Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Security Centre + Redirecting Websites + Wavy Computer Screen


  • This topic is locked This topic is locked
5 replies to this topic

#1 -Rhymes

-Rhymes

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 16 April 2010 - 01:15 AM

Hello,

I've been having this problem since the past few days.

My computer was originally fast (the download speed around 150kB/s on Google Chrome) however after XP Security Centre installed itself onto my computer, my screen became wavy and my computer became slow. It also deleted my previous system restore points.

I "got rid of" XP Security Centre through Malwarebytes, but after, I noticed that Google Chrome stopped working for me so then I switched to Mozilla Firefox--where I kept getting redirected (notably from Google) to adsites, online casinos, and basically things of that agenda.

Then, XP Security Centre re-downloaded itself, and once again, I tried through Malwarebytes to remove it. From there, my previous problems remained, and although the XP Security Centre seems to be visibly gone, I'm worried it's just going to install itself again.

Also, I tried using GMER but the program stopped responding during the scan so I ended it.

Any help on this issue would be strongly appreciated,
Thank you,

Here are the available logs:

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rafiqur at 15:35:23.71 on Fri 04/16/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.496 [GMT 10:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
svchost.exe "C:\WINDOWS\system32\adsldpz.exe"
C:\WINDOWS\system32\sistray.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Rafiqur\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://global.acer.com
mDefault_Page_URL = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [LaunchApp] Alaunch
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTStartup] "c:\program files\creative\splash screen\CTEaxSpl.EXE" /run
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{fa9df1d1-94ff-49c7-8072-df96de1bac05}\setup\hpzstub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
Trusted Zone: aol.com\free
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144189164781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rafiqur\applic~1\mozilla\firefox\profiles\5uwnvfwa.default\
FF - plugin: c:\documents and settings\rafiqur\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-24 50312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-14 198248]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-14 181864]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2004-8-19 177264]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100224.035\NAVENG.Sys [2010-3-25 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100224.035\NavEx15.Sys [2010-3-25 1324720]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-24 336008]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2005-6-1 11970]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S2 NetDDEdsdmstisvc;Network DDE DSDM NetDDEdsdmstisvc;c:\windows\system32\adsldpz.exe srv --> c:\windows\system32\adsldpz.exe srv [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-19 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-14 79464]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2002-8-5 10368]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2005-6-1 130112]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-6-1 296259]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2005-6-1 137793]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2005-6-1 611444]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2005-6-1 27984]
S3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;c:\windows\system32\drivers\hcwu2dtd.sys [2005-7-9 32896]
S3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;c:\windows\system32\drivers\hcwu2dtl.sys [2005-7-9 16896]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-7-24 198368]

=============== Created Last 30 ================

2010-05-09 10:46:33 0 d-----w- c:\docume~1\rafiqur\applic~1\OpenOffice.org
2010-05-09 10:44:09 0 d-----w- c:\program files\OpenOffice.org 3
2010-04-15 11:08:20 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-15 11:07:19 0 d-----w- c:\program files\MSXML 4.0
2010-04-15 11:07:01 0 d-----w- c:\program files\Realtek AC97
2010-04-12 08:49:38 0 d-----w- c:\windows\pss
2010-04-12 06:21:32 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-12 06:21:32 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-12 06:21:32 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-12 06:20:54 50 ----a-w- c:\windows\wininit.ini
2010-04-12 05:14:45 0 d-----w- c:\windows\system32\appmgmt
2010-04-12 02:07:19 0 d-----w- c:\docume~1\rafiqur\applic~1\Malwarebytes
2010-04-12 02:07:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 02:07:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-12 02:07:06 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 02:07:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 21:30:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-11 06:11:54 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-11 06:11:54 77824 ----a-w- c:\windows\system32\xvid.ax
2010-04-11 06:11:53 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-11 06:11:52 0 d-----w- c:\program files\Xvid
2010-04-10 23:49:08 190 --s-a-w- c:\windows\system32\924423170.dat
2010-04-02 11:24:38 0 d-----w- c:\documents and settings\rafiqur\Tracing
2010-04-02 11:24:05 0 d-----w- c:\program files\Microsoft
2010-04-02 11:23:48 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-02 11:18:22 0 d-----w- c:\program files\common files\Windows Live
2010-03-31 11:34:40 0 d-----w- c:\docume~1\rafiqur\applic~1\FrostWire
2010-03-31 11:11:35 0 d-----w- c:\program files\FrostWire
2010-03-31 11:11:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-31 11:11:30 411368 ----a-w- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2010-04-16 00:29:10 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-04-16 00:29:10 61056 ----a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-04-15 09:19:42 2056 ----a-w- c:\docume~1\rafiqur\applic~1\wklnhst.dat
2010-03-10 05:21:20 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 05:21:13 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2010-03-01 11:01:40 108466 ----a-w- c:\windows\hppins06.dat
2010-02-25 10:53:09 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe

============= FINISH: 15:36:17.12 ===============

Attached Files


Edited by -Rhymes, 16 April 2010 - 01:49 AM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 19 April 2010 - 12:13 PM

Hi,

Please try to run GMER by unchecking its "files" option and by disabling antivirus protection first.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 -Rhymes

-Rhymes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 April 2010 - 05:30 AM

Hello!
Sorry for the late reply, I haven't been on the computer in a while.

Anyway, I've done what you told me to do, as well as uncheck IAT/EAT, but it's always the same. The scan runs smoothly until it suddenly encounters something (REG?) and alot of things are recorded on the screen, but then my computer suddenly shuts down.
Is there anything else I can do?

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 24 April 2010 - 05:35 AM

Hi,

Try to have only sections option checked (make sure "show all" is not checked).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 01 May 2010 - 05:30 AM

Still there, -Rhymes?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 14 May 2010 - 05:05 AM

Due to inactivity, this thread will now be closed. Should you have same or a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users