Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.tdss and trojans


  • This topic is locked This topic is locked
2 replies to this topic

#1 jessnichole

jessnichole

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 29 November 2009 - 05:15 PM

For a couple of weeks now I have been having a problem with google redirecting me to different sites when I follow a link from the search page. It used to be it would take me to a different page just one time, I would go back and click the link again and it would work. Now it will redirect me up to 5 times until I finally get to where I want to go, usually redirecting to toseeka sites or classifieds, once even to a porn site. I ran MalwareBytes which found a trojan and deleted it. I ran Mcafee which found nothing (which isn't unusual... I can't believe I paid money for it), but still had the problem. A few days later I ran MalwareBytes again and it found Rootkit.tdss and two other trojans. It removed them, but upon reboot this morning they were back (I ran MB right away after reboot). Google (and Yahoo I found out) are both still redirecting and after researching the rootkit.tdss I want to get this taken care of ASAP.

Here are the logs and everything you need:

The last MB log that I ran before coming here:
Malwarebytes' Anti-Malware 1.41
Database version: 3258
Windows 5.1.2600 Service Pack 3

11/29/2009 3:10:14 PM
mbam-log-2009-11-29 (15-10-14).txt

Scan type: Quick Scan
Objects scanned: 121576
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS Log:

DDS (Ver_09-11-29.01) - NTFSx86
Run by Owner at 15:39:02.28 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.236 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSehomeehtray.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32WLTRAY.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAdobePhotoshop Elements 5.0apdproxy.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
svchost.exe
C:Program FilesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
svchost.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesSkypePlugin ManagerskypePM.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32dllhost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSkypeToolbarsSharedSkypeNames.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsOwner.JessicaDesktopdds.scr
C:WINDOWSsystem32msfeedssync.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:progra~1mcafeemskmskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.3.4501.1418swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:progra~1mcafeesitead~1mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:windowssystem32BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Power2GoExpress] NA
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [AdobeBridge]
uRun: [Skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [SynTPLpr] c:program filessynapticssyntpSynTPLpr.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [Reminder] %WINDIR%CreatorRemind_XP.exe
mRun: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
mRun: [ATIPTA] c:program filesati technologiesati control panelatiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:windowssystem32WLTRAY
mRun: [Google Quick Search Box] "c:program filesgooglequick search boxGoogleQuickSearchBox.exe" /autorun
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
mRun: [McENUI] c:progra~1mcafeemhnMcENUI.exe /hide
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Synchronization Manager] %SystemRoot%system32mobsync.exe /logon
mRun: [Adobe Photo Downloader] "c:program filesadobephotoshop elements 5.0apdproxy.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe"
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://cashwise.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: text/html - {9c4d8f1a-2fef-4aa3-a35b-c78e54124bd5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:progra~1mcafeesitead~1McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmfehidk.sys [2009-7-8 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesmcafeesiteadvisorMcSACore.exe [2009-9-5 210216]
R2 McProxy;McAfee Proxy Service;c:progra~1common~1mcafeemcproxymcproxy.exe [2009-9-5 359952]
R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:progra~1mcafeeviruss~1mcshield.exe [2009-9-5 144704]
R3 HSFHWATI;HSFHWATI;c:windowssystem32driversHSFHWATI.sys [2009-9-5 200576]
R3 McSysmon;McAfee SystemGuards;c:progra~1mcafeeviruss~1mcsysmon.exe [2009-9-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2009-9-5 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:windowssystem32driversmfebopk.sys [2009-9-5 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2009-9-5 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2009-9-5 34248]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:windowssystem32driversnx6000.sys [2009-11-26 30560]
UnknownUnknown 4bf79;4bf79; [x]

=============== Created Last 30 ================

2009-11-29 21:26:47 0 d-----w- c:program filesTrend Micro
2009-11-29 20:57:30 24064 ----a-w- c:windowssystem32tdlcmd.dll
2009-11-29 08:01:24 0 ----a-w- C:backup.reg
2009-11-29 08:01:22 574 ----a-w- C:cleanup.bat
2009-11-29 08:01:22 135168 ----a-w- C:zip.exe
2009-11-27 20:54:30 56 ---ha-w- c:windowssystem32ezsidmv.dat
2009-11-27 20:49:10 0 d-----r- c:program filesSkype
2009-11-27 08:25:44 0 d-----w- c:program filesMSECache
2009-11-27 02:06:33 567136 ----a-w- c:windowssystem32LcProxy.ax
2009-11-27 02:06:33 30560 ----a-w- c:windowssystem32driversnx6000.sys
2009-11-27 02:06:33 186208 ----a-w- c:windowssystem32LCCoin20.dll
2009-11-27 02:05:29 0 d-----w- c:program filesMicrosoft LifeCam
2009-11-27 02:00:00 267272 ----a-w- c:windowssystem32xactengine2_10.dll
2009-11-27 01:58:32 2297552 ----a-w- c:windowssystem32d3dx9_26.dll
2009-11-24 05:57:55 0 d-----w- c:program filesAmazon
2009-11-15 19:40:47 3446 ----a-w- c:documents and settingsowner.jessicaindex.html
2009-11-11 08:57:24 0 d-----w- c:documents and settingsowner.jessicaLibrary
2009-11-11 08:57:24 0 d-----w- c:docume~1owner~1.jesapplic~1com.adobe.ExMan
2009-11-11 08:41:59 0 d-----w- c:program filescommon filesMacrovision Shared
2009-11-11 08:23:28 1228304 ----a-w- c:program filesADBEDRWVCS4_LS1.exe

==================== Find3M ====================

2009-11-11 08:32:18 360578904 ----a-w- c:program filesADBEDRWVCS4_LS1.7z
2009-10-25 05:53:45 41288 ----a-w- c:windowsfontsindiestarbb_reg.ttf
2009-10-25 05:53:45 33168 ----a-w- c:windowsfontsindiestarbb_bld.ttf
2009-10-25 05:48:15 89992 ----a-w- c:windowsfontsREBUFFED.TTF
2009-10-14 03:11:40 20640 ------w- c:windowssystem32driverspxhelp20.sys
2009-10-14 03:11:40 108544 ------w- c:windowssystem32pxcpyi64.exe
2009-10-14 03:11:39 109568 ------w- c:windowssystem32pxinsi64.exe
2009-10-11 10:17:27 411368 ----a-w- c:windowssystem32deploytk.dll
2009-10-08 20:57:02 611328 ----a-w- c:windowssystem32uiautomationcore.dll
2009-10-08 20:57:00 220160 ----a-w- c:windowssystem32oleacc.dll
2009-10-08 20:56:56 20480 ----a-w- c:windowssystem32oleaccrc.dll
2009-10-06 13:12:22 823936 ----a-w- c:windowssystem32driversrtl8185.sys
2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:windowssystem32msasn1.dll

============= FINISH: 15:40:55.79 ===============


RootRepeal Log and DDS Attach Log are attached.

THANK YOU for any and all help. I'm at my wits end with all of these problems.

This is my Hijack This log as well in case you need it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:04 PM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSehomeehtray.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32WLTRAY.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAdobePhotoshop Elements 5.0apdproxy.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSsystem32svchost.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32dllhost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSkypeToolbarsSharedSkypeNames.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6426
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://my.msn.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6426
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:PROGRA~1mcafeemskmskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:windowssystem32BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Reminder] %WINDIR%CreatorRemind_XP.exe
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY
O4 - HKLM..Run: [Google Quick Search Box] "C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe" /autorun
O4 - HKLM..Run: [mcagent_exe] "C:Program FilesMcAfee.comAgentmcagent.exe" /runkey
O4 - HKLM..Run: [McENUI] C:PROGRA~1McAfeeMHNMcENUI.exe /hide
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Synchronization Manager] %SystemRoot%system32mobsync.exe /logon
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Elements 5.0apdproxy.exe"
O4 - HKLM..Run: [Malwarebytes Anti-Malware (reboot)] "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKCU..Run: [Power2GoExpress] NA
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://cashwise.lifepics.com/net/Uploader/LPUploader57.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/html - {9c4d8f1a-2fef-4aa3-a35b-c78e54124bd5} - C:WINDOWSbatmeter16.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32wltrysvc.exe

--
End of file - 11737 bytes

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 01 December 2009 - 11:10 PM.


BC AdBot (Login to Remove)

 


#2 jessnichole

jessnichole
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 04 December 2009 - 12:42 AM

I know I'm not supposed to reply to my own topics, but things have changed and I needed to mention it. I got another trojan that my McAfee was actually catching and blocking, though it was blocking it every 5 minutes and would shut down my internet every time it did. I couldn't get online at all, and I have now reformatted my hard drive. So assistance is no longer needed as far as that goes.

I just have a question. Do I need to be worried about anything lingering from before reinstalling the OS? Any help would be fantastic. Thank you.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:35 AM

Posted 10 December 2009 - 11:50 PM

I just have a question. Do I need to be worried about anything lingering from before reinstalling the OS?

If you did a reformat and reload then you should be OK.



Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users