Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows update/Defender will not update, redirected to google.com


  • This topic is locked This topic is locked
6 replies to this topic

#1 SlartiBR

SlartiBR

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 29 June 2009 - 11:58 PM

I started having problems a few weeks back with not being able to hibernate. After trying various fix-its I suspected a virus. Download Avast! and ran -- found the following in a few files...

Win32:Jifas-AT [Trj]
BV:AutoRun-T [Wrm]
Win32:Trojan-gen {Other}

It moved these infected files to it's "chest". Windows hibernation began working again, but I'm still unable to download any updates for Windows Update and Windows Defender (error code 80244019). Also, when I attempt to go to windowsupdate.microsoft.com I am redirected to www.google.com. It would seem that I still have some leftovers of the viruses, or perhaps other issues, still persistent on my computer. So, I need some help. What information do you need first?

...Bill


DDS (Ver_09-05-14.01) - NTFSx86
Run by Bill at 9:40:31.79 on Sun 06/28/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1140 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bill\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [googletalk] c:\users\bill\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.131,85.255.112.74
TCP: {26EE386C-6028-48C3-B349-703FCABB8AC1} = 85.255.112.131,85.255.112.74
TCP: {5994123D-4ADA-49CA-A911-1FD5A568689D} = 85.255.112.131,85.255.112.74

================= FIREFOX ===================

FF - ProfilePath - c:\users\bill\appdata\roaming\mozilla\firefox\profiles\oisekw9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\bill\appdata\roaming\mozilla\firefox\profiles\oisekw9t.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\bill\appdata\roaming\mozilla\firefox\profiles\oisekw9t.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-1 51792]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-19 47640]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]

=============== Created Last 30 ================

2009-06-05 21:48 <DIR> --d----- c:\programdata\WindowsSearch
2009-06-04 22:29 <DIR> --d----- c:\programdata\MediaComplete
2009-06-04 22:29 <DIR> --d----- c:\progra~2\MediaComplete
2009-06-04 21:55 <DIR> --d----- c:\program files\MediaComplete
2009-06-02 22:23 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 22:20 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-06-01 22:20 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-06-01 22:20 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-06-01 22:20 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-01 07:54 <DIR> --d----- c:\users\bill\.housecall6.6
2009-06-01 07:53 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-31 01:29 <DIR> --d----- c:\windows\pss
2009-05-30 08:02 <DIR> --d----- c:\program files\LightScribe Template Labeler
2009-05-30 07:58 <DIR> --d----- c:\programdata\LightScribe
2009-05-30 07:58 <DIR> --d----- c:\progra~2\LightScribe

==================== Find3M ====================

2009-06-28 09:13 116,632 a------- c:\programdata\nvModes.dat
2009-06-28 09:13 116,632 a------- c:\progra~2\nvModes.dat
2009-05-24 08:50 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-24 08:50 51,200 a------- c:\windows\inf\infpub.dat
2009-05-24 08:50 86,016 a------- c:\windows\inf\infstor.dat
2009-05-15 20:57 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-15 20:57 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-04-26 00:26 174 a--sh--- c:\program files\desktop.ini
2009-04-26 00:17 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-26 00:03 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-26 00:03 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-17 20:22 12,978 a------- c:\users\bill\appdata\roaming\nvModes.dat
2009-04-17 03:02 269,312 a------- c:\windows\system32\es.dll
2009-04-15 08:44 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-15 08:44 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-15 08:44 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-15 08:44 272,896 a------- c:\windows\system32\polstore.dll
2009-04-15 08:41 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-04-15 08:41 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-15 08:41 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-04-15 08:29 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 08:26 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-15 08:22 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 08:22 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 08:20 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-15 08:20 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-15 08:20 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-15 08:20 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-15 08:20 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-15 08:20 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-15 08:20 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-15 08:20 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-15 08:20 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-15 08:18 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-15 08:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-15 08:17 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-15 08:11 2,048 a------- c:\windows\system32\tzres.dll
2009-04-15 08:09 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-15 08:09 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-15 08:07 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-15 08:07 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-15 08:07 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-15 07:59 2,927,104 a------- c:\windows\explorer.exe
2009-04-15 07:49 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-15 07:48 988,216 a------- c:\windows\system32\winload.exe
2009-04-15 07:48 927,288 a------- c:\windows\system32\winresume.exe
2009-04-15 07:48 378,368 a------- c:\windows\system32\srcore.dll
2009-04-15 07:48 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-15 07:48 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-15 07:48 40,960 a------- c:\windows\system32\srclient.dll
2009-04-15 07:48 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-15 07:48 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-15 07:48 615,992 a------- c:\windows\system32\ci.dll
2009-04-15 07:42 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-15 07:42 72,704 a------- c:\windows\system32\secur32.dll
2009-04-15 07:42 9,728 a------- c:\windows\system32\lsass.exe
2009-04-15 07:42 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-04-15 07:42 24,064 a------- c:\windows\system32\amxread.dll
2009-04-15 07:42 13,824 a------- c:\windows\system32\apilogen.dll
2009-04-15 07:40 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-15 07:40 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-15 07:40 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-04-15 07:37 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-15 07:37 37,888 a------- c:\windows\system32\printcom.dll
2009-04-15 07:36 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-15 07:31 268,288 a------- c:\windows\system32\schannel.dll
2009-04-15 07:28 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-15 07:28 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-15 07:28 11,264 a------- c:\windows\system32\icardres.dll
2009-04-15 07:28 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-15 07:28 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-15 07:28 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-15 07:28 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-15 07:15 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-15 07:15 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-15 07:15 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-15 07:15 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-15 07:15 83,968 a------- c:\windows\system32\mscories.dll
2009-04-14 23:25 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-14 23:25 98,816 a------- c:\windows\system32\mfps.dll
2009-04-14 23:25 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-14 23:25 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-14 23:25 2,048 a------- c:\windows\system32\mferror.dll
2009-04-14 23:25 94,720 a------- c:\windows\system32\logagent.exe
2009-04-14 23:25 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-14 23:24 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-14 23:24 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-14 23:23 1,645,568 a------- c:\windows\system32\connect.dll
2009-04-14 23:22 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-14 23:22 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-14 23:21 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-14 23:21 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-14 23:20 827,392 a------- c:\windows\system32\wininet.dll
2009-04-14 23:20 72,704 a------- c:\windows\system32\admparse.dll
2009-04-14 23:20 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-14 23:20 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-14 23:20 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-14 22:39 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-14 22:39 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-14 22:39:04 A------- 162,064 c:\windows\system32\wuwebv.dll

============= FINISH: 9:41:41.51 ===============

Attached Files


Edited by SlartiBR, 29 June 2009 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:59 PM

Posted 01 July 2009 - 10:45 PM

Hello SlartiBR,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 13
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.
***************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

***************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SlartiBR

SlartiBR
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 02 July 2009 - 12:52 AM

SifuMike...

Thanks for the reply. I have upgraded Java Runtime as suggested. Here's the log files from Security Check...

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
WindowsLiveOneCaresafetyscanner
WindowsLiveOneCaresafetyscanner
avast!Antivirus
ECHO is off.
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

HijackThis 2.0.2
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Alwil Software Avast4 ashDisp.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 12 seconds.
`````````End of Log```````````


Here's the MBAM log...

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/1/2009 10:24:57 PM
mbam-log-2009-07-01 (22-24-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 221453
Time elapsed: 42 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26ee386c-6028-48c3-b349-703fcabb8ac1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5994123d-4ada-49ca-a911-1fd5a568689d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5994123d-4ada-49ca-a911-1fd5a568689d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{26ee386c-6028-48c3-b349-703fcabb8ac1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5994123d-4ada-49ca-a911-1fd5a568689d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5994123d-4ada-49ca-a911-1fd5a568689d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{26ee386c-6028-48c3-b349-703fcabb8ac1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5994123d-4ada-49ca-a911-1fd5a568689d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5994123d-4ada-49ca-a911-1fd5a568689d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Bill\AppData\Local\Temp\~nsu.tmp\Au_.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\Bill\downloads\Auto-download.EUReKA.-.Soundtrack.(2008)c3206(2).exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\Bill\downloads\Auto-download.EUReKA.-.Soundtrack.(2008)c3206.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxccounter (Trojan.DNSChanger) -> Quarantined and deleted successfully.



Here's an updated HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:00 PM, on 7/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [googletalk] C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6902 bytes


Next?

...br

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:59 PM

Posted 02 July 2009 - 09:56 AM

Hi Bill,

Please tell me how the computer is running? Still having the redirections?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SlartiBR

SlartiBR
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2009 - 12:02 AM

SifuMike...

The redirects are gone now. I am able to download and install windows updates without getting errors. Should I go ahead and finish getting my computer up to date and see how everything goes?

...br

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:59 PM

Posted 08 July 2009 - 01:30 AM

Hi SlartiBR,

Yes, please do that. Then let me know how the computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:59 PM

Posted 19 July 2009 - 12:37 AM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users