Jump to content

sgregg

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello All, I am fighting with an XP machine that is seriously hijacked. I have updated & run MB repeatedly with no results. Following are the results from DDS: ------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by ws10 at 7:56:11 on 2011-11-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1576 [GMT -8:00] . AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {897E75A8-3797-483E-ABF4-9E7684C8C4B2} AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {78157172-E76A-4C2B-84D0-BE47336BEB3E} FW: Trend Micro Client-Server Security Agent Firewall *Disabled* FW: Trend Micro Client-Server Security Agent Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\TEMP\XJD853.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Settings,ProxyOverride = <local> TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow mPolicies-system: EnableLUA = 0 (0x0) LSP: mswsock.dll DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://pataha.columbia.local:4343/officescan/console/ClientInstall/WinNTChk.cab DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://pataha.columbia.local:4343/officescan/console/ClientInstall/setup.cab DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://pataha.columbia.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{9D2A8DBB-4C26-4EBA-85AD-2BD9A57A2461} : NameServer = 10.7.1.26,4.2.2.2 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ws10\application data\mozilla\firefox\profiles\n26w2fqa.default\ FF - component: c:\program files\virtual firefox\extensions\fi@dictionaries.addons.mozilla.org\platform\winnt_x86-msvc\components\myspellext.dll . ============= SERVICES / DRIVERS =============== . R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-7-11 191872] R2 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\OfcPfwSvc.exe [2007-3-29 282704] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-11-23 576024] R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-9-30 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-9-30 36368] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-11-20 36608] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-27 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-27 136176] . =============== Created Last 30 ================ . 2011-11-29 16:20:40 388096 ----a-r- c:\documents and settings\ws10\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-11-15 17:53:41 102400 ----a-w- c:\windows\RegBootClean.exe 2011-11-15 17:53:20 -------- d-----w- c:\program files\12D8C 2011-11-15 17:52:26 -------- d-----w- c:\documents and settings\ws10\application data\78612 2011-11-15 17:52:24 -------- d-----w- c:\program files\LP 2011-11-15 17:52:07 -------- d-----w- c:\documents and settings\ws10\application data\JtzPNycA1 2011-11-15 17:52:07 -------- d-----w- c:\documents and settings\ws10\application data\hWK8fRL9hXjC 2011-11-15 17:50:46 -------- d-----w- c:\documents and settings\ws10\application data\sPNycA1uv2n4m5W 2011-11-15 17:50:45 -------- d-----w- c:\documents and settings\ws10\application data\n6dWK7fRLhXjClB 2011-11-15 17:50:40 -------- d-----w- c:\documents and settings\ws10\application data\f7fEL9gTZjCkVzN 2011-11-15 17:50:38 -------- d-----w- c:\documents and settings\ws10\application data\oD2onF4pm5W7E8T . ==================== Find3M ==================== . 2011-11-30 15:47:54 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys 2011-09-27 17:01:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 7:56:30.29 =============== ----------------------------------------------------------- attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.