.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2007-11-21 16640]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 WARSVR;WARSVR;c:\program files\war-ftpd\war-ftpd.exe [2007-12-28 544768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090522.002\naveng.sys [2009-5-22 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090522.002\navex15.sys [2009-5-22 876144]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-7-22 18560]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]

=============== Created Last 30 ================

2009-05-27 20:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-20 23:47 <DIR> --d----- c:\program files\Full Tilt Poker
2009-05-20 17:03 466,944 a------- c:\windows\system32\CapabilityTable.exe
2009-05-20 17:03 101,888 a------- c:\windows\system32\drivers\nvtcp.sys
2009-05-20 16:42 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-05-20 00:22 <DIR> --d----- c:\program files\World of Warcraft
2009-05-19 14:32 <DIR> --d----- c:\docume~1\kildar~1\applic~1\Malwarebytes
2009-05-19 14:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-19 14:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-19 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-19 12:23 <DIR> --d----- C:\cmdcons
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-05-01 00:31 73,728 a------- c:\windows\system32\nvtuicpl.cpl
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll

==================== Find3M ====================

2009-05-27 20:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 8,055,584 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-13 12:56 28,392 a------- c:\docume~1\kildar~1\applic~1\GDIPFONTCACHEV1.DAT
2007-11-27 22:10 1,024 a------- c:\docume~1\alluse~1\applic~1\imgdoc2.dll
2008-11-07 13:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110720081108\index.dat

============= FINISH: 21:47:47.03 ===============

Attached Files


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:42 AM

Posted 27 May 2009 - 10:15 PM

Hi kildarmac,


Malwarebytes' Anti-Malware 1.36
Database version: 1945



Both the version and database is old.
See if you can update Malwarebytes to the latest version 1.37 and latest database version 2186.

Then run it again and post the log.

Also, please tell me how the computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 kildarmac

kildarmac
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:12:42 PM

Posted 28 May 2009 - 02:14 PM

The computer seems to have all of its problems solved at this time. I ws not able to update Malwarebytes on the initial scan because it was being blocked. I have now been able to get Windows Updates as well as the Malwarebytes updates. On a side note after I used Malwarebytes initially when I restarted I had no internet. I tried to repair the connection and still no internet. On this computer I manually specify an IP address and use my default gateway as my DNS server. Malwarebytes removed the DNS address that I specified in the TCP/IP properties. Once I added my gateway back as the default DNS server I had internet again. I figured I would give you that information in case someone runs into the same problem. Let me know if you want to see anythign else. Thank you for all of your help.

Below I have posted my new Malwarebyte info.

Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/27/2009 10:21:37 PM
mbam-log-2009-05-27 (22-21-37).txt

Scan type: Quick Scan
Objects scanned: 88714
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:42 AM

Posted 28 May 2009 - 02:24 PM

Hi,

So the computer is running normal?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:42 AM

Posted 03 June 2009 - 09:24 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·