Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects, can't run any malware detection programs


  • This topic is locked This topic is locked
6 replies to this topic

#1 farva91

farva91

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 27 July 2009 - 02:01 AM

Earlier on today my computer locked up, I rebooted and had trouble logging in(wouldn't show the username/password), finally rebooting a couple more times I got into Windows and checked out the proceses and b.exe was there.

I've tried running malwarebytes anti-malware, super anti spyware, combofix and none of them will open. The only other thing it's really doing is redirecting google searches.

here is the DDS log

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\msb.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\matty\Desktop\HiJackThis.exe
C:\Documents and Settings\matty\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {500BCA15-57A7-4eaf-8143-8C619470B13D} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Monopod] c:\docume~1\matty\locals~1\temp\b.exe
mRun: [DriverCD] E:\Run.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\matty\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\cdpoker\casino.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matty\applic~1\mozilla\firefox\profiles\lq9wtwbl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-27 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-5 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-5 298776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-07-27 02:33 <DIR> --d----- c:\program files\CCleaner
2009-07-27 02:13 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 02:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 02:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 02:04 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-27 02:04 <DIR> --d----- c:\docume~1\matty\applic~1\SUPERAntiSpyware.com
2009-07-27 01:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-27 01:42 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-27 01:41 <DIR> --d----- c:\program files\Lavasoft
2009-07-27 00:55 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-27 00:23 142,336 a------- c:\windows\msb.exe
2009-07-27 00:21 142,336 a------- c:\windows\msa.exe
2009-07-16 03:41 17,828,326 a------- c:\program files\vlc-1.0.0-win32.exe
2009-07-14 04:52 <DIR> --d----- C:\HJ
2009-07-14 04:50 <DIR> --d----- c:\docume~1\matty\applic~1\Malwarebytes
2009-07-14 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-07-17 08:18 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 16:49 163,116 a------- c:\windows\hpoins28.dat
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 17:02 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-05 19:30 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-05-05 19:30 102,400 a------- c:\windows\system32\OpenAL32.dll
2009-05-05 16:55 16,608 a------- c:\windows\gdrv.sys
2009-05-05 16:51 315,392 a------- c:\windows\HideWin.exe
2009-05-05 16:33 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-29 00:46 666,624 -------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2007-02-01 18:02 313,344 a------- c:\program files\hjsplit.exe

============= FINISH: 2:49:14.79 ===============


I would appreciate any help, thanks

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 July 2009 - 03:55 AM

Hi,

I will handle your log. As I am in training all my answers have to be approved by my Coaches.
I hope you understand.

I'll get back to you as soon as is possible.

#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 July 2009 - 12:52 PM

Hi,

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2


Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt


#4 farva91

farva91
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 27 July 2009 - 05:10 PM

I appreciate the help superbird, I did what you asked and got combofix running and saved the log file. As of right now I am not getting redirected from google searches, seems to be running better now

Here is the log and once again thank you for the time to help me

ComboFix 09-07-27.02 - matty 07/27/2009 18:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3168 [GMT -4:00]
Running from: c:\documents and settings\matty\Desktop\1234.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msa.exe
c:\windows\system32\drivers\UACfdqmnssqkp.sys
c:\windows\system32\UACdnrouirwak.db
c:\windows\system32\UACechayeyghl.dll
c:\windows\system32\UACffcbffobbk.dll
c:\windows\system32\UACgnxheqmnjx.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpbqhpdmlqr.dll
c:\windows\system32\UACtmycujojxl.dll
c:\windows\system32\UACxqodaaavfs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 06:33 . 2009-07-27 06:33 -------- d-----w- c:\program files\CCleaner
2009-07-27 06:13 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 06:13 . 2009-07-27 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 06:13 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 06:04 . 2009-07-27 06:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-27 06:04 . 2009-07-27 06:04 -------- d-----w- c:\documents and settings\matty\Application Data\SUPERAntiSpyware.com
2009-07-27 05:45 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-27 05:42 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-27 05:41 . 2009-07-27 05:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-27 05:41 . 2009-07-27 05:41 -------- d-----w- c:\program files\Lavasoft
2009-07-27 04:55 . 2009-07-27 05:41 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-27 04:23 . 2009-07-27 04:21 142336 ----a-w- c:\windows\msb.exe
2009-07-16 07:41 . 2009-07-16 07:42 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-14 08:52 . 2009-07-14 08:52 -------- d-----w- C:\HJ
2009-07-14 08:50 . 2009-07-14 08:50 -------- d-----w- c:\documents and settings\matty\Application Data\Malwarebytes
2009-07-14 08:50 . 2009-07-14 08:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 21:50 . 2009-05-05 21:51 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-27 15:53 . 2009-06-03 20:57 -------- d-----w- c:\documents and settings\matty\Application Data\Skype
2009-07-27 15:51 . 2009-06-03 20:57 -------- d-----w- c:\documents and settings\matty\Application Data\skypePM
2009-07-27 06:12 . 2009-05-15 09:20 -------- d-----w- c:\documents and settings\matty\Application Data\FrostWire
2009-07-27 06:08 . 2009-05-05 21:31 -------- d-----w- c:\program files\FlashGet
2009-07-27 06:04 . 2009-05-05 21:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 04:23 . 2009-05-05 21:22 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-18 01:43 . 2009-06-24 02:20 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-17 12:18 . 2009-05-05 21:22 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 22:16 . 2009-05-14 07:08 -------- d-----w- c:\program files\World of Warcraft
2009-07-02 13:47 . 2009-05-05 21:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 13:47 . 2009-05-05 21:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 20:09 . 2009-06-25 20:08 -------- d-----w- c:\program files\Packet Tracer 5.1
2009-06-25 20:06 . 2009-06-25 20:06 -------- d-----w- c:\program files\SolarWinds
2009-06-25 20:03 . 2009-06-25 20:03 -------- d-----w- c:\program files\Packet Tracer 5.0
2009-06-16 14:36 . 2008-04-14 05:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-14 05:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 23:49 . 2009-06-08 23:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Blizzard
2009-06-08 23:48 . 2009-06-08 23:48 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-05 20:49 . 2009-06-05 20:42 163116 ----a-w- c:\windows\hpoins28.dat
2009-06-05 20:45 . 2009-06-05 20:45 -------- d-----w- c:\program files\Common Files\HP
2009-06-05 20:45 . 2009-06-05 20:45 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-05 20:45 . 2009-06-05 20:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-05 20:44 . 2009-06-05 20:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2009-06-05 20:42 . 2009-06-05 20:42 -------- d-----w- c:\program files\HP
2009-06-03 21:53 . 2009-06-03 20:46 -------- d-----w- c:\documents and settings\matty\Application Data\Ventrilo
2009-06-03 20:57 . 2009-06-03 20:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-03 20:57 . 2009-06-03 20:57 -------- d-----r- c:\program files\Skype
2009-06-03 20:57 . 2009-06-03 20:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Skype
2009-06-03 20:57 . 2009-06-03 20:57 -------- d-----w- c:\program files\Common Files\Skype
2009-06-03 20:46 . 2009-06-03 20:46 -------- d-----w- c:\program files\Ventrilo
2009-06-03 19:09 . 2008-04-14 05:42 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 00:07 . 2009-05-05 21:19 16520 ----a-w- c:\documents and settings\matty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:32 . 2008-04-14 05:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 05:18 . 2009-05-07 05:18 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-06 21:02 . 2009-05-05 20:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-05 23:30 . 2009-05-05 23:30 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-05 23:30 . 2009-05-05 23:30 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-05 21:22 . 2009-05-05 21:22 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:20 . 2009-05-05 21:20 0 ----a-w- c:\windows\nsreg.dat
2009-05-05 20:55 . 2009-05-05 20:40 16608 ----a-w- c:\windows\gdrv.sys
2009-05-05 20:51 . 2009-05-05 20:51 315392 ----a-w- c:\windows\HideWin.exe
2009-05-05 20:33 . 2009-05-05 20:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-29 04:46 . 2008-04-14 05:42 666624 ------w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2008-04-14 05:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2007-02-01 22:02 . 2009-06-14 11:30 313344 ----a-w- c:\program files\hjsplit.exe
2009-07-23 18:34 . 2009-05-05 21:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2008-07-19 13:37 1614848 649B4101C35E996E1866037C28A5FD42 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 13:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Activision\\X-Men Origins - Wolverine™\\Binaries\\Wolverine.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Packet Tracer 5.1\\bin\\PacketTracer5.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/27/2009 1:42 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/5/2009 5:22 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/5/2009 5:22 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/5/2009 5:22 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/5/2009 5:22 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DriverCD - E:\Run.exe


.
------- Supplementary Scan -------
.
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\CDPoker\casino.exe
FF - ProfilePath - c:\docume~1\matty\APPLIC~1\Mozilla\Firefox\Profiles\lq9wtwbl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 18:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-07-27 18:05
ComboFix-quarantined-files.txt 2009-07-27 22:05

Pre-Run: 524,021,956,608 bytes free
Post-Run: 526,890,512,384 bytes free

197 --- E O F --- 2009-07-15 07:00

Edited by farva91, 27 July 2009 - 05:13 PM.


#5 farva91

farva91
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 27 July 2009 - 05:12 PM

Just wanted to add that malwarebytes can run now, doing a scan right now

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 July 2009 - 02:21 PM

Hi,

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:34 AM

Posted 13 August 2009 - 12:38 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users