Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirecting +


  • Please log in to reply
3 replies to this topic

#1 JTracker

JTracker

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 February 2010 - 11:30 PM

Sorry about posting along with the other guy (UZAIR) earlier.

Don't want to start by hi-jacking threads ;-)

I'm having a similar problem for the past few days. I've run HiJack this and fixed a few problems just to allow me to get online.

I've also run GMER as was posted in a previously closed thread and it reported a couple of suspected root kit infections.

I even re-installed windows and the second install also has the same problems. I have blown away IE and have installed Opera to see if it was browser specific, but this isn't the case.

As mentioned by uzair, it became noticeable when clicking on search results and saw it was rerouting through other sites.

I'm also using a-squared anti-malware, mcafee, spyware doctor, spybot s&d. Hopefully these are related problems and can be resolved in a single thread.

I have downloaded Malwarebytes and have renamed to zztoy.exe as suggested and will post the results.

Thanks

JTracker

BC AdBot (Login to Remove)

 


#2 JTracker

JTracker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 16 February 2010 - 09:11 PM

OK Here is the Log File as requested.

Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/16/2010 9:09:22 PM
mbam-log-2010-02-16 (21-09-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 315556
Time elapsed: 1 hour(s), 54 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 43

Memory Processes Infected:
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe (Malware.Packer.Gen) -> No action taken.

Memory Modules Infected:
C:\WINDOWS.0\system32\app_dll.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{801fc275-1246-4ad5-ab3d-07371bbf5bed} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30d4599e-1964-4bfa-aaf8-fa8f22ec702e} (Malware.Packer.Gen) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcafeeupdaterui (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\istray (Malware.Packer.Gen) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS.0\system32\app_dll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\CHDAudPropShortcut.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Adobe\129562.old (Trojan.Downloader) -> No action taken.
C:\Program Files\Adobe\190421.old (Trojan.Downloader) -> No action taken.
C:\Program Files\Adobe\acrotray .exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\PowerISO\pwrisovm.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Internet Explorer\js.mui (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Internet Explorer\rasadhlp.dll (PWS.Chyup.:thumbsup: -> No action taken.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\McAfee\Common Framework\udaterui.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Memeo\AutoBackupPro\memeolauncher2.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\FileZilla FTP Client\hnetcfg.dll (PWS.Chyup.:flowers: -> No action taken.
C:\Program Files\Mozilla Firefox\rasadhlp.dll (PWS.Chyup.:trumpet: -> No action taken.
C:\Program Files\Nero\Nero8\Nero BackItUp\nbkeyscan.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Safari\rasadhlp.dll (PWS.Chyup.:inlove: -> No action taken.
C:\Program Files\Skype\Phone\skype.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\SlySoft\AnyDVD\anydvdtray.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Spybot - Search & Destroy\teatimer.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Spyware Doctor\pctstray .exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Spyware Doctor\pctstray.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Spyware Doctor\pctstray.exe.delme170 (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS.0\system32\drivers\xwfhb.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS.0\Temp\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS.2\system32\app_dll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.2\system32\ctfmon.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Master\chdaudpropshortcut .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Master\chdaudpropshortcut.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Master\rundll32 .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Master\rundll32.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Master\Local Settings\Temp\f189781 .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Master\Local Settings\Temp\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Master.MASTER-BCAB7D8E\Local Settings\Temp\f129328 .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Master.MASTER-BCAB7D8E\Local Settings\Temp\wmpscfgs.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS.0\Help\kfdtk.chm (Malware.Trace) -> No action taken.
C:\WINDOWS.0\system32\spool\prtprocs\w32x86\000006e1.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\spool\prtprocs\w32x86\00002b81.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\spool\prtprocs\w32x86\0000304d.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\spool\prtprocs\w32x86\000075bf.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\flags.ini (Malware.Trace) -> No action taken.

#3 JTracker

JTracker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 18 February 2010 - 06:22 PM

Hello, but did I forget to do something in this thread?

Thanks

#4 JTracker

JTracker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 21 February 2010 - 02:18 PM

Well it's been a week since my first post and it seems that this is an unusual situation.

I am surpised at the absolute lack of response and would expect that this thread be closed as it serves no purpose to the site management, or to other memebers of this site.

I have fixed my own problem, so please remain focused on the others that may need real assistance.

Thanks

Edited by JTracker, 21 February 2010 - 02:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users