Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites redirected randomly


  • Please log in to reply
5 replies to this topic

#1 Aleester

Aleester

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 September 2010 - 08:57 PM

Hi,

I tried running dds and gmer. Everytime I run GMER, my computer crashes...blue screen of death and it automatically reboots. It does start creating a long list but then crashes.

I ran Malware, stuff popped up the first time but nothing when I ran it again.. I still have the problem.

Below are the DDS log and attachments. Let me know if I can post anything else. Thanks for your help in advance!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Annie at 21:05:50.64 on Sun 09/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.613 [GMT -4:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\Annie\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Google Update] "c:\documents and settings\annie\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [<NO NAME>]
mRun: [EDS] "c:\program files\samsung\samsung eds\EDSAgent.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [DMHotKey] "c:\program files\samsung\easy display manager\DMLoader.exe"
mRun: [BatteryManager] "c:\program files\samsung\samsung battery manager\BatteryManager.exe"
mRun: [MagicKeyboard] "c:\program files\samsung\magickbd\PreMKBD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251600637671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\annie\applic~1\mozilla\firefox\profiles\5g1zo1bv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\annie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\annie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\annie\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-8-9 1201640]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-27 11520]

=============== Created Last 30 ================

2010-09-12 23:51:28 0 d-----w- c:\program files\Trend Micro
2010-09-09 14:33:18 0 d-----w- c:\program files\PharosSystems
2010-09-09 14:33:00 0 d-----w- c:\program files\Pharos
2010-09-02 01:53:08 0 d-----w- c:\program files\common files\HP
2010-09-02 01:52:59 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-09-02 01:52:03 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-09-02 01:51:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-09-02 01:51:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-09-02 01:51:00 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-09-02 01:50:59 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-09-02 01:50:58 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-09-02 01:50:56 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-09-02 01:50:50 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-09-02 01:50:50 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-09-02 01:50:50 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-09-02 01:50:50 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-09-02 01:50:42 0 d-----w- c:\program files\HP
2010-09-02 01:29:57 799 ------w- c:\windows\hpomdl29.dat
2010-09-02 01:29:57 163161 ----a-w- c:\windows\hpoins29.dat

==================== Find3M ====================


============= FINISH: 21:09:26.85 ===============



And the DDS attachment.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/23/2009 11:29:59 AM
System Uptime: 9/12/2010 9:04:28 PM (0 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | U2E1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 34.61 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 71.906 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP139: 6/10/2010 3:41:42 PM - Software Distribution Service 3.0
RP140: 6/17/2010 12:52:22 PM - Software Distribution Service 3.0
RP141: 6/18/2010 9:49:20 AM - Software Distribution Service 3.0
RP142: 6/21/2010 11:38:24 PM - System Checkpoint
RP143: 6/24/2010 1:50:11 AM - System Checkpoint
RP144: 6/24/2010 11:00:33 AM - Software Distribution Service 3.0
RP145: 6/29/2010 12:10:00 AM - System Checkpoint
RP146: 6/30/2010 12:26:54 AM - System Checkpoint
RP147: 7/7/2010 10:27:01 PM - System Checkpoint
RP148: 7/8/2010 11:05:40 PM - System Checkpoint
RP149: 7/13/2010 1:14:51 AM - System Checkpoint
RP150: 7/15/2010 2:45:13 AM - System Checkpoint
RP151: 7/15/2010 3:00:24 AM - Software Distribution Service 3.0
RP152: 7/16/2010 10:57:55 AM - System Checkpoint
RP153: 7/21/2010 10:58:51 AM - System Checkpoint
RP154: 7/22/2010 11:50:23 PM - System Checkpoint
RP155: 7/26/2010 3:11:40 PM - System Checkpoint
RP156: 7/27/2010 3:55:17 PM - System Checkpoint
RP157: 8/9/2010 10:04:43 PM - Removed Ask.com Toolbar.
RP158: 8/11/2010 12:21:35 PM - System Checkpoint
RP159: 8/16/2010 1:32:06 AM - System Checkpoint
RP160: 8/17/2010 9:59:41 AM - System Checkpoint
RP161: 8/18/2010 2:46:53 PM - System Checkpoint
RP162: 8/25/2010 10:00:45 PM - System Checkpoint
RP163: 8/30/2010 2:58:52 AM - System Checkpoint
RP164: 9/1/2010 6:30:43 PM - System Checkpoint
RP165: 9/2/2010 11:26:30 PM - System Checkpoint
RP166: 9/4/2010 1:21:42 AM - System Checkpoint
RP167: 9/5/2010 1:28:01 PM - System Checkpoint
RP168: 9/8/2010 2:33:37 AM - System Checkpoint
RP169: 9/9/2010 8:31:47 AM - System Checkpoint
RP170: 9/9/2010 10:35:15 AM - Printer Driver HP LaserJet 4250 PCL 6 Installed
RP171: 9/11/2010 12:34:39 PM - System Checkpoint
RP172: 9/12/2010 7:51:27 PM - Installed HiJackThis

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
Bonjour
Bullzip PDF Printer 7.1.0.1195
Easy Display Manager
Easy Network Manager
Foxit Reader
Google Talk Plugin
Google Update Helper
GPL Ghostscript Lite 8.70
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
imagine digital freedom - Samsung
Intel® Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java™ 6 Update 18
Magic Keyboard
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Namuga 1.3M Webcam
OpenOffice.org 3.2
Pharos
Play Camera
PS_AIO_03_C4400_Software_Min
QuickTime
Realtek High Definition Audio Driver
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Samsung Wallpaper
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype™ 4.2
Spy Sweeper Core
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
User Guide
WD SmartWare
WebFldrs XP
Webroot AntiVirus with Spy Sweeper
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0

==== Event Viewer Messages From Past Week ========

9/11/2010 9:44:49 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/11/2010 9:44:49 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/11/2010 9:37:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:44 AM

Posted 18 September 2010 - 07:35 AM

hi Aleester,

Your log is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 Aleester

Aleester
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 18 September 2010 - 09:57 PM

Thanks for the reply shelf. I am still having problems. However, I just ran combofix and here is the log from that. Any help is greatly appreciated. Combofix stated that it found a rootkit and did a reboot for this. Not sure if the rootkit was completely removed though.

ComboFix 10-09-17.04 - Annie 09/18/2010 22:31:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.707 [GMT -4:00]
Running from: c:\documents and settings\Annie\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SEC
c:\windows\SEC\DelMt.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\Marker.exe
c:\windows\SEC\MEMIO.sys
c:\windows\SEC\MEMIO.vxd
c:\windows\SEC\MP10ENG.exe
c:\windows\SEC\Region.vbs
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\SEC\StartMem.exe
c:\windows\system32\PSS29F83.DLL
c:\windows\system32\PSS29F84.DLL
c:\windows\system32\PSS29F86.DLL
c:\windows\system32\PSS29F87.DLL
c:\windows\system32\PSS29F88.DLL
c:\windows\system32\PSS29F8A.DLL
c:\windows\system32\PSS29F8B.DLL
c:\windows\system32\PSS29F8D.DLL
c:\windows\system32\PSS29F8E.DLL
c:\windows\system32\PSS29F90.DLL
c:\windows\system32\PSS29F91.DLL
c:\windows\system32\PSS29F9A.DLL
c:\windows\system32\PSS29F9B.DLL
c:\windows\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSR29F59.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS29F92.DLL
c:\windows\System32\spool\PRTPROCS\W32X86\PSS29F94.DLL
c:\windows\System32\spool\PRTPROCS\W32X86\PSS29F95.DLL
c:\windows\System32\spool\PRTPROCS\W32X86\PSS29F97.DLL
c:\windows\System32\spool\PRTPROCS\W32X86\PSS29F98.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS2A6CF.DLL

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-13 11:00 . 2010-09-13 11:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-09-12 23:51 . 2010-09-12 23:51 -------- d-----w- c:\program files\Trend Micro
2010-09-09 14:33 . 2007-02-22 19:33 109568 ----a-w- c:\windows\system32\MadCHook.dll
2010-09-09 14:33 . 2007-02-22 19:33 442368 ----a-w- c:\windows\system32\PSP29F80.DLL
2010-09-09 14:33 . 2007-02-22 19:33 249856 ----a-w- c:\windows\system32\PSR29F57.DLL
2010-09-09 14:33 . 2010-09-09 14:33 -------- d-----w- c:\program files\PharosSystems
2010-09-09 14:33 . 2010-09-09 14:33 -------- d-----w- c:\program files\Pharos
2010-09-09 04:26 . 2010-09-09 04:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-09-03 00:35 . 2010-09-03 00:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 01:53 . 2010-09-02 01:53 -------- d-----w- c:\program files\Common Files\HP
2010-09-02 01:53 . 2010-09-02 01:53 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-02 01:52 . 2010-09-02 01:52 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-09-02 01:52 . 2010-09-02 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-09-02 01:52 . 2008-02-07 14:26 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-09-02 01:52 . 2007-12-17 22:05 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-09-02 01:51 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-09-02 01:51 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-09-02 01:51 . 2008-01-25 13:25 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-09-02 01:50 . 2008-01-25 13:25 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-09-02 01:50 . 2008-01-25 13:25 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-09-02 01:50 . 2008-01-25 13:23 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-09-02 01:50 . 2008-01-25 13:25 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-09-02 01:50 . 2008-01-25 13:25 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-09-02 01:50 . 2008-01-25 13:25 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-09-02 01:50 . 2008-01-25 13:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-09-02 01:50 . 2010-09-02 01:50 -------- d-----w- c:\program files\HP
2010-09-02 01:29 . 2010-09-02 01:53 163161 ----a-w- c:\windows\hpoins29.dat
2010-09-02 01:29 . 2008-05-05 15:31 799 ------w- c:\windows\hpomdl29.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 23:51 . 2010-09-12 23:51 388096 ----a-r- c:\documents and settings\Annie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-09 04:26 . 2010-04-12 04:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 01:05 . 2009-05-23 05:27 -------- d-----w- c:\documents and settings\Annie\Application Data\Skype
2010-09-07 20:03 . 2009-05-23 05:29 -------- d-----w- c:\documents and settings\Annie\Application Data\skypePM
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Annie\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Annie\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Annie\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-10 05:15 . 2010-08-10 01:53 -------- d-----w- c:\program files\Ask.com
2010-08-10 01:59 . 2010-08-10 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-08-10 01:56 . 2009-06-23 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-10 01:51 . 2010-08-10 01:51 -------- d-----w- c:\program files\Webroot
2010-08-10 01:51 . 2010-08-10 01:51 -------- d-----w- c:\documents and settings\Annie\Application Data\Webroot
2010-08-10 01:45 . 2010-08-10 01:41 164 ----a-w- c:\windows\install.dat
2010-08-09 05:53 . 2010-08-09 05:53 -------- d-----w- c:\documents and settings\Annie\Application Data\Malwarebytes
2010-08-09 05:52 . 2010-08-09 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 05:52 . 2010-08-09 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 05:48 . 2010-08-09 05:48 503808 ----a-w- c:\documents and settings\Annie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-237fb491-n\msvcp71.dll
2010-08-09 05:48 . 2010-08-09 05:48 348160 ----a-w- c:\documents and settings\Annie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-237fb491-n\msvcr71.dll
2010-08-09 05:48 . 2010-08-09 05:48 499712 ----a-w- c:\documents and settings\Annie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-237fb491-n\jmc.dll
2010-08-09 05:48 . 2010-08-09 05:48 61440 ----a-w- c:\documents and settings\Annie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2dd3ad33-n\decora-sse.dll
2010-08-09 05:48 . 2010-08-09 05:48 12800 ----a-w- c:\documents and settings\Annie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2dd3ad33-n\decora-d3d.dll
2010-07-30 01:23 . 2010-07-30 00:30 -------- d-----w- c:\documents and settings\Cheryl\Application Data\Skype
2010-07-28 01:29 . 2010-07-28 01:29 -------- d-----w- c:\documents and settings\Cheryl\Application Data\Western Digital
2010-07-28 01:29 . 2010-07-28 01:29 32880 ----a-w- c:\documents and settings\Cheryl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 01:28 . 2010-07-28 01:28 -------- d-----w- c:\documents and settings\Cheryl\Application Data\Windows Desktop Search
2010-07-23 17:36 . 2010-07-23 17:36 -------- d-----w- c:\documents and settings\Annie\Application Data\PDF Writer
2010-07-23 17:36 . 2010-07-23 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PDF Writer
2010-07-23 17:32 . 2010-07-23 17:32 -------- d-----w- c:\program files\Common Files\Bullzip
2010-07-23 17:31 . 2010-07-23 17:31 -------- d-----w- c:\program files\Bullzip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Annie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Annie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Annie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 3:29 PM 4300]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 12:28 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [8/9/2010 9:54 PM 1201640]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 11:01 PM 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 3:33 PM 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:13 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/9/2010 1:52 AM 38224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/27/2010 12:59 AM 11520]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 17:13]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 17:13]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-378501814-3904220756-4242466905-1005Core.job
- c:\documents and settings\Annie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 05:25]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-378501814-3904220756-4242466905-1005UA.job
- c:\documents and settings\Annie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 05:25]

2010-09-17 c:\windows\Tasks\wrSpySweeper_L99507AEDE9A1425AB70F6970BFC549FC.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-08-10 19:19]

2010-09-17 c:\windows\Tasks\wrSpySweeper_L99507AEDE9A1425AB70F6970BFC549FC.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-08-10 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Annie\Application Data\Mozilla\Firefox\Profiles\5g1zo1bv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\Annie\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Annie\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Annie\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 22:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2796)
c:\windows\system32\WININET.dll
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
.
**************************************************************************
.
Completion time: 2010-09-18 22:53:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 02:53

Pre-Run: 36,145,684,480 bytes free
Post-Run: 41,506,795,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3C2D97E50DADC358F69772AAE5A00964




#4 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:44 AM

Posted 19 September 2010 - 09:12 AM

Update and run Malwarebytes also. Are the re-directs gone now?

How Can I Reduce My Risk to Malware?


#5 Aleester

Aleester
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 19 September 2010 - 12:11 PM

Combofix seemed to correct the redirects. Computer seems to be running better now.
I just ran an updated malwarebytes and it comes up clean. Anything else I should run to make sure its set? Thanks for the help!

#6 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:44 AM

Posted 19 September 2010 - 01:38 PM

Ok good Two more things you can do: We will use combofix and you can do a online scan then that should be it.

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

CODE
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643



Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log.

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users