Jump to content

medeski

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Posts posted by medeski

    hijacked webcam - hijackthis log

    in Resolved Malware Removal Logs

    Posted

    youre right dude, i shouldnt have been such a dick. im not worried about identity theft or any of that bullshit like credit card fraud. i use this computer for irc, and i multiboot backtrack 5, thats about it, everything else i do is on a vps or dedicated server. now that i have identified the problem im going to lurk soem forums about this particular backdoor and see about removing it.

    hijacked webcam - hijackthis log

    in Resolved Malware Removal Logs

    Posted

    i understand theres a backdoor hijacking the camera, i knew that before you had me scan my computer and post logs, i think i stated that in the first post. fortunately there are easier ways to remove trojans than reinstalling the operating system. im done using your tools and scanners i need to talk to someone who actually knows what theyre tlaking about and doesnt talk to me like im some sort of computer illiterate 5th grader, which means im changing forums.

    hijacked webcam - hijackthis log

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes Anti-Rootkit 1.1.0.1009

    www.malwarebytes.org

    Database version: v2012.11.18.02

    Windows XP Service Pack 3 x86 NTFS

    Internet Explorer 8.0.6001.18702

    medeski :: BLACKB0X [administrator]

    11/18/2012 9:29:57 AM

    mbar-log-2012-11-18 (09-29-57).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

    Scan options disabled: PUP | PUM | P2P

    Objects scanned: 26028

    Time elapsed: 13 minute(s), 32 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    C:\Documents and Settings\medeski\Local Settings\Temp\upnp.exe (Backdoor.Daromec) -> Delete on reboot. [826f4c6ba2bb3df9e13ca361f11319e7]

    (end)

    ___________________________________________________________________________________________________________________________________

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    © Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_30

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 1.596000 GHz

    Memory total: 1063235584, free: 514646016

    ------------ Kernel report ------------

    11/18/2012 09:13:39

    ------------ Loaded modules -----------

    \windows\system32\ntkrnlpa.exe

    \windows\system32\hal.dll

    \windows\system32\KDCOM.DLL

    \windows\system32\BOOTVID.dll

    ACPI.sys

    \windows\system32\DRIVERS\WMILIB.SYS

    pci.sys

    isapnp.sys

    ohci1394.sys

    \windows\system32\DRIVERS\1394BUS.SYS

    compbatt.sys

    \windows\system32\DRIVERS\BATTC.SYS

    pciide.sys

    \windows\system32\DRIVERS\PCIIDEX.SYS

    MountMgr.sys

    ftdisk.sys

    dmload.sys

    dmio.sys

    PartMgr.sys

    ACPIEC.sys

    \windows\system32\DRIVERS\OPRGHDLR.SYS

    mvxxmm.sys

    VolSnap.sys

    atapi.sys

    iastor9.sys

    mv61xxmm.sys

    mv64xxmm.sys

    disk.sys

    \windows\system32\DRIVERS\CLASSPNP.SYS

    fltMgr.sys

    sr.sys

    KSecDD.sys

    WudfPf.sys

    Ntfs.sys

    NDIS.sys

    Mup.sys

    giveio.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\CmBatt.sys

    \SystemRoot\system32\DRIVERS\wmiacpi.sys

    \SystemRoot\system32\DRIVERS\igxpmp32.sys

    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\NETwLx32.sys

    \SystemRoot\system32\DRIVERS\usbuhci.sys

    \SystemRoot\system32\DRIVERS\USBPORT.SYS

    \SystemRoot\system32\DRIVERS\usbehci.sys

    \SystemRoot\system32\DRIVERS\sdbus.sys

    \SystemRoot\system32\DRIVERS\rimmptsk.sys

    \SystemRoot\system32\DRIVERS\rimsptsk.sys

    \SystemRoot\system32\DRIVERS\rixdptsk.sys

    \SystemRoot\system32\DRIVERS\cpqbttn.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\system32\DRIVERS\i8042prt.sys

    \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

    \SystemRoot\system32\DRIVERS\WDFLDR.SYS

    \SystemRoot\system32\DRIVERS\Wdf01000.sys

    \SystemRoot\system32\DRIVERS\kbdclass.sys

    \SystemRoot\system32\DRIVERS\SynTP.sys

    \SystemRoot\system32\DRIVERS\USBD.SYS

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\DRIVERS\imapi.sys

    \SystemRoot\system32\DRIVERS\cdrom.sys

    \SystemRoot\system32\DRIVERS\redbook.sys

    \SystemRoot\system32\DRIVERS\ks.sys

    \SystemRoot\system32\DRIVERS\audstub.sys

    \SystemRoot\System32\Drivers\RootMdm.sys

    \SystemRoot\System32\Drivers\Modem.SYS

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\system32\DRIVERS\psched.sys

    \SystemRoot\system32\DRIVERS\msgpc.sys

    \SystemRoot\system32\DRIVERS\ptilink.sys

    \SystemRoot\system32\DRIVERS\raspti.sys

    \SystemRoot\system32\DRIVERS\RimSerial.sys

    \SystemRoot\system32\DRIVERS\rdpdr.sys

    \SystemRoot\system32\DRIVERS\termdd.sys

    \SystemRoot\system32\DRIVERS\swenum.sys

    \SystemRoot\system32\DRIVERS\update.sys

    \SystemRoot\system32\DRIVERS\mssmbios.sys

    \SystemRoot\system32\DRIVERS\vsb.sys

    \SystemRoot\system32\DRIVERS\kbdhid.sys

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\drivers\CHDAud.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

    \SystemRoot\system32\DRIVERS\HSF_DPV.sys

    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

    \SystemRoot\system32\DRIVERS\usbhub.sys

    \??\C:\WINDOWS\system32\SAVRKBootTasks.sys

    \SystemRoot\System32\Drivers\Fs_Rec.SYS

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\Drivers\mnmdd.SYS

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\rasacd.sys

    \SystemRoot\system32\DRIVERS\ipsec.sys

    \SystemRoot\system32\DRIVERS\tcpip.sys

    \SystemRoot\system32\DRIVERS\netbt.sys

    \SystemRoot\system32\DRIVERS\ipnat.sys

    \SystemRoot\System32\drivers\afd.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \??\C:\WINDOWS\system32\drivers\oreans32.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\System32\Drivers\Fips.SYS

    \SystemRoot\System32\Drivers\Cdfs.SYS

    \SystemRoot\system32\DRIVERS\usbccgp.sys

    \SystemRoot\System32\Drivers\usbvideo.sys

    \SystemRoot\System32\Drivers\dump_atapi.sys

    \SystemRoot\System32\Drivers\dump_WMILIB.SYS

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\System32\watchdog.sys

    \SystemRoot\System32\drivers\dxg.sys

    \SystemRoot\System32\drivers\dxgthk.sys

    \SystemRoot\System32\igxpgd32.dll

    \SystemRoot\System32\igxprd32.dll

    \SystemRoot\System32\igxpdv32.DLL

    \SystemRoot\System32\igxpdx32.DLL

    \SystemRoot\System32\ATMFD.DLL

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\system32\DRIVERS\rspndr.sys

    \SystemRoot\system32\drivers\wdmaud.sys

    \SystemRoot\system32\drivers\sysaudio.sys

    \SystemRoot\system32\DRIVERS\mrxdav.sys

    \SystemRoot\system32\DRIVERS\srv.sys

    \SystemRoot\system32\DRIVERS\mdmxsdk.sys

    \SystemRoot\System32\Drivers\HTTP.sys

    \SystemRoot\system32\DRIVERS\ipfltdrv.sys

    \SystemRoot\system32\drivers\kmixer.sys

    \??\C:\windows\system32\drivers\mbamchameleon.sys

    \??\C:\windows\system32\drivers\mbamswissarmy.sys

    \WINDOWS\system32\ntdll.dll

    ----------- End -----------

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xffffffff86b3fab8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

    Lower Device Object: 0xffffffff86b42940

    Lower Device Driver Name: \Driver\atapi\

    Driver name found: atapi

    DriverEntry returned 0x0

    Function returned 0x0

    Downloaded database version: v2012.11.18.02

    Downloaded database version: v2012.11.15.02

    Initializing...

    Done!

    Scanning directory: C:\windows\system32\drivers...

    <<<2>>>

    Device number: 0, partition: 1

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xffffffff86b3fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff86b66e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff86b3fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff86b699e8, DeviceName: \Device\00000075\, DriverName: \Driver\ACPI\

    DevicePointer: 0xffffffff86b42940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

    ------------ End ----------

    Upper DeviceData: 0xffffffffe3930358, 0xffffffff86b3fab8, 0xffffffff85457ab8

    Lower DeviceData: 0xffffffffe38d76c0, 0xffffffff86b42940, 0xffffffff869e9190

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 7FC1A

    Partition information:

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63 Numsec = 877999444

    Partition file system is NTFS

    Partition is bootable

    Partition 1 type is Extended with CSH (0x5)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 878000126 Numsec = 98772994

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes

    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

    Done!

    Performing system, memory and registry scan...

    Infected: C:\Documents and Settings\medeski\Local Settings\Temp\upnp.exe --> [backdoor.Daromec]

    Done!

    Scan finished

    Creating System Restore point...

    Scheduling clean up...

    <<<2>>>

    Device number: 0, partition: 1

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Removal scheduling successful. System shutdown needed.

    System shutdown occured

    =======================================

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    © Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_30

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 1.596000 GHz

    Memory total: 1063235584, free: 789790720

    hijacked webcam - hijackthis log

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.007 - Logfile created 11/17/2012 at 17:32:55

    # Updated 06/11/2012 by Xplode

    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

    # User : medeski - BLACKB0X

    # Boot Mode : Normal

    # Running from : C:\Documents and Settings\medeski\My Documents\Downloads\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    Stopped & Deleted : Application Updater

    ***** [Files / Folders] *****

    File Deleted : C:\user.js

    Folder Deleted : C:\DOCUME~1\medeski\LOCALS~1\Temp\BabylonToolbar

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder

    Folder Deleted : C:\Documents and Settings\medeski\Application Data\Babylon

    Folder Deleted : C:\Documents and Settings\medeski\Application Data\OpenCandy

    Folder Deleted : C:\Documents and Settings\medeski\Application Data\Search Settings

    Folder Deleted : C:\Documents and Settings\medeski\Local Settings\Application Data\Conduit

    Folder Deleted : C:\Program Files\Application Updater

    Folder Deleted : C:\Program Files\Common Files\spigot

    Folder Deleted : C:\Program Files\Conduit

    Folder Deleted : C:\Program Files\Free Offers from Freeze.com

    Folder Deleted : C:\Program Files\YouTube Downloader Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

    Key Deleted : HKCU\Software\Ask&Record

    Key Deleted : HKCU\Software\Microsoft\Babylon

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Deleted : HKCU\Software\Search Settings

    Key Deleted : HKCU\Software\Softonic

    Key Deleted : HKCU\Software\wecarereminder

    Key Deleted : HKLM\Software\Application Updater

    Key Deleted : HKLM\Software\Babylon

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

    Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

    Key Deleted : HKLM\Software\Conduit

    Key Deleted : HKLM\Software\Freeze.com

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}

    Key Deleted : HKLM\Software\Search Settings

    Key Deleted : HKLM\SOFTWARE\Software

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=HP_ss&mntrId=841fc11a0000000000000019d236e0e1 --> hxxp://www.google.com

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=NT_ss&mntrId=841fc11a0000000000000019d236e0e1 --> hxxp://www.google.com

    -\\ Google Chrome v [unable to get version]

    File : C:\Documents and Settings\medeski\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Chromium v [unable to get version]

    File : C:\Documents and Settings\medeski\Local Settings\Application Data\Chromium\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [6114 octets] - [16/11/2012 17:01:32]

    AdwCleaner[s1].txt - [5951 octets] - [17/11/2012 17:32:55]

    ########## EOF - C:\AdwCleaner[s1].txt - [6011 octets] ##########

    hijacked webcam - hijackthis log

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.007 - Logfile created 11/16/2012 at 17:01:32

    # Updated 06/11/2012 by Xplode

    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

    # User : medeski - BLACKB0X

    # Boot Mode : Normal

    # Running from : C:\Documents and Settings\medeski\My Documents\Downloads\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    Found : Application Updater

    ***** [Files / Folders] *****

    File Found : C:\user.js

    Folder Found : C:\DOCUME~1\medeski\LOCALS~1\Temp\BabylonToolbar

    Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon

    Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder

    Folder Found : C:\Documents and Settings\medeski\Application Data\Babylon

    Folder Found : C:\Documents and Settings\medeski\Application Data\OpenCandy

    Folder Found : C:\Documents and Settings\medeski\Application Data\Search Settings

    Folder Found : C:\Documents and Settings\medeski\Local Settings\Application Data\Conduit

    Folder Found : C:\Program Files\Application Updater

    Folder Found : C:\Program Files\Common Files\spigot

    Folder Found : C:\Program Files\Conduit

    Folder Found : C:\Program Files\Free Offers from Freeze.com

    Folder Found : C:\Program Files\YouTube Downloader Toolbar

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Search Settings

    Key Found : HKCU\Software\Ask&Record

    Key Found : HKCU\Software\Microsoft\Babylon

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Found : HKCU\Software\Search Settings

    Key Found : HKCU\Software\Softonic

    Key Found : HKCU\Software\wecarereminder

    Key Found : HKLM\Software\Application Updater

    Key Found : HKLM\Software\Babylon

    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

    Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

    Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

    Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

    Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

    Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

    Key Found : HKLM\SOFTWARE\Classes\Prod.cap

    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

    Key Found : HKLM\Software\Conduit

    Key Found : HKLM\Software\Freeze.com

    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}

    Key Found : HKLM\Software\Search Settings

    Key Found : HKLM\SOFTWARE\Software

    Key Found : HKU\S-1-5-21-343818398-776561741-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    Key Found : HKU\S-1-5-21-343818398-776561741-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=HP_ss&mntrId=841fc11a0000000000000019d236e0e1

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=NT_ss&mntrId=841fc11a0000000000000019d236e0e1

    -\\ Google Chrome v [unable to get version]

    File : C:\Documents and Settings\medeski\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Chromium v [unable to get version]

    File : C:\Documents and Settings\medeski\Local Settings\Application Data\Chromium\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5985 octets] - [16/11/2012 17:01:32]

    ########## EOF - C:\AdwCleaner[R1].txt - [6045 octets] ##########

    hijacked webcam - hijackthis log

    in Resolved Malware Removal Logs

    Posted

    my built in webcam used to work, i tried to use tinychat with my girlfriend today and it says another application is using the camera, the light isnt on, but im still guessing the webcam is hijacked, ive tried updating the driver, the most current up to date driver is installed, i have uninstalled any programs that may be taking control of the camera such as skype. i really dont want to reinstall the operating system and start over any help would be appreciated.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 9:18:05 PM, on 11/15/2012

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\windows\System32\smss.exe

    C:\windows\system32\winlogon.exe

    C:\windows\system32\services.exe

    C:\windows\system32\lsass.exe

    C:\windows\system32\svchost.exe

    C:\windows\System32\svchost.exe

    C:\windows\system32\svchost.exe

    C:\windows\system32\spoolsv.exe

    C:\windows\Explorer.EXE

    C:\windows\system32\ICO.EXE

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    C:\windows\system32\ctfmon.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\windows\system32\svchost.exe

    C:\Invision\mirc.exe

    C:\Program Files\SRWare Iron\iron.exe

    C:\Program Files\SRWare Iron\iron.exe

    C:\Program Files\SRWare Iron\iron.exe

    C:\Program Files\SRWare Iron\iron.exe

    C:\Documents and Settings\medeski\Desktop\highjack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=HP_ss&mntrId=841fc11a0000000000000019d236e0e1

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

    O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

    O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\medeski\Application Data\Dropbox\bin\Dropbox.exe

    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)

    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)

    --

    End of file - 4369 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.