Jump to content

spacefiddle

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. spacefiddle
    Here's my own HJT: ----- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:33 AM, on 1/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPANSvc.exe C:\WINDOWS\system32\PMService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe C:\Program Files\Microsoft SQL Server\MSSQL$ADMINDB\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spiceworks\bin\spicetray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark\ErrorApp\LMab1err.exe C:\Program Files\Spiceworks\bin\spiceworks.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\LMabcoms.exe \Ws27347\c$\Program Files\OpenOffice.org 3\program\soffice.exe \Ws27347\c$\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Spiceworks\bin\spiceworks-finder.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.intel.com/vpro O1 - Hosts: 209.167.115.159 reservations.phillycarshare.org O1 - Hosts: 64.81.243.242 opencar.net O1 - Hosts: 69.163.215.199 phillycarshare.org O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe O4 - Startup: OpenOffice.org 3.0.lnk = Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://tempgreen.dreamhosters.com O15 - Trusted Zone: *.phillycarshare.org O16 - DPF: {15BC34E3-81B5-41EF-8704-A6421FAD29F9} (AgentObj Class) - https://endpointassessment.sophos.com/webag.../webagentNT.cab O16 - DPF: {167C192D-44C1-4EAB-9279-496EA91C75D2} (CredListObj Class) - https://endpointassessment.sophos.com/webagent/credlist.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227213297134 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phillycarshare.loc O17 - HKLM\Software\..\Telephony: DomainName = phillycarshare.loc O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phillycarshare.loc O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = phillycarshare.loc O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Kaspersky Lab Administration Server (CSAdminServer) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe O23 - Service: Diskeeper DPAN Service (DPANService) - Diskeeper
  2. spacefiddle
    No one's seen this before..?
  3. spacefiddle
    Oops. i can't seem to edit. here, check this out:
  4. spacefiddle
    Oh crap. I am getting *the exact same thing* today. I see you posted this morning. Not good. When i tried to register for the site just now, the validation code window was filled with the same random Asian characters! I was using Firefox 3.5.6. I am now using IE8 and as you can see, am not affected. I noticed it trying to get to a bank site in Firefox. I closed the browser and ran a scan with my AV, but found nothing. I can get around with IE8 (i haven't logged in to that bank, don't worry...) but i do not understand how i seem to be connected to the target site, green address bar, EV button lights up and gives me cert info, but the page source consists solely of random Asian characters. I have tried running them through several translators as both Chinese and Japanese and it seems to be nonsense. I attempted to download MBAM from within Firefox... and the download page turned into a flood of random Asian characters. I've gotten it via IE and will be scanning my brains out this evening. Sad the day when Firefox gets pwned by something that doesn't affect IE. Maybe it's targeted, but the OP says his IE was also affected: which version?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.