Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection. HijackThis Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 Milly155

Milly155

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 02 September 2009 - 05:32 AM

Referred from: http://www.bleepingcomputer.com/forums/t/253872/google-installer-error-and-redirect/ ~ OB

I keep getting a google installer error and google redirects links to random sites. I have gotten a blue screen a couple of times and the computer will completely freeze every now and again. Here are my logs.
Thanks.

DDS (Ver_09-07-30.01) - NTFSx86
Run by User at 20:16:17.60 on Wed 02/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.495.66 [GMT 10:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LG Electronics\LG PC Sync\LGSyncManager.exe
C:\Program Files\Tudou\·ÉĖŁTudou\TudouVa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Spyware Doctor\upgrade.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://windowsisearch.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://windowsisearch.com/search?q={searchTerms}
uSearch Bar = hxxp://windowsisearch.com/ie6.html
uDefault_Search_URL = hxxp://windowsisearch.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.52.94.13:8080
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://windowsisearch.com
mSearchURL = hxxp://windowsisearch.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\·éėłtudou\tudouDetector.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: offersfortoday: {77e4c529-ef85-4bf5-fdcb-0762c102dfd9} - c:\windows\system32\nso812.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [drv blah] c:\docume~1\user\applic~1\mpegat~1\Dalethird.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Browse new fork rule] c:\documents and settings\all users\application data\wait find browse new\Tool Manager.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\be30~1.lnk - c:\program files\tudou\·éėłtudou\TudouVa.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lgsync~1.lnk - c:\program files\lg electronics\lg pc sync\LGSyncManager.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\__c002D258.dat kzzzkl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMeDUKe

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-10-8 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-10-8 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-10-8 81288]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-1 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-1 1079176]
R3 insektxp;insektxp;c:\windows\system32\drivers\InsektXp.sys [2008-1-9 30400]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080926.003\naveng.sys [2008-9-27 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080926.003\navex15.sys [2008-9-27 873552]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [2006-3-16 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-3-16 4790]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2004-7-6 44544]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2008-3-15 99248]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2006-3-31 5824]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 Seapicersn;Seapicersn;c:\windows\system32\logonui.exe [2004-8-19 514560]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]

=============== Created Last 30 ================

2009-08-30 12:09 --d----- c:\docume~1\user\applic~1\Canneverbe_Limited
2009-08-30 12:09 --d----- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-08-29 12:52 22 a------- c:\windows\pskt.ini
2009-08-28 16:33 36,864 a------- c:\windows\system32\net.net
2009-08-14 16:24 --d----- c:\program files\Mpeg Atom
2009-08-10 17:02 --d----- c:\docume~1\user\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-08-10 17:02 --d----- c:\program files\TweetDeck

==================== Find3M ====================

2009-06-22 13:57 85,657 a------- c:\windows\system32\6bf9a406-b7c9-d00c-c28b-2101e9a6e591.exe
2008-08-29 23:06 0 a------- c:\program files\temp01
2006-06-09 17:38 32 ac---r-- c:\documents and settings\all users\hash.dat
2006-03-31 09:55 0 ac------ c:\docume~1\user\applic~1\wklnhst.dat
2008-11-06 16:34 675,291 a--sh--- c:\windows\system32\eKUDeMoq.ini2

============= FINISH: 20:18:13.21 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/02 15:44
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA917D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AA4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7BF0000 Size: 2560 File Visible: No Signed: -
Status: -

Name: PCI_PNP3106
Image Path: \Driver\PCI_PNP3106
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal1.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal1.sys
Address: 0xA803C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sppr.sys
Image Path: sppr.sys
Address: 0xF730F000 Size: 1040384 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

==EOF==

Edited by Orange Blossom, 02 September 2009 - 05:51 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:51 AM

Posted 17 September 2009 - 12:58 PM

Hi Milly155,

I tried to run Malwarebytes, only it wouldn't run. When I clicked on it, it came up as if it was loading and just never opened. I tried uninstalling and reinstalling it but it won't even open the setup now.




If the problem is MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool2.exe
Proceed installing the renamed installer of MBAM.


If the problem is MBAM will not run, go to the program directory of MBAM (e.g. C:\Program Files\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe3, double click newtool3.exe to proceed in running a Full scan.


Post the Malwarebytes log.

Edited by SifuMike, 17 September 2009 - 01:13 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:51 AM

Posted 26 September 2009 - 02:20 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users