Jump to content

scarecrowman

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. scarecrowman
    Here is the DDS as requested. Thanks again. You guys Rock. DDS (Ver_10-12-12.02) - NTFSx86 Run by Nick at 12:08:12.20 on 31/12/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.894.474 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nick\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.softmoc.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\nick\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [u5hBRj8JOP] control.exe "c:\program files\jupr3nnm\U5hBRj8JOP.cpl",0,1 mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [bell Canada Connection Manager] "c:\program files\bell\mobile connect\BellCanadaCM.exe" -a mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://100.100.100.110/DVROcxEx.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217860603866 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: WinLiveContact - {b6ca44c3-5f6e-4080-816a-91e7d0fc015f} - c:\program files\common files\win\WinLiveContact.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\15ux4vlc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\nick\application data\mozilla\firefox\profiles\15ux4vlc.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: c:\documents and settings\nick\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org FF - Ext: OpenDownload: {210249CE-F888-11DD-B868-4CB456D89593} - %profile%\extensions\{210249CE-F888-11DD-B868-4CB456D89593} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension ============= SERVICES / DRIVERS =============== R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008] R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-8-27 143248] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-8-27 41936] R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-11-20 82944] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-12-1 111504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176] S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496] S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-6-8 17408] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174592] S3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files\bell\mobile connect\ProfileImpSvc.exe [2010-5-23 169240] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-9-26 36928] S3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\bell\mobile connect\RcAppSvc.exe [2010-5-23 120088] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 100560] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-12-24 14:42:26 315904 ----a-w- c:\windows\IsUninst.exe 2010-12-22 17:45:09 -------- d-----w- c:\program files\Outlook Recovery Toolbox 2010-12-22 17:41:41 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Recovery Toolbox for Outlook 2010-12-22 17:41:34 140824 ----a-w- c:\windows\system32\secman.dll 2010-12-21 21:31:52 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Secunia PSI 2010-12-21 21:31:15 -------- d-----w- c:\program files\Secunia 2010-12-21 21:24:14 2910208 ----a-w- c:\windows\system32\Redemption.dll 2010-12-21 21:10:14 -------- d-----w- c:\program files\JuPR3NNm 2010-12-21 20:54:56 -------- d-----w- c:\program files\SysTools OST Recovery 2010-12-21 20:53:38 -------- d-----w- c:\docume~1\nick\applic~1\Kernel Ost to Pst (Evaluation Version) 2010-12-21 20:51:37 -------- d-----w- c:\program files\common files\Win 2010-12-18 05:25:09 -------- d--h--w- c:\windows\PIF 2010-12-01 22:21:49 -------- d-----w- c:\program files\Oracle 2010-12-01 18:44:12 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2010-12-01 18:44:12 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys ==================== Find3M ==================== 2010-12-31 16:55:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-12-31 16:55:27 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 12:08:44.82 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 04/08/2008 12:09:27 AM System Uptime: 31/12/2010 11:54:51 AM (1 hours ago) Motherboard: Dell Inc. | | 0UW744 Processor: AMD Athlon 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1795/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 54 GiB total, 35.088 GiB free. D: is FIXED (NTFS) - 57 GiB total, 11.11 GiB free. E: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&B216F0A&0&00A4 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&B216F0A&0&00A4 Service: bcm4sbxp Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0001 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0001 Service: VBoxNetAdp ==== System Restore Points =================== RP43: 21/12/2010 5:29:28 PM - System Checkpoint RP44: 23/12/2010 3:21:40 AM - System Checkpoint RP45: 23/12/2010 9:57:31 AM - Installed Java 6 Update 23 RP46: 24/12/2010 1:16:16 PM - System Checkpoint RP47: 26/12/2010 2:47:52 AM - System Checkpoint RP48: 27/12/2010 4:36:17 AM - System Checkpoint RP49: 28/12/2010 4:04:01 PM - System Checkpoint RP50: 30/12/2010 1:05:41 PM - System Checkpoint ==== Installed Programs ====================== 7-Zip 9.20 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin AMD Processor Driver ASDM on 100.100.100.1 ATI Catalyst Control Center ATI Catalyst Install Manager ATI Display Driver
  2. scarecrowman
    Thank you LDTate, Have followed your instructions. Would you like new log files? If so, which logs would you like me to paste?
  3. scarecrowman
    Hi, This does not happen very often, but it does happen from time to time and I am sure there is something on my system hidden. Malwarebyte's shows 0 infections, and the computer runs just fine, but the odd search will take me to an undesired page. Usually a page trying to use my search terms to show content on their site. Clicking back and searching again takes me to the search results as expected. I have attached my MBAM, DDS and GMER logs. Thank you in advance. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5424 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30/12/2010 4:28:39 PM mbam-log-2010-12-30 (16-28-39).txt Scan type: Quick scan Objects scanned: 166088 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-12-12.02) - NTFSx86 Run by Nick at 16:32:00.26 on 30/12/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.894.325 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Symantec\pcAnywhere\Winaw32.exe C:\Program Files\Symantec\pcAnywhere\SessionController.exe C:\Program Files\Symantec\pcAnywhere\awrem32.exe C:\Program Files\Symantec\pcAnywhere\awrem32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nick\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.softmoc.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:55636 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\nick\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [u5hBRj8JOP] control.exe "c:\program files\jupr3nnm\U5hBRj8JOP.cpl",0,1 mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [bell Canada Connection Manager] "c:\program files\bell\mobile connect\BellCanadaCM.exe" -a mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://100.100.100.110/DVROcxEx.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217860603866 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {A2DE4D02-9D26-41BB-B366-7BC60B6B8DA2} = 100.100.100.35,100.100.100.35 Notify: AtiExtEvent - Ati2evxx.dll Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: WinLiveContact - {b6ca44c3-5f6e-4080-816a-91e7d0fc015f} - c:\program files\common files\win\WinLiveContact.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\15ux4vlc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\nick\application data\mozilla\firefox\profiles\15ux4vlc.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: c:\documents and settings\nick\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org FF - Ext: OpenDownload: {210249CE-F888-11DD-B868-4CB456D89593} - %profile%\extensions\{210249CE-F888-11DD-B868-4CB456D89593} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension ============= SERVICES / DRIVERS =============== R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008] R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-8-27 143248] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-8-27 41936] R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-11-20 82944] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-12-1 111504] R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176] S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496] S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-6-8 17408] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174592] S3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files\bell\mobile connect\ProfileImpSvc.exe [2010-5-23 169240] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-9-26 36928] S3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\bell\mobile connect\RcAppSvc.exe [2010-5-23 120088] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 100560] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-12-24 14:42:26 315904 ----a-w- c:\windows\IsUninst.exe 2010-12-22 17:45:09 -------- d-----w- c:\program files\Outlook Recovery Toolbox 2010-12-22 17:41:41 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Recovery Toolbox for Outlook 2010-12-22 17:41:34 140824 ----a-w- c:\windows\system32\secman.dll 2010-12-21 21:31:52 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Secunia PSI 2010-12-21 21:31:15 -------- d-----w- c:\program files\Secunia 2010-12-21 21:24:14 2910208 ----a-w- c:\windows\system32\Redemption.dll 2010-12-21 21:10:14 -------- d-----w- c:\program files\JuPR3NNm 2010-12-21 20:54:56 -------- d-----w- c:\program files\SysTools OST Recovery 2010-12-21 20:53:38 -------- d-----w- c:\docume~1\nick\applic~1\Kernel Ost to Pst (Evaluation Version) 2010-12-21 20:51:37 -------- d-----w- c:\program files\common files\Win 2010-12-18 05:25:09 -------- d--h--w- c:\windows\PIF 2010-12-01 22:21:49 -------- d-----w- c:\program files\Oracle 2010-12-01 18:44:12 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2010-12-01 18:44:12 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2010-12-01 06:51:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\TrueCrypt 2010-12-01 06:45:02 -------- d-----w- c:\docume~1\nick\applic~1\TrueCrypt 2010-12-01 06:44:05 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2010-12-01 06:43:58 -------- d-----w- c:\program files\TrueCrypt ==================== Find3M ==================== 2010-12-30 15:50:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-12-29 21:24:04 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 16:32:16.50 =============== attach.zip
  4. scarecrowman
    Thank you again, kahdah. That was my first task. I have disconnected it from the Internet, only connecting to update virus definitions before a scan. I will be recommending a format to the user, and I am confident that he will agree. We will be formatting this computer, but I still do appreciate your assistance with this problem. P.S. I'm glad to see you guys have come so far. I was (still am) a Moderator over at windowsforum.org and I remember when we saw the first few posts about a brand new beta program called Malwarebytes. I remember this program in it's infancy, and am so happy to see how far it, as well as the community, has come. You are all gentlemen (and women) and scholars. Keep up the good work.
  5. scarecrowman
    Thanks Kahdah, Yes I did run a combofix as part of a suggestion from another website to remove the spamweblist[dot]com/block.php. I have disabled/uninstalled all other tools (since the scans). Here is my combofix log: ComboFix 10-09-20.01 - user 20/09/2010 16:29:17.1.2 - x86 Microsoft
  6. scarecrowman
    This computer is quite heavily infected. I've dealt with a few infected computers in the past, but this one is beyond me. I'm hoping one of the experts will be able to help me out. You guys are the best! I have run a scan or two with MBAM, Spybot and AVG Free. I hope this won't interfere, and I will not do anything more until instructed. These logs are fresh since I have used those tools. Hope I did this correct, I am trying to follow the stickies. Here's the MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4659 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 20/09/2010 6:30:06 PM mbam-log-2010-09-20 (18-30-06).txt Scan type: Quick scan Objects scanned: 135522 Time elapsed: 6 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here's the DDS log, and attached is the GMER Rootkit logs. DDS (Ver_10-03-17.01) - NTFSx86 Run by user at 17:55:03.61 on 20/09/2010 Internet Explorer: 8.0.6001.18943 Microsoft attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.