Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found doginhispen.com trusted zone


  • This topic is locked This topic is locked
2 replies to this topic

#1 phiral1618

phiral1618

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 05 December 2009 - 04:57 PM

hi all. I was disinfecting a computer (dell dimension 3000 xp sp2) and I noticed in the hijackthis log 2 trusted zones, doginhispen.com and whataboutadog.com. I googled it and found many threads here on bleeping computer (a site I have admired for quite a while btw) and I have done as much research as I can but am not sure that I can clean this myself. So I come here to ask for help. This is my first post and hope I follow the instructions correctly :D

Please let me know if you need any information about what I have alrdy ran. thank you everyone.


DDS (Ver_09-12-01.01) - NTFSx86
Run by tammy at 13:41:52.29 on Sat 12/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.696 [GMT -6:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
SVCHOST.EXE
C:WINDOWSSystem32svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32InetCntrlInetCntrl.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesMemTurbo 4MemTurbo.exe
SVCHOST.EXE
C:Program FilesMicrosoft SQL ServerMSSQL$MICROSOFTBCMBinnsqlservr.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32wscntfy.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32InetCntrlMaintControlCenter.exe
F:dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
BHO: CleanupHelper Class: {6dfd889b-7f81-44c4-bc1f-06a857c01c41} - c:program filesarmorieSX.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.5.0_08binssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
BHO: 1 (0x1) - No File
BHO: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:windowssystem32inetcntrlpopupkilBsafeBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
TB: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:windowssystem32inetcntrlpopupkilBsafeBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: ArmorIE: {548857a9-80d0-4acb-b4f9-3f6eef16a246} - c:program filesarmorieSX.dll
uRun: [Skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [InetCntrl] c:windowssystem32inetcntrlInetCntrl.exe
StartupFolder: c:docume~1tammystartm~1programsstartupmemturbo.lnk - c:program filesmemturbo 4MemTurbo.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:program filespokerstars.netPokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office11REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
LSP: InetCntrl0012.dll
Trusted Zone: microsoft.comdownload.windowsupdate
Trusted Zone: microsoft.comupdate
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 bsofrwl;bsofrwl;c:windowssystem32driversbsofrwl.sys [2009-1-30 29024]
R1 NEOFLTR_620_13525;Juniper Networks TDI Filter Driver (NEOFLTR_620_13525);c:windowssystem32driversNEOFLTR_620_13525.sys [2008-8-28 64480]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-10-12 74480]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-10-12 7408]
S2 gupdate1ca669131d21ca8;Google Update Service (gupdate1ca669131d21ca8);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-16 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:windowssystem32driversADM8511.SYS [2009-5-6 20160]

=============== Created Last 30 ================

2009-12-04 23:57:33 0 d-sh--w- c:documents and settingstammyIECompatCache
2009-12-04 00:01:59 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-04 00:01:56 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-12-04 00:01:56 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2009-12-04 00:01:55 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-03 23:21:47 0 d-----w- C:ComboFix
2009-12-03 23:18:20 94208 ----a-w- c:windowssystem32igfxtray.exe
2009-12-03 23:18:19 77824 ----a-w- c:windowssystem32hkcmd.exe
2009-12-03 23:12:17 0 d-----w- c:program filesCCleaner
2009-12-03 22:54:24 98816 ----a-w- c:windowssed.exe
2009-12-03 22:54:24 77312 ----a-w- c:windowsMBR.exe
2009-12-03 22:54:24 260608 ----a-w- c:windowsPEV.exe
2009-12-03 22:54:24 161792 ----a-w- c:windowsSWREG.exe
2009-12-03 22:38:41 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2009-12-03 22:38:07 0 d-----w- c:program filesSUPERAntiSpyware
2009-12-03 22:38:06 0 d-----w- c:docume~1tammyapplic~1SUPERAntiSpyware.com
2009-12-03 22:36:54 0 d-----w- c:program filescommon filesWise Installation Wizard
2009-12-03 22:02:03 0 d-----w- c:docume~1tammyapplic~1Malwarebytes

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ----a-w- c:windowssystem32dllcachemshtml.dll
2009-09-11 14:33:52 133632 ----a-w- c:windowssystem32msv1_0.dll
2009-09-11 14:33:52 133632 ----a-w- c:windowssystem32dllcachemsv1_0.dll
2007-03-30 17:23:11 774144 ----a-w- c:program filesRngInterstitial.dll

============= FINISH: 13:42:44.76 ===============

oops forgot the rootrepeal log.

Attached Files


Edited by garmanma, 05 December 2009 - 05:17 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 19 December 2009 - 04:28 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 24 December 2009 - 12:10 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users