Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problems using google


  • This topic is locked This topic is locked
5 replies to this topic

#1 salberson

salberson

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 08 April 2010 - 02:12 PM

Recently I have been having redirect issues while using google. Also I noticed that IE and Firefox do not remember their page size when I open them. THey default to a size not used by myself. I am not sure if this is relevant, just something out of the ordinary. Also My AVG kees telling me that I have a trojan but it keeps giving me a different name every time. As I was writing this a new message popped up and said threat detected: blexsrars.in/cgi-bin/hotnews.asp Exploit Neosploit Toolkit (type 779). Here are my logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by shawn.alberson at 8:26:31.41 on Thu 04/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.250 [GMT -7:00]

AV: AVG Anti-Virus SBS Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
C:\WINDOWS\system32\hasplms.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WASPDB\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slClient.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\shawn.alberson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: vlsp.dll
Trusted Zone: claudiuspeters.com\bp
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxp://nyts01/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241360175359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241360162171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {BA11E984-66D3-11D3-9196-006008105FA5} - hxxp://nyts01/businessportal/portal/shell/SDClientTools.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {A1792E68-9B1A-4ED8-AC3A-3BD8552427D1} = 192.192.0.5 192.192.0.6 192.192.0.10 192.192.0.5 192.192.0.10
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 94.232.248.66 browser-security.microsoft.com
Hosts: 94.232.248.66 antivirprotection.com
Hosts: 94.232.248.66 www.antivirprotection.com

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-9 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-9 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-9 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-9 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-9 297752]
R2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [2009-3-12 54112]
R2 FxControlRuntime;FxControl Runtime;c:\program files\ge fanuc\proficy machine edition\fxcontrol\runtime\nt\FxControl.exe [2008-10-27 634880]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-1-28 3712]
R2 LoggingService;Proficy Log Server;c:\program files\ge fanuc\proficy machine edition\proficy event logger\LoggingService.exe [2008-10-27 151552]
R2 MSSQL$WASPDB;MSSQL$WASPDB;c:\program files\microsoft sql server\mssql$waspdb\binn\sqlservr.exe -swaspdb --> c:\program files\microsoft sql server\mssql$waspdb\binn\sqlservr.exe -sWASPDB [?]
R2 SLClient;ScriptLogic Service;c:\windows\system32\SLClient.exe [2005-9-19 534528]
R2 TrapiServer;Trapi File Server;c:\program files\ge fanuc\proficy machine edition\common\components\nt\TrapiServer.exe [2008-10-27 122982]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-9-12 80384]
R3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2009-6-18 17408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2009-6-18 14336]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\ge fanuc\proficy machine edition\fxview\runtime\proficydrivers\win32\GefPdfOpc.exe [2006-11-24 192512]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-7-31 58240]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2008-3-17 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2008-3-17 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2008-3-17 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2008-3-17 5888]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys --> c:\windows\system32\drivers\pwi_bus.sys [?]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys --> c:\windows\system32\drivers\pwi_mdfl.sys [?]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys --> c:\windows\system32\drivers\pwi_mdm.sys [?]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys --> c:\windows\system32\drivers\pwi_oflt.sys [?]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys --> c:\windows\system32\drivers\pwi_serd.sys [?]
S3 SQLAgent$WASPDB;SQLAgent$WASPDB;c:\program files\microsoft sql server\mssql$waspdb\binn\sqlagent.exe -i waspdb --> c:\program files\microsoft sql server\mssql$waspdb\binn\sqlagent.EXE -i WASPDB [?]

=============== Created Last 30 ================

2010-04-08 14:53:56 327680 ---ha-w- c:\documents and settings\shawn.alberson\~shawn.alberson.OST.tmp
2010-04-07 16:28:39 262144 ---ha-w- c:\documents and settings\shawn.alberson\~shawn.alberson.PST.tmp
2010-04-07 02:41:19 44996 ----a-w- c:\documents and settings\shawn.alberson\urdndex.oab
2010-04-07 02:41:19 22508 ----a-w- c:\documents and settings\shawn.alberson\ubrowse.oab
2010-04-07 02:41:19 20 ----a-w- c:\documents and settings\shawn.alberson\updndex.oab
2010-04-07 02:41:19 129036 ----a-w- c:\documents and settings\shawn.alberson\uanrdex.oab
2010-04-07 02:41:08 1499104 ----a-w- c:\documents and settings\shawn.alberson\udetails.oab
2010-04-07 02:41:07 34947 ----a-w- c:\documents and settings\shawn.alberson\utmplts.oab
2010-04-06 12:30:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 12:30:23 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 04:59:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-31 06:13:10 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2010-03-31 06:13:10 0 d-----w- c:\program files\Skyhook Wireless
2010-03-31 06:13:03 0 d-----w- c:\program files\Boingo
2010-03-31 06:13:02 0 d-----w- c:\docume~1\alluse~1\applic~1\GoBoingo

==================== Find3M ====================

2010-04-08 14:50:53 179 ----a-w- C:\handle.dat
2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
1997-11-05 17:50:24 592379 ----a-w- c:\program files\Gergpro.hlp
1995-11-06 07:00:00 147760 ----a-w- c:\program files\Tlquiz.exe
1995-09-23 07:00:00 10636 ----a-w- c:\program files\Tlquiz.hlp
2009-11-04 22:44:02 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-11-04 22:44:02 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-11-04 22:44:02 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 8:28:49.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 K27

K27

    Malware Fighter


  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 09 April 2010 - 04:25 PM

Hi salberson

Welcome to Bleeping Computer,

I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

I will post back as soon as I have decided on the best course of action to take with your malware issues.

Thankyou for your patience,
K27.
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil


My Help and Advice is always FREE, but if you would like to consider making a small donation towards my fight against Malware please click the
Posted Image button, all donations, however small are gratefully received.

#3 K27

K27

    Malware Fighter


  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 10 April 2010 - 01:07 PM

salberson,

You have a TDL3 rootkit infection, although a pretty bad infection it is removable, You can read more on this infection and how it came about from HERE, if you click the links you will be taken to explanations for each version of the TDL rootkit.

Please proceed as follows:


PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please:
  • Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
  • Anti Virus
  • Anti Spyware
  • If you have trouble disabling your firewall please post back before continuning which one you use and I will give you the instructioins.
    (If its a third party Firewall there should be a Icon on your task bar by the clock, right click that and choose Disable/Stop. If its the Windows built-in firewall you should be able to disable it via Control Panel.


Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

Combo-fix MUST be save to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.

DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks
K27




The Internet is the New Age Battle of the Old Age Clash Between Good and Evil


My Help and Advice is always FREE, but if you would like to consider making a small donation towards my fight against Malware please click the
Posted Image button, all donations, however small are gratefully received.

#4 salberson

salberson
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 12 April 2010 - 02:51 PM

I cannot (do not have permission) to disable my AVG anivirus. Is it ok to try it with AVG running?

Also I just had a command window open that was blank and it had this path in its header.
C:\windows\temp\yxui.tmp\svchost.exe
I closed the window and restarted the computer. My AVG now says I have an invalid Update Control ctf file.

Edited by salberson, 12 April 2010 - 04:24 PM.


#5 K27

K27

    Malware Fighter


  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 13 April 2010 - 03:30 PM

Your AVG update files are corrupt, please follow the instructions HERE for deleting the corrupted files, and please tell me why you can not disable AVG, if it is the infection stopping you then please go to Start > Control Panel > Programs and Fretures > Add/Remove programs and then uninstall AVG, reboot your machine and then run Combo-fix.

If you can not disable AVG because your are not and system Administrator, then you will need to contact your system administrator and have them disable AVG for you.

Please DO NOT run Combo-Fix with AVG still running as it will cause conflicts and could crash your system.

Thanks
K27
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil


My Help and Advice is always FREE, but if you would like to consider making a small donation towards my fight against Malware please click the
Posted Image button, all donations, however small are gratefully received.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 20 April 2010 - 06:24 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users