Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Debilitating Infection, Need Some Help


  • This topic is locked This topic is locked
No replies to this topic

#1 rahmenxnoodles69

rahmenxnoodles69

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 21 October 2009 - 12:19 PM

I've become infected by some kind of hijacker that's been making IE pop up and go to ad sites.

And it has effectively killed my Spybot S&D and HijackThis so I can't use them against it.


Attach.txt and Ark.txt have been attached and here is DDS.txt:

DDS (Ver_09-10-13.01) - NTFSx86
Run by Alex at 6:33:39.56 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2677 [GMT -4:00]

AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\TEMP\b.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\TEMP\a.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Alex\My Documents\Firefox Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\common files\obdc\svcshost.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Cleaner] c:\program files\common files\obdc\svcshost.exe
dRun: [PopRock] c:\windows\temp\a.exe
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\dok643up.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-15 24652]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-15 105984]
S2 .1234742661;1234742661;c:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\562c4dd5\3.0.0.135\bntr1234742661.exe --> c:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\562c4dd5\3.0.0.135\bntr1234742661.exe [?]
S2 gupdate1c9cf5628ffa730;Google Update Service (gupdate1c9cf5628ffa730);c:\program files\google\update\GoogleUpdate.exe [2009-5-7 133104]

=============== Created Last 30 ================

2009-10-21 01:20 236,544 a------- c:\windows\PEV.exe
2009-10-21 01:20 161,792 a------- c:\windows\SWREG.exe
2009-10-21 01:20 98,816 a------- c:\windows\sed.exe
2009-10-20 20:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-10-20 19:05 217,127 a------- c:\windows\system32\drv43260.dll
2009-10-20 19:05 208,935 a------- c:\windows\system32\drv33260.dll
2009-10-20 19:05 176,165 a------- c:\windows\system32\drv23260.dll
2009-10-20 19:05 65,602 a------- c:\windows\system32\cook3260.dll
2009-10-20 19:05 1,645,320 a------- c:\windows\gdiplus.dll
2009-10-20 19:05 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-10-20 19:05 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-10-20 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-10-20 15:54 42,665 ---shr-- c:\windows\system32\EXPL0RER.EXE
2009-10-20 15:54 164 a------- c:\windows\system32\win32log.dat
2009-10-19 20:39 0 a----r-- c:\windows\win32k.sys
2009-10-19 20:21 89,088 a------- c:\docume~1\alex\applic~1\svcshost.exe
2009-10-19 20:19 <DIR> --d----- c:\program files\common files\OBDC
2009-10-17 02:14 <DIR> --d----- c:\program files\Audacity
2009-10-12 00:05 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-10-12 00:05 21,504 a------- c:\windows\system32\hidserv.dll
2009-10-12 00:05 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-10-12 00:05 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-10-12 00:05 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-10-12 00:05 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-10-05 18:44 <DIR> --d----- c:\program files\FlashGet
2009-10-04 16:29 <DIR> --d----- c:\program files\WBFS
2009-10-04 15:38 <DIR> --d----- C:\Downloads
2009-10-04 15:37 <DIR> --d----- c:\program files\BitComet
2009-10-01 03:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM
2009-10-01 03:24 <DIR> --d----- c:\program files\AIM
2009-10-01 03:23 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-09-29 17:39 <DIR> --d----- C:\PSFONTS
2009-09-29 17:38 <DIR> --d----- c:\program files\Finale NotePad 2008
2009-09-24 04:34 <DIR> --d----- c:\program files\CDisplay

==================== Find3M ====================

2009-10-20 19:05 47,360 ac------ c:\docume~1\alex\applic~1\pcouffin.sys
2009-10-20 19:05 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-10-20 17:21 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-09-12 20:50 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-26 04:00 247,326 -------- c:\windows\system32\strmdll.dll
2009-08-09 10:41 29,480 -------- c:\windows\system32\msxml3a.dll
2009-08-09 10:41 505,128 -------- c:\windows\system32\msvcp71.dll
2009-08-09 10:41 353,576 -------- c:\windows\system32\msvcr71.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-25 05:23 411,368 -------- c:\windows\system32\deploytk.dll

============= FINISH: 6:34:00.65 ===============

Attached Files



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users