Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links hijacked, firefox crashing, and more.


  • This topic is locked This topic is locked
9 replies to this topic

#1 elephantcorporation

elephantcorporation

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 15 August 2009 - 10:13 PM

A few weeks ago I stupidly clicked on a link I shouldn't have. Since then my computer has gone haywire. Links through Google are diverted to random search engines and sites. Firefox crashes any time a page/tab takes more than two seconds to load. And when Firefox tries to submit a crash report I get a message saying that it failed to submit. When I am trying to access any files on my computer I have to right click -> Open because double clicking opens up a search window instead. Also, my updated Internet Explorer shuts down the moment I open it with the message "To help protect your computer, Windows has closed this program", but that might be a faulty download. I typically use Firefox unless I'm at a site that doesn't work with it, so it's not a huge concern at the moment if it's not related. Thanks in advance for any help.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Owner at 21:52:13.34 on Sat 08/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.486 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\sgpsq24c.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - component: c:\documents and settings\compaq_owner\application

data\mozilla\firefox\profiles\sgpsq24c.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\compaq_owner\application

data\mozilla\firefox\profiles\sgpsq24c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\compaq_owner\application

data\mozilla\firefox\profiles\sgpsq24c.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
S2 gupdate1c9da73d84425ae;Google Update Service (gupdate1c9da73d84425ae);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2009-08-14 10:40 <DIR> --d----- c:\program files\Cobian Backup 9
2009-08-13 21:22 <DIR> --dsh--- c:\documents and settings\compaq_owner\IETldCache
2009-08-13 14:28 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-13 11:32 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-13 11:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-13 11:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 11:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-13 11:31 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-13 11:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-13 11:31 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-13 11:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-13 11:21 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 11:21 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 11:21 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 11:21 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 11:21 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 11:21 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 11:21 <DIR> --d----- c:\windows\ie8updates
2009-08-13 11:20 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 11:16 <DIR> -cd-h--- c:\windows\ie8
2009-08-13 09:43 90,275 -------- c:\windows\system32\kapdctpviof
2009-08-11 22:35 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 22:35 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-07 03:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 07:58 268,648 -------- c:\windows\system32\mucltui.dll
2009-08-06 07:58 208,744 -------- c:\windows\system32\muweb.dll
2009-08-06 07:58 27,496 -------- c:\windows\system32\mucltui.dll.mui
2009-08-05 15:22 3,716 -------- c:\windows\system32\OEMINFO.PNF
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 21:42 91,328 -------- c:\windows\system32\drivers\msfwdrv.sys
2009-08-04 21:42 116,416 -------- c:\windows\system32\drivers\msfwhlpr.sys
2009-08-04 21:42 53,168 -------- c:\windows\system32\drivers\MpFilter.sys
2009-08-04 21:36 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-08-04 21:03 4 -------- c:\windows\system32\bincd32.dat
2009-08-04 19:37 <DIR> a-d----- c:\windows\system32\images
2009-08-04 13:57 1,382 -------- c:\windows\system32\onhelp.htm
2009-08-04 13:44 9 -------- c:\windows\system32\bennuar.old
2009-08-04 13:44 36 -------- c:\windows\system32\sysnet.dat
2009-08-04 13:44 95 -------- c:\windows\system32\sonhelp.htm
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

==================== Find3M ====================

2009-08-12 00:36 1,352,826 -------- c:\windows\system32\hjgruirqlrvitb.dat
2009-08-05 09:38 69,632 -------- c:\windows\system32\drivers\hjgruierqbodsm.sys
2009-08-05 04:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 11:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 03:25 730,112 -------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:25 301,568 -------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:25 147,456 -------- c:\windows\system32\schannel.dll
2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:25 136,192 -------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:25 56,832 -------- c:\windows\system32\secur32.dll
2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 03:25 54,272 -------- c:\windows\system32\wdigest.dll
2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 06:18 92,928 -------- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 06:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 09:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 07:31 76,288 -------- c:\windows\system32\telnet.exe
2009-06-12 07:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 09:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:13 84,992 -------- c:\windows\system32\avifil32.dll
2009-06-10 01:14 132,096 -------- c:\windows\system32\wkssvc.dll
2009-06-10 01:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2007-06-28 22:08 25,032,729 -------- c:\program files\avi2dvd_setup_045_.exe
2006-11-17 00:47 738 -------- c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 21:52:36.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:26 AM

Posted 16 August 2009 - 01:09 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 elephantcorporation

elephantcorporation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 16 August 2009 - 10:18 PM

I wasn't sure if you wanted to log copy+pasted or attached, so I have done both. Thanks again!

ComboFix 09-08-10.06 - Compaq_Owner 08/16/2009 18:29.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.468 [GMT -5:00]
Running from: e:\downloads\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\hjgruierqbodsm.sys
c:\windows\system32\hjgruihbvhedfr.dat
c:\windows\system32\hjgruirqlrvitb.dat
D:\Autorun.inf


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hjgruioulkjkcx
-------\Service_hjgruioulkjkcx


((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-14 15:40 . 2009-08-14 15:40 -------- d-----w- c:\program files\Cobian Backup 9
2009-08-14 02:22 . 2009-08-14 02:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-14 02:22 . 2009-08-14 02:22 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2009-08-13 16:32 . 2009-08-13 16:32 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-13 16:32 . 2009-08-13 16:32 -------- d-----w- c:\program files\MSBuild
2009-08-13 16:32 . 2009-08-13 16:32 -------- d-----w- c:\program files\Reference Assemblies
2009-08-13 16:31 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-13 16:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-13 16:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-13 16:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-13 16:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 16:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-13 16:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-13 16:21 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 16:21 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 16:21 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 16:21 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 16:21 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 16:21 . 2009-07-19 23:48 11067392 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 16:21 . 2009-08-13 16:22 -------- d-----w- c:\windows\ie8updates
2009-08-13 16:20 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 16:16 . 2009-08-13 16:19 -------- dc-h--w- c:\windows\ie8
2009-08-12 03:35 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 08:00 . 2009-08-07 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 12:58 . 2008-10-16 19:06 268648 ------w- c:\windows\system32\mucltui.dll
2009-08-06 12:58 . 2008-10-16 19:06 208744 ------w- c:\windows\system32\muweb.dll
2009-08-05 14:31 . 2009-08-05 14:31 209960 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\dplugins\2.0.1.600\OneCareDiagPlugin.dll
2009-08-05 14:26 . 2009-08-05 14:26 23720 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll
2009-08-05 14:26 . 2009-08-05 14:26 23056 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix101001.dll
2009-08-05 14:26 . 2009-08-05 14:26 221208 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll
2009-08-05 14:26 . 2009-08-05 14:26 110248 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll
2009-08-05 14:26 . 2009-08-05 14:26 29352 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix058456.dll
2009-08-05 14:26 . 2009-08-05 14:26 21160 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix056479.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 02:42 . 2007-11-28 03:56 91328 ------w- c:\windows\system32\drivers\msfwdrv.sys
2009-08-05 02:42 . 2007-11-28 03:56 116416 ------w- c:\windows\system32\drivers\msfwhlpr.sys
2009-08-05 02:42 . 2008-05-15 21:15 53168 ------w- c:\windows\system32\drivers\MpFilter.sys
2009-08-05 02:36 . 2009-08-16 07:27 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-05 02:08 . 2009-08-05 02:08 -------- d-----w- c:\program files\Windows Defender
2009-08-05 02:03 . 2009-08-05 02:16 4 ------w- c:\windows\system32\bincd32.dat
2009-08-05 00:37 . 2008-11-27 23:47 -------- d---a-w- c:\windows\system32\images
2009-08-04 18:44 . 2009-08-04 18:44 36 ------w- c:\windows\system32\sysnet.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 12:46 . 2007-06-04 23:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2
2009-08-14 12:20 . 2007-08-19 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-13 17:54 . 2006-11-11 20:32 73160 ------w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 12:32 . 2008-06-23 01:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-08-12 08:06 . 2006-11-04 03:53 -------- d-----w- c:\program files\Trillian
2009-08-05 14:31 . 2009-08-05 14:31 2923248 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\MSHotFix\WindowsXP-KB914882-x86.exe
2009-08-05 09:01 . 2004-08-04 11:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:45 . 2006-11-11 15:38 -------- d-----w- c:\program files\Lavasoft
2009-07-28 01:14 . 2007-07-15 01:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RipIt4Me
2009-07-17 19:01 . 2004-08-04 11:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-04 11:00 286720 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 11:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-01 03:59 . 2006-11-24 07:31 -------- d-----w- c:\program files\Google
2009-07-01 00:12 . 2009-07-01 00:12 -------- d-----w- c:\program files\Trend Micro
2009-06-29 03:23 . 2009-06-29 03:23 -------- d-----w- c:\program files\Alwil Software
2009-06-25 08:25 . 2004-08-04 11:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 11:00 56832 ------w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 11:00 54272 ------w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 11:00 301568 ------w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 11:00 147456 ------w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 11:00 136192 ------w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 11:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 00:40 . 2009-06-22 00:40 -------- d-----w- c:\program files\Fisher
2009-06-16 14:36 . 2004-08-04 11:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-04 11:00 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 11:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ------w- c:\windows\system32\quartz.dll
2007-06-29 03:08 . 2008-12-07 00:31 25032729 ------w- c:\program files\avi2dvd_setup_045_.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
S2 gupdate1c9da73d84425ae;Google Update Service (gupdate1c9da73d84425ae);c:\program files\Google\Update\GoogleUpdate.exe [5/21/2009 7:25 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 22:57]

2009-08-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 00:24]

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 00:25]

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 00:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 18:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\clipsrv.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-16 18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 23:47

Pre-Run: 86,840,872,960 bytes free
Post-Run: 86,774,521,856 bytes free

224 --- E O F --- 2009-08-14 08:07

Attached Files

  • Attached File  log.txt   16.11KB   1 downloads


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:26 AM

Posted 17 August 2009 - 11:09 AM

It's actually much easier for me to review if it's copied and pasted directly into your post, just like you did.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\bincd32.dat
c:\windows\system32\sysnet.dat

Folder::
c:\windows\system32\images
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


==================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 elephantcorporation

elephantcorporation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 18 August 2009 - 12:13 AM

The Kaspersky Scanner report wouldn't save for some odd reason. I clicked on the save report button at the end of the scan and the box is now shaded out like it would be if it was going to give me the save dialog box, but the box never appeared even over a one hour wait. Perhaps if I run it through Internet Explorer instead of Firefox?

I'm going to go ahead and provide you the new log from Combofix, and I'll add on the Kaspersky log once I have it.

ComboFix 09-08-10.06 - Compaq_Owner 08/17/2009 11:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.422 [GMT -5:00]
Running from: e:\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

FILE ::
"c:\windows\system32\bincd32.dat"
"c:\windows\system32\sysnet.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bincd32.dat
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\sysnet.dat


.
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 15:33 . 2009-08-17 15:33 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
2009-08-14 15:40 . 2009-08-14 15:40 -------- d-----w- c:\program files\Cobian Backup 9
2009-08-14 02:22 . 2009-08-14 02:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-14 02:22 . 2009-08-14 02:22 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2009-08-13 16:32 . 2009-08-13 16:32 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-13 16:32 . 2009-08-13 16:32 -------- d-----w- c:\program files\MSBuild
2009-08-13 16:32 . 2009-08-13 16:32 -------- d-----w- c:\program files\Reference Assemblies
2009-08-13 16:31 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-13 16:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-13 16:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-13 16:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-13 16:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 16:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-13 16:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-13 16:21 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 16:21 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 16:21 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 16:21 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 16:21 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 16:21 . 2009-07-19 23:48 11067392 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 16:21 . 2009-08-13 16:22 -------- d-----w- c:\windows\ie8updates
2009-08-13 16:20 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 16:16 . 2009-08-13 16:19 -------- dc-h--w- c:\windows\ie8
2009-08-12 03:35 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 08:00 . 2009-08-07 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 12:58 . 2008-10-16 19:06 268648 ------w- c:\windows\system32\mucltui.dll
2009-08-06 12:58 . 2008-10-16 19:06 208744 ------w- c:\windows\system32\muweb.dll
2009-08-05 14:31 . 2009-08-05 14:31 209960 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\dplugins\2.0.1.600\OneCareDiagPlugin.dll
2009-08-05 14:26 . 2009-08-05 14:26 23720 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll
2009-08-05 14:26 . 2009-08-05 14:26 23056 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix101001.dll
2009-08-05 14:26 . 2009-08-05 14:26 221208 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll
2009-08-05 14:26 . 2009-08-05 14:26 110248 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll
2009-08-05 14:26 . 2009-08-05 14:26 29352 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix058456.dll
2009-08-05 14:26 . 2009-08-05 14:26 21160 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix056479.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 02:42 . 2007-11-28 03:56 91328 ------w- c:\windows\system32\drivers\msfwdrv.sys
2009-08-05 02:42 . 2007-11-28 03:56 116416 ------w- c:\windows\system32\drivers\msfwhlpr.sys
2009-08-05 02:42 . 2008-05-15 21:15 53168 ------w- c:\windows\system32\drivers\MpFilter.sys
2009-08-05 02:36 . 2009-08-17 00:27 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-05 02:08 . 2009-08-05 02:08 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 12:46 . 2007-06-04 23:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2
2009-08-14 12:20 . 2007-08-19 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-13 17:54 . 2006-11-11 20:32 73160 ------w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 12:32 . 2008-06-23 01:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-08-12 08:06 . 2006-11-04 03:53 -------- d-----w- c:\program files\Trillian
2009-08-05 14:31 . 2009-08-05 14:31 2923248 ------w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\MSHotFix\WindowsXP-KB914882-x86.exe
2009-08-05 09:01 . 2004-08-04 11:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:45 . 2006-11-11 15:38 -------- d-----w- c:\program files\Lavasoft
2009-07-28 01:14 . 2007-07-15 01:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RipIt4Me
2009-07-17 19:01 . 2004-08-04 11:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-04 11:00 286720 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 11:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-01 03:59 . 2006-11-24 07:31 -------- d-----w- c:\program files\Google
2009-07-01 00:12 . 2009-07-01 00:12 -------- d-----w- c:\program files\Trend Micro
2009-06-29 03:23 . 2009-06-29 03:23 -------- d-----w- c:\program files\Alwil Software
2009-06-25 08:25 . 2004-08-04 11:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 11:00 56832 ------w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 11:00 54272 ------w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 11:00 301568 ------w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 11:00 147456 ------w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 11:00 136192 ------w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 11:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 00:40 . 2009-06-22 00:40 -------- d-----w- c:\program files\Fisher
2009-06-16 14:36 . 2004-08-04 11:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-04 11:00 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 11:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ------w- c:\windows\system32\quartz.dll
2007-06-29 03:08 . 2008-12-07 00:31 25032729 ------w- c:\program files\avi2dvd_setup_045_.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
S2 gupdate1c9da73d84425ae;Google Update Service (gupdate1c9da73d84425ae);c:\program files\Google\Update\GoogleUpdate.exe [5/21/2009 7:25 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 22:57]

2009-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 00:24]

2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 00:25]

2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 00:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\sgpsq24c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 11:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-17 11:29
ComboFix-quarantined-files.txt 2009-08-17 16:28
ComboFix2.txt 2009-08-16 23:48

Pre-Run: 86,714,466,304 bytes free
Post-Run: 86,706,376,704 bytes free

215 --- E O F --- 2009-08-14 08:07

#6 elephantcorporation

elephantcorporation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 18 August 2009 - 08:18 AM

Alright, I ran Kaspersky Scanner again on Internet Explorer this morning. It was updated as it had been before, and then it began to run like it did before, but it only took two minutes and it found nothing. I'm not sure if this is because it scanned once before or if I have done something wrong.

The previous scan had 14 or 15 infections.

Sorry about the troubles.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:26 AM

Posted 18 August 2009 - 12:28 PM

Well your latest log looks pretty good to me. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 elephantcorporation

elephantcorporation
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 18 August 2009 - 07:01 PM

Much better. Unless something unexpected comes out and bites me, I think it's fixed. Thanks for your help :thumbup2:

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:26 AM

Posted 19 August 2009 - 11:02 AM

Glad I could help out.
Just a few final steps/recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:26 AM

Posted 05 September 2009 - 10:15 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users