Jump to content

sgregg

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by sgregg

    Browser Hijack & Malware Bytes finds nothing.

    in Resolved Malware Removal Logs

    Posted

    Hello All,

    I am fighting with an XP machine that is seriously hijacked. I have updated & run MB repeatedly with no results. Following are the results from DDS:

    -------------------------------------------

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 8.0.6001.18702

    Run by ws10 at 7:56:11 on 2011-11-30

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1576 [GMT -8:00]

    .

    AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {897E75A8-3797-483E-ABF4-9E7684C8C4B2}

    AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {78157172-E76A-4C2B-84D0-BE47336BEB3E}

    FW: Trend Micro Client-Server Security Agent Firewall *Disabled*

    FW: Trend Micro Client-Server Security Agent Firewall *Disabled*

    .

    ============== Running Processes ===============

    .

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\system32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

    C:\Program Files\PDF Complete\pdfsvc.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

    C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\TEMP\XJD853.EXE

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe

    C:\WINDOWS\system32\ctfmon.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

    uInternet Settings,ProxyOverride = <local>

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

    mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

    mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow

    mPolicies-system: EnableLUA = 0 (0x0)

    LSP: mswsock.dll

    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://pataha.columbia.local:4343/officescan/console/ClientInstall/WinNTChk.cab

    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://pataha.columbia.local:4343/officescan/console/ClientInstall/setup.cab

    DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://pataha.columbia.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    TCP: Interfaces\{9D2A8DBB-4C26-4EBA-85AD-2BD9A57A2461} : NameServer = 10.7.1.26,4.2.2.2

    Notify: igfxcui - igfxdev.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\documents and settings\ws10\application data\mozilla\firefox\profiles\n26w2fqa.default\

    FF - component: c:\program files\virtual firefox\extensions\fi@dictionaries.addons.mozilla.org\platform\winnt_x86-msvc\components\myspellext.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-7-11 191872]

    R2 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\OfcPfwSvc.exe [2007-3-29 282704]

    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-11-23 576024]

    R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-9-30 230928]

    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-9-30 36368]

    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-11-20 36608]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-27 136176]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-27 136176]

    .

    =============== Created Last 30 ================

    .

    2011-11-29 16:20:40 388096 ----a-r- c:\documents and settings\ws10\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

    2011-11-15 17:53:41 102400 ----a-w- c:\windows\RegBootClean.exe

    2011-11-15 17:53:20 -------- d-----w- c:\program files\12D8C

    2011-11-15 17:52:26 -------- d-----w- c:\documents and settings\ws10\application data\78612

    2011-11-15 17:52:24 -------- d-----w- c:\program files\LP

    2011-11-15 17:52:07 -------- d-----w- c:\documents and settings\ws10\application data\JtzPNycA1

    2011-11-15 17:52:07 -------- d-----w- c:\documents and settings\ws10\application data\hWK8fRL9hXjC

    2011-11-15 17:50:46 -------- d-----w- c:\documents and settings\ws10\application data\sPNycA1uv2n4m5W

    2011-11-15 17:50:45 -------- d-----w- c:\documents and settings\ws10\application data\n6dWK7fRLhXjClB

    2011-11-15 17:50:40 -------- d-----w- c:\documents and settings\ws10\application data\f7fEL9gTZjCkVzN

    2011-11-15 17:50:38 -------- d-----w- c:\documents and settings\ws10\application data\oD2onF4pm5W7E8T

    .

    ==================== Find3M ====================

    .

    2011-11-30 15:47:54 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys

    2011-09-27 17:01:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    .

    ============= FINISH: 7:56:30.29 ===============

    -----------------------------------------------------------

    attach.zip

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.