Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was infected with a serious problem but I'm not sure if it's gone


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lukin

Lukin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 31 January 2010 - 11:27 AM

As stated in the topic description it wasn't allowing me to access any google site, redirecting all searches from any engine, and was undetected by MBAM and AVG.

After trolling through these forums for a while, and trying Registry Cleaner (Several times), I resorted to desperation and tried ComboFix. I would've loved to have done it under the supervision of someone on these forums but as stated before I was not allowed to access the email I registered to the forums under.

Now I want to make sure I'm clear of everything. Scans with MBAM and AVG come up clean.

ComboFix showed a rootkit, which I believe it removed, and I had a friend help me by loading RegistryBooster on this machine.

Thank you in advance for your time.
Humbly waiting for a response,
Lukin.

PS. I am also getting strange new tab openings, to random websites.

So, one more thing to add to the list. The computer has taken to freezing when I visit sites that seem to be heavy in flash... and I mean full out freeze to the point of Crl+Alt+Del does not bring up Task manager.

I am unsure of what steps to take now since last night MBAM only reported Combofix and nothing else. After that the computer became fairly unresponsive, even after several restarts. Now it is functioning, it seems, as long as I don't visit any Flash websites.

Allright, pardon me for being a bit frustrated and seeming, perhaps a bit rash. But I don't know when my system will freeze next so I've taken the liberty of generating a HijackThis log.

Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:42 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
C:Program FilesOO SoftwareDefragoodag.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Tablet.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcAppFlt.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32WTabletTabUserW.exe
C:WINDOWSsystem32Tablet.exe
C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe
C:WINDOWSsystem32Rundll32.exe
C:Program FilesLogitechiTouchiTouch.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe
C:WINDOWSvsnpstd3.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
C:Program FilesOO SoftwareDefragoodtray.exe
C:Program FilesBOINCboincmgr.exe
C:Program FilesBOINCboinctray.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesVeoh NetworksVeohWebPlayerveohwebplayer.exe
C:Program FilesPando NetworksMedia BoosterPMB.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesBelkinBelkin 802.11g Wireless PCI Card Configuration Utilityutility.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesBOINCboinc.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:Program FilesCelebrity Toolbartbhelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:Program FilesCelebrity Toolbartbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:Program FilesVeoh NetworksVeohWebPlayerVeohIEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:Program FilesCelebrity Toolbartbcore3.dll
O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r
O4 - HKLM..Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [IMEKRMIG6.1] C:WINDOWSimeimkr6_1IMEKRMIG.EXE
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [nTrayFw] C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe
O4 - HKLM..Run: [snpstd3] C:WINDOWSvsnpstd3.exe
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0EYTHM] C:PROGRA~1COMMON~1AdobeADOBEV~1ServerbinVERSIO~2.EXE
O4 - HKLM..Run: [OODefragTray] C:Program FilesOO SoftwareDefragoodtray.exe
O4 - HKLM..Run: [boincmgr] "C:Program FilesBOINCboincmgr.exe" /a /s
O4 - HKLM..Run: [boinctray] "C:Program FilesBOINCboinctray.exe"
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKLM..Run: [nwiz] C:Program FilesNVIDIA CorporationnViewnwiz.exe /install
O4 - HKCU..Run: [VeohPlugin] "C:Program FilesVeoh NetworksVeohWebPlayerveohwebplayer.exe"
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools LiteDTLite.exe" -autorun
O4 - HKCU..Run: [Pando Media Booster] C:Program FilesPando NetworksMedia BoosterPMB.exe
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsAlexLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237311084000
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Documents and SettingsAll UsersApplication DataSkypePluginsPluginsD32D9ABFBE354AC8A84F07C309C1E3AFSkype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O21 - SSODL: kagibutap - {afd1a80a-475b-4b58-8c5e-ad4b6558c4a4} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {afd1a80a-475b-4b58-8c5e-ad4b6558c4a4} - (no file)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:Program FilesTurbineTurbine Download ManagerTurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:Program FilesTurbineTurbine Download ManagerTurbineNetworkService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:Program FilesOO SoftwareDefragoodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:WINDOWSsystem32Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12810 bytes

Edited by Pandy, 21 February 2010 - 02:35 AM.
3 posts merged to make 0 replies ~Pandy


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:12 AM

Posted 21 February 2010 - 05:08 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:12 AM

Posted 25 February 2010 - 07:39 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users