Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet explorer opening wrong pages


  • Please log in to reply
3 replies to this topic

#1 seanart7

seanart7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 October 2009 - 08:47 PM

Hello, I am having the same problem that this person did: http://www.bleepingcomputer.com/forums/lof...hp/t214101.html
My internet explorer seems to work fine, but when I click on a google search result, it usually opens a different page or cannot find the link at all. usually if I try this 3 or 4 times it will eventually find the correct link. On the page where the other person wrote of this, you had a link to a scan that gave me these results:


DDS (Ver_09-10-26.01) - NTFSx86
Run by sean at 21:19:11.75 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.189 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
svchost.exe "C:\WINDOWS\system32\12520850f.exe"
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AutoCAD 2005\acad.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\sean\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Adobe\Illustrator 9.0.1\Illustrator.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\00C0U3OT\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NordBull] c:\windows\msa.exe
uRun: [hivew] c:\windows\system32\rundll32.exe c:\docume~1\sean\locals~1\temp\7449885782823don.dll,Set1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
dRun: [AIM] c:\program files\aim95\aim.exe -cnetwait.odl
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uExplorerRun: [ijaocdv] c:\windows\system32\ijaocdv.exe
mExplorerRun: [deg] c:\windows\system32\deg.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5199201E-60B4-11DE-85CF-260556D89593} - c:\program files\privacycenter\protector.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Euchre - hxxp://download2.games.yahoo.com/games/clients/y/et3_x.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2002-1-14 7196]
S2 SwPrvWmiApSrv;MS Software Shadow Copy Provider SwPrvWmiApSrv;c:\windows\system32\12520850f.exe srv --> c:\windows\system32\12520850f.exe srv [?]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
S4 Alcpdent;Alcpdent; [x]

=============== Created Last 30 ================


==================== Find3M ====================

2009-10-15 07:25:51 6144 ----a-w- c:\windows\system32\cru629.dat
2009-10-15 07:25:51 6144 ----a-w- c:\windows\cru629.dat
2009-10-13 12:36:42 12288 ----a-w- c:\windows\system32\braviax.exe
2009-10-13 12:36:42 12288 ----a-w- c:\windows\braviax.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 09:23:44 1346048 ----a-w- c:\windows\system32\temp.exe
2009-08-17 05:49:34 61440 --sh--r- c:\windows\system32\12520850f.exe
2009-08-15 03:12:17 19841 ----a-w- c:\windows\system32\rutol.vbs
2009-08-15 03:12:17 17728 ----a-w- c:\docume~1\alluse~1\applic~1\ipalovuxew.bin
2009-08-15 03:12:17 16710 ----a-w- c:\windows\esifep.dll
2009-08-15 03:12:17 14791 ----a-w- c:\docume~1\alluse~1\applic~1\yboq.sys
2009-08-15 03:12:17 12145 ----a-w- c:\windows\system32\uwofeh.reg
2009-08-15 03:12:17 10538 ----a-w- c:\windows\ivacaxa.sys
2009-08-15 03:12:16 17663 ----a-w- c:\windows\irysi.pif
2009-08-15 03:12:16 11696 ----a-w- c:\docume~1\sean\applic~1\lovanejyd.vbs
2009-08-15 03:12:16 11280 ----a-w- c:\windows\ibulaqamy.dat
2009-08-15 03:12:16 10406 ----a-w- c:\windows\supejuga.com
2009-08-11 03:33:21 19847 ----a-w- c:\program files\common files\otobunat.exe
2009-08-11 03:33:21 18671 ----a-w- c:\program files\common files\udawiqyby.inf
2009-08-11 03:33:21 18503 ----a-w- c:\windows\jacobywun.com
2009-08-11 03:33:21 16902 ----a-w- c:\docume~1\alluse~1\applic~1\ojoxym.bin
2009-08-11 03:33:21 16125 ----a-w- c:\program files\common files\yrimazakyh.com
2009-08-11 03:33:21 16121 ----a-w- c:\program files\common files\carel._sy
2009-08-11 03:33:21 15323 ----a-w- c:\windows\enenakugel.com
2009-08-11 03:33:21 14931 ----a-w- c:\program files\common files\zylunaha.bin
2009-08-11 03:33:21 13541 ----a-w- c:\docume~1\sean\applic~1\ibiduw.pif
2009-08-11 03:33:21 10590 ----a-w- c:\program files\common files\viwawa._sy
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2001-12-15 02:56:59 17408 -csha-w- c:\program files\Thumbs.db
2008-09-07 07:20:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 21:23:43.37 ===============

Please help! thanks :(

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:45 PM

Posted 03 November 2009 - 07:46 AM

Hello seanart7

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 seanart7

seanart7
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 03 November 2009 - 11:44 AM

Thanks for your reply/help! Here are the results I recieved today:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-03 11:39:11
Windows 5.1.2600 Service Pack 3
Running: wwdd8ttk.exe; Driver: C:\DOCUME~1\sean\LOCALS~1\Temp\uxtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF87A71A0]

Code 82D7B1A8 ZwEnumerateKey
Code 82D7B170 ZwFlushInstructionCache
Code 82ECBDE6 ZwSaveKey
Code 82ECBDAE ZwSaveKeyEx
Code 82EC5A16 IofCallDriver
Code 82EC5A4E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82EC5A1B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82EC5A53
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8056E42A 5 Bytes JMP 82D7B174
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 5 Bytes JMP 82D7B1AC
PAGE ntoskrnl.exe!ZwSaveKey 8064EE06 5 Bytes JMP 82ECBDEA
PAGE ntoskrnl.exe!ZwSaveKeyEx 8064EEF1 5 Bytes JMP 82ECBDB2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1652] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\braviax.exe (*** hidden *** ) 1104

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\rotscxapqketoo.sys (*** hidden *** ) [SYSTEM] rotscxcikopoxh <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh@imagepath \systemroot\system32\drivers\rotscxapqketoo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main@aid 20055
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main\injector@* rotscxwsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main\injector@svchost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxapqketoo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxcmd.dll \systemroot\system32\rotscxoqrejgpb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxlog.dat \systemroot\system32\rotscxuitdhgxf.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxwsp.dll \systemroot\system32\rotscxrdpyionv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscx.dat \systemroot\system32\rotscxnjbaptrx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxwsp8.dll \systemroot\system32\rotscxyarpjklj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxcont.dll \systemroot\system32\rotscxflvwkumn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxcony.dll \systemroot\system32\rotscxrivbqeei.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxcikopoxh\modules@rotscxconu.dll \systemroot\system32\rotscxbnetbqpx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh@imagepath \systemroot\system32\drivers\rotscxapqketoo.sys
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main@aid 20055
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main\injector@* rotscxwsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main\injector@svchost.exe
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxapqketoo.sys
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxcmd.dll \systemroot\system32\rotscxoqrejgpb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxlog.dat \systemroot\system32\rotscxuitdhgxf.dat
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxwsp.dll \systemroot\system32\rotscxrdpyionv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscx.dat \systemroot\system32\rotscxnjbaptrx.dat
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxwsp8.dll \systemroot\system32\rotscxyarpjklj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxcont.dll \systemroot\system32\rotscxflvwkumn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxcony.dll \systemroot\system32\rotscxrivbqeei.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rotscxcikopoxh\modules@rotscxconu.dll \systemroot\system32\rotscxbnetbqpx.dll

---- EOF - GMER 1.0.15 ----

Edited by seanart7, 03 November 2009 - 11:45 AM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:45 PM

Posted 03 November 2009 - 08:25 PM

One or more of the identified infections is a backdoor trojan or rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

===========================



First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users