Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several malware infections? Gamburl.E, Ambler.A, Wimpixo.E


  • This topic is locked This topic is locked
3 replies to this topic

#1 mjpwld

mjpwld

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Utah
  • Local time:08:01 AM

Posted 18 November 2010 - 01:02 PM

Browser redirects. Mainly google searches.

Windows updates gets turned off. Can turn back on but after reboot is back off.

Windows update site cannot be displayed in IE.

Microsoft security essentials cannot update itself. Error...'virus and spyware definitions update failed. MSE was not able to check for virus and spyware definitions updates. Make sure your computer is connected to the internet and try again. Error code:0x80072efe'.

Windows firewall settings in control panel cannot be displayed. Error...'windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows firewall/internet connection sharing service? I click 'yes' but the service cannot start. Through the 'services' applet, i recieve this error...'could not start the windows firewall/internet connection sharing service on local computer. Error 5: Access is denied'. The startup type for this service is automatic but never starts even after reboot.

The themes change. Many windows, not all, change colors and the windows look like the classic style instead of the windows XP style.

the computer seems to be slower than normal.

Finally, cannot post anything. I have to use another computer.
Here are the requested text files. Thanx.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 17:35:42.34 on Wed 11/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.913 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
F:\Malware Removal Tools\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sn129w.snt129.mail.live.com/default.aspx?wa=wsignin1.0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://cid-6300507aa0122ae7.spaces.live.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag2.dll
BHO: AutorunsDisabled - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~2\mediabar\toolbar\BearshareMediabarDx.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~2\mediabar\datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag2.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~2\mediabar\toolbar\BearshareMediabarDx.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cartoonnetwork.com/games/ben10/battleready/index.html"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ExifLauncher2] c:\program files\finepixviewer\QuickDCF2.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner~1.pav\startm~1\programs\startup\speedf~1.lnk - c:\program files\speedfan\speedfan.exe
StartupFolder: c:\docume~1\owner~1.pav\startm~1\programs\startup\winter~1.lnk - c:\program files\winter fun pack 2004 for windows xp\winterwalltoy\WinterWalltoy.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Copy Location
IE: &Highlight - c:\windows\web\highlight.htm
IE: &Links List - c:\windows\web\urllist.htm
IE: I&mages List - c:\windows\web\imglist.htm
IE: Open Frame in &New Window - c:\windows\web\frm2new.htm
IE: Zoom &In - c:\windows\web\zoomin.htm
IE: Zoom O&ut - c:\windows\web\zoomout.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: af.mil\mail.amc
Trusted Zone: af.mil\www.my
Trusted Zone: gctfcu.net\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\qtwu1
Trusted Zone: intuit.com\qtwu2
Trusted Zone: intuit.com\turbotaxweb
Trusted Zone: intuit.com\www
Trusted Zone: intuit.com\www.turbotax
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: militaryonesource.com\www
Trusted Zone: turbotax.com\www
Trusted Zone: windowsupdate.com\download
DPF: 6th Street Omaha Poker by pogo - hxxp://game1.pogo.com/applet-6.4.1.53/omaha/omaha-ob-assets.cab
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.4.3.28/aces/aces-ob-assets.cab
DPF: Animal Ark by pogo - hxxp://www.pogo.com/applet-6.4.2.30/animal/animal-ob-assets.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/backgammon/backgammon-ob-assets.cab
DPF: Battle Phlinx by pogo - hxxp://game1.pogo.com/applet-6.4.4.27/battlephlinx/battlephlinx-ob-assets.cab
DPF: Blackjack by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/blackjack/blackjack-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/canasta/canasta-ob-assets.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/checkers2/checkers-ob-assets.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/chess2/chess2-en_US.cab
DPF: Dice Derby by pogo - hxxp://game1.pogo.com/applet-6.4.1.53/checkeredflag/checkeredflag-ob-assets.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/domino/domino-ob-assets.cab
DPF: EZ Win Bingo by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/bingo/bingoe-ob-assets.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.4.4.27/firstclass2/firstclass2-ob-assets.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/superbingo/superbingo-en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/greenback/greenback-ob-assets.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/harvest/harvest-ob-assets.cab
DPF: Hearts by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/hearts/hearts-ob-assets.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/pool2/pool-en_US.cab
DPF: Jigsaw Detective by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/jigsaw/jigsaw-ob-assets.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/gin/gin-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/lottso/lottso-ob-assets.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/mahjong/mahjong-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Multiline Slots by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/mlslots/mlslots-ob-assets.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/paigow/paigow-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.4.1.53/freecell/freecell-ob-assets.cab
DPF: Pebble Beach Golf by pogo - hxxp://game1.pogo.com/applet-6.4.3.36/pebble/pebble-ob-assets.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/applet-6.4.2.23/waterwheel/waterwheel-ob-assets.cab
DPF: Phlinx by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/flinger/flinger-ob-assets.cab
DPF: Pinochle by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/pinochle/pinochle-ob-assets.cab
DPF: Pop Fu by pogo - hxxp://game1.pogo.com/applet-6.4.3.28/popfu/popfu-ob-assets.cab
DPF: PoppaZoppa by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/poppazoppa/poppazoppa-ob-assets.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/poppit2/poppit2-en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/hotstreak/hotstreak-en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/squares/squares-ob-assets.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/ride/ride-en_US.cab
DPF: Showbiz Slots 2 by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/slots/showbiz2-ob-assets.cab
DPF: Spades by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/spades/spades-ob-assets.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/spider/spider-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/squelchies/squelchies-ob-assets.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.4.3.28/sweeper/sweeper-ob-assets.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.4.1.46/sweettooth/sweettooth-ob-assets.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/holdem/holdem-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.4.3.28/peaks/peaks-ob-assets.cab
DPF: Turbo 21 TM by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/turbo21/turbo21-ob-assets.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/memories/memories-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/wordwhomp2/whomp2-ob-assets.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/whackdown/whackdown-ob-assets.cab
DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/wordjong/wordjong-ob-assets.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/worldclass/worldclass-en_US.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229474786343
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-6300507aa0122ae7.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {c23dd370-cb79-11d2-898a-00c04f80a47f} - rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,260
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.pav\applic~1\mozilla\firefox\profiles\fv264y3t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: c:\documents and settings\owner.pavilion\application data\mozilla\firefox\profiles\fv264y3t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\owner.pavilion\application data\mozilla\firefox\profiles\fv264y3t.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-1 64160]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S3 BANG;BANG;\??\c:\docume~1\owner~1.pav\locals~1\temp\bang.sys --> c:\docume~1\owner~1.pav\locals~1\temp\BANG.SYS [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\owner~1.pav\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner~1.pav\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [2009-8-8 23096]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-7 24576]
S3 maa950c;maa950c;c:\windows\system32\drivers\maa950c.sys [2007-12-25 24784]
S3 maa950m;maa950m;c:\windows\system32\drivers\maa950m.sys [2007-12-25 25044]
S3 maa950u;maa950u;c:\windows\system32\drivers\maa950u.sys [2007-12-25 49237]
S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [2008-9-11 24784]
S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [2008-9-11 25044]
S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [2008-9-11 48853]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-9-11 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-9-11 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-9-11 23680]

=============== Created Last 30 ================

2010-11-17 19:25:28 1072 ----a-w- c:\windows\system32\Improve Your PC.lnk
2010-11-10 13:50:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-10 13:50:02 0 d-----w- c:\program files\ConduitEngine
2010-11-09 08:41:33 10 ----a-w- c:\windows\system32\kr_done1
2010-11-01 03:56:06 4196406 ---ha-w- c:\windows\system32\toyhide.bmp
2010-10-29 19:35:19 0 d-----w- c:\program files\Photosynth
2010-10-29 18:42:23 0 d-----w- c:\program files\Microsoft Research
2010-10-29 16:22:05 0 d-----w- c:\docume~1\owner~1.pav\applic~1\OxelonMC
2010-10-29 16:21:56 0 d-----w- c:\program files\OxelonMedia

==================== Find3M ====================

2010-11-17 19:41:19 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 10:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2007-03-03 07:24:59 0 ---ha-w- c:\program files\AppUpdate.log
2010-02-03 18:18:14 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-02-03 18:18:14 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-02-03 18:18:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010020320100204\index.dat
2010-02-03 18:18:14 49152 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 17:44:16.26 ===============

Microsoft security essentials just found this...TrojanDownloader:Win32/unruy.H
And i now do not have any tabs in IE. Although if i open a window in new window, then close that window, IE asks me if i want to close all tabs or current tab.?!

Merged posts. ~ OB

This morning, November 19, microsoft security essentials discovered these Trojan:Win32/Meredrop and Trojan:Win32/Harnig.gen!D. MSE is also discovering legit programs as trojans. IE will not open as well as others like taskman, so i have disconnected from the internet. I am about ready to reload the OS. The computer is soooo sloooow. CPU usage at 100%. Thanks for any help.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 19 November 2010 - 05:19 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:01 PM

Posted 27 November 2010 - 12:21 PM

Hello, mjpwld.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for :)
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.
We need to run Defogger
  • Please download DeFogger to your desktop.
  • Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Note: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until the end of the fix.

NEXT:
We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run an Anti-Rootkit (ARK) scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  • When the scan is complete, click Save and save the log onto your desktop.

If GMER crashes, hangs or blue-screens, do the following
  • Please Download Rootkit Unhooker Save it to your desktop.
    **Note: It is zipped into a .RAR file. If you do not have a .RAR extractor, you can get one for free here
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note:You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"


In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log/RKUnhooker log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:01 PM

Posted 30 November 2010 - 12:00 PM

Hello mjpwld
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:01 PM

Posted 02 December 2010 - 12:15 AM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users