Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some sort of Google re-direct virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Cearballain

Cearballain

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 30 June 2010 - 10:56 PM

Hi BC,

My computer has been plagued with some sort of malware that takes me to random sites whenever I click links in a Google search. It was using "good-search" to do this but I've noticed the last few times that even though good-search doesn't appear in the address bar I still get redirected. I saw others with the same problem but then read somewhere on the forums that I shouldn't copy the instructions intended for someone else so that's why I'm posting my own.

I followed the instructions at http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ and ran the DDS scans and will post those below. I tried running the GMER scan, however it would always freeze so if I need to do that I might need some more instruction.

Thank you in advance for your help and for such a great website!


Here are my DDS scans:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Padraig at 21:55:41.21 on Wed 06/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.340 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\WINDOWS\system32\ctfmon.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\dlcccoms.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
D:\Program Files\McAfee Online Backup\MOBKbackup.exe
D:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\dllhost.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\system32\mmc.exe
D:\Documents and Settings\Padraig\Desktop\Defogger.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Padraig\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
D:\Documents and Settings\Padraig\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: moigh Object: {056f791b-a98c-4238-9585-5aafb4eedb22} - d:\windows\system32\hcgig.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - d:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20100524103843.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: adShotHlpr Object: {c1065f81-3585-4318-91a3-09dacd3f7071} - d:\windows\system32\lcgig.dll
BHO: d:\windows\system32\ww5k0wjmv5.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - d:\windows\system32\ww5k0wjmv5.dll
BHO: voguecash browser enhancer: {dc2dcb11-d05c-aefa-c0eb-adc853cecc22} - d:\windows\system32\vcfisygxsrucw.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [LightScribe Control Panel] d:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [Google Update] "d:\documents and settings\padraig\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] d:\docume~1\padraig\locals~1\temp\991363378.exe
uRun: [AdobeUpdater6] "d:\program files\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "d:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "d:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DLCCCATS] rundll32 d:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] d:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] d:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] d:\program files\nero\nero 7\incd\InCD.exe
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [ddoctorv2] "d:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: []
mRun: [PAC7311_Monitor] d:\windows\pixart\pac7311\Monitor.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Necutray] NECUTRAY.EXE
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [dlccmon.exe] "d:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [qtgggmql] d:\documents and settings\networkservice\local settings\application data\eofwevdwe\edhsvyttssd.exe
mRun: [icxqnclw] d:\documents and settings\networkservice\local settings\application data\uqgfqryyo\krhrciutssd.exe
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [skb] rundll32 "lcgig.dll",,Run
mRun: [glolpbynyl] d:\windows\system32\regsvr32.exe /s "d:\windows\system32\vcfisygxsrucw.dll"
mRun: [MChk] d:\windows\system32\ycgig.exe
dRun: [qtgggmql] d:\documents and settings\networkservice\local settings\application data\eofwevdwe\edhsvyttssd.exe
dRun: [M5T8QL3YW3] d:\windows\temp\Ycx.exe
dRun: [LightScribe Control Panel] d:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
dRun: [QZAIB7KITK] d:\windows\temp\Yc1.exe
dRun: [icxqnclw] d:\documents and settings\networkservice\local settings\application data\uqgfqryyo\krhrciutssd.exe
dRun: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] d:\windows\temp\setup.exe
dRun: [Wgeva] rundll32.exe "d:\windows\ga2pnpm.dll",Startup
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - d:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\nike_u~1.lnk - d:\program files\nike+ utility\Nike+ Utility.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\photag~1.lnk - d:\program files\photags express\Photags AutoDetect.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.163.9,93.188.166.244
TCP: {A6EE3963-4396-4CE8-92B4-FCE5629B528F} = 93.188.163.9,93.188.166.244
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
STS: d:\windows\system32\ww5k0wjmv5.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - d:\windows\system32\ww5k0wjmv5.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "d:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 221.135.111.120 download.mcafee.com

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\padraig\applic~1\mozilla\firefox\profiles\ch0doyvu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - prefs.js: keyword.URL - hxxp://search.good-search.net/?sid=10101029100&s=
FF - component: d:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: d:\documents and settings\padraig\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\padraig\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.good-search.net/?sid=10101029100&s=d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2010-5-24 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2010-5-24 82952]
R1 MOBKFilter;MOBKFilter;d:\windows\system32\drivers\MOBK.sys [2010-5-23 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-23 203280]
R2 McMPFSvc;McAfee Personal Firewall;"d:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-24 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-24 271480]
R2 McProxy;McAfee Proxy Service;"d:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-24 271480]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-24 170144]
R2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-24 141792]
R2 MOBKbackup;McAfee Online Backup;d:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2009-6-27 24652]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2010-5-24 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2010-5-24 152320]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2010-5-24 51688]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2010-5-24 312616]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2010-5-24 88480]
S0 Lbd;Lbd;d:\windows\system32\drivers\lbd.sys --> d:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2010-1-20 135664]
S2 MSWU-37143a6e;MSWU-37143a6e;d:\windows\system32\37143a6e.exe --> d:\windows\system32\37143a6e.exe [?]
S2 MSWU-f36decbb;MSWU-f36decbb;d:\windows\system32\f36decbb.exe --> d:\windows\system32\f36decbb.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2010-5-24 88480]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2010-5-24 83496]
S3 PAC7311;PC VGA Camera;d:\windows\system32\drivers\pa707ucm.sys [2009-8-5 449024]

=============== Created Last 30 ================

2010-07-01 01:41:50 0 ----a-w- d:\documents and settings\padraig\defogger_reenable
2010-06-16 20:15:19 0 d-----w- d:\docume~1\padraig\applic~1\Sky-Banners
2010-06-16 20:15:17 0 d-----w- d:\docume~1\padraig\applic~1\Street-Ads
2010-06-13 20:02:53 51021 ----a-w- d:\windows\system32\nxjrnoeuejtzscpdw.exe
2010-06-13 20:02:21 74752 ----a-w- d:\windows\system32\ernel32.dll
2010-06-13 20:02:13 74752 ----a-w- d:\docume~1\padraig\applic~1\891959b2.exe
2010-06-12 21:30:20 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2010-06-12 20:01:04 0 d-----w- d:\docume~1\alluse~1\applic~1\Update
2010-06-12 17:22:58 3742 ----a-w- d:\documents and settings\padraig\all
2010-06-09 18:33:50 310784 ----a-w- d:\windows\system32\hcgig.dll
2010-06-09 18:33:30 327680 ----a-w- d:\windows\system32\lcgig.dll
2010-06-08 14:51:54 40629 ----a-w- d:\windows\system32\ycgig.exe
2010-06-08 14:41:42 175616 ----a-w- d:\windows\system32\vcfisygxsrucw.dll
2010-06-06 20:00:55 823808 ----a-w- d:\windows\system32\drivers\ozijt.sys

==================== Find3M ====================

2010-05-24 02:16:26 103784 ----a-w- d:\documents and settings\padraig\GoToAssistDownloadHelper.exe
2010-05-06 10:41:53 916480 ----a-w- d:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-24 16:58:20 68294 ----a-w- d:\windows\hpoins05.dat
2010-04-20 05:30:08 285696 ----a-w- d:\windows\system32\atmfd.dll
2010-04-12 21:29:19 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-08 17:20:02 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- d:\windows\system32\dns-sd.exe
2009-01-11 15:32:36 32768 --sha-w- d:\windows\temp\history\history.ie5\mshist012009011120090112\index.dat
2009-01-19 20:17:47 32768 --sha-w- d:\windows\temp\history\history.ie5\mshist012009011620090117\index.dat
2009-02-25 06:16:45 32768 --sha-w- d:\windows\temp\history\history.ie5\mshist012009021820090219\index.dat
2009-03-02 00:31:11 32768 --sha-w- d:\windows\temp\history\history.ie5\mshist012009022620090227\index.dat
2009-03-17 02:18:45 32768 --sha-w- d:\windows\temp\history\history.ie5\mshist012009031420090315\index.dat

============= FINISH: 21:57:38.34 ===============



And the second one:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2008 1:16:47 AM
System Uptime: 6/30/2010 12:43:19 PM (9 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 2 GiB total, 1.825 GiB free.
D: is FIXED (NTFS) - 464 GiB total, 284.66 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: TI Technologies Inc.
Description: RADEON X600 256MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X600 256MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_CDDVDW_SH-S203N________________SB01____\5&2510770D&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp CDDVDW SH-S203N
PNP Device ID: IDE\CDROMTSSTCORP_CDDVDW_SH-S203N________________SB01____\5&2510770D&0&0.1.0
Service: cdrom

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player
AIM 6
AiO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control
AviSynth 2.5
Bonjour
CanConnect 0.986
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Desktop Doctor
DVD Decrypter (Remove Only)
ESPNMotion
GemMaster Mystic
Google Earth
Google Talk Plugin
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
InterActual Player
iPhone Configuration Utility
iTunes
Java™ 6 Update 20
LightScribe 1.8.15.1
McAfee Online Backup
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Netflix Movie Viewer
Nike+ Utility
Otto
PC VGA Camer@
Performance Platform Voguecash
PhoTags Express
Picasa 3
PowerDVD
QFolder
QuickTime
Safari
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Sky-Banners browser enhancer
Skype web features
Skype™ 4.1
Sonic Encoders
Street-Ads Browser Enhancer
TBS WMP Plug-in
TuneUp Companion 1.6.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Videora iPhone 3G S Converter 4.08
Videora iPhone 3GS Converter 5
Viewpoint Media Player
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Western Digital USB 2.0 Series II, Combo Drive Win98 SE Driver
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
YouTube Downloader App 1.03

==== Event Viewer Messages From Past Week ========

6/27/2010 2:31:45 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/24/2010 8:35:14 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2010 8:35:14 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2010 8:35:14 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2010 8:35:14 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2010 8:35:14 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2010 8:35:14 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2010 7:33:46 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/24/2010 4:00:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
6/23/2010 6:11:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cercsr6 Imapi Lbd
6/23/2010 6:10:43 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
6/23/2010 6:10:43 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
6/23/2010 6:10:25 PM, error: SRService [104] - The System Restore initialization process failed.
6/23/2010 6:10:19 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/23/2010 6:10:19 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 04 July 2010 - 07:03 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Cearballain

Cearballain
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 08 July 2010 - 11:34 PM

Hi Mole,

Thanks for the offer of help, but the day before you replied, my computer quit completely and wouldn't even boot up. Looks like I lost this time.

I'm currently in the process of trying to sort things out with the help of Dell tech support (to whom I've paid a hefty sum). They say I am going to have to format the drive and start over. I might be able to save some files from the old system though.

Thanks again for the help...if by chance you see anything fishy in the above log I'd love to know just out of curiosity's sake, but I know you're busy.



Cearballain

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 09 July 2010 - 06:31 PM

QUOTE(Cearballain @ Jul 9 2010, 05:34 AM) View Post
Thanks again for the help...if by chance you see anything fishy in the above log I'd love to know just out of curiosity's sake, but I know you're busy.


The log shows trojans which are linked to the TDSS rootkit variant, TDL3. Sometimes it just kills the PC before we can get to you but non-booting doesn't necessarily mean you can't get to the problem.

I hope Dell don't charge you too much. smile.gif

------------------------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users