Jump to content

impalass96

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. screen317 thank you for your input, i will go ahead and follow your recommendations of formatting and re-installing the OS.
  2. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7410 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 8/9/2011 11:55:51 AM mbam-log-2011-08-09 (11-55-51).txt Scan type: Quick scan Objects scanned: 1 Time elapsed: 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16 Run by a at 17:03:28 on 2011-08-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.880 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Symantec AntiVirus\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\SmcGui.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spark\Spark.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\amendez\Desktop\Defogger.exe . ============== Pseudo HJT Report =============== . uWindow Title = Microsoft Internet Explorer provided by uStart Page = hxxp://portal/ uDefault_Page_URL = hxxp://portal/ mDefault_Page_URL = hxxp://portal/ mStart Page = hxxp://www.dell.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1) uPolicies-explorer: NoManageMyComputerVerb = 1 (0x1) uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1) uPolicies-explorer: NoThemesTab = 1 (0x1) uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1) uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-explorer: NoPublishingWizard = 0 (0x0) uPolicies-explorer: NoWebServices = 0 (0x0) uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0) uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1) uPolicies-explorer: Btn_Back = 1 (0x1) uPolicies-explorer: Btn_Forward = 1 (0x1) uPolicies-explorer: Btn_Stop = 1 (0x1) uPolicies-explorer: Btn_Refresh = 1 (0x1) uPolicies-explorer: Btn_Home = 1 (0x1) uPolicies-explorer: Btn_Search = 1 (0x1) uPolicies-explorer: Btn_Favorites = 1 (0x1) uPolicies-explorer: Btn_History = 1 (0x1) uPolicies-explorer: Btn_Folders = 1 (0x1) uPolicies-explorer: Btn_Fullscreen = 2 (0x2) uPolicies-explorer: Btn_Tools = 2 (0x2) uPolicies-explorer: Btn_MailNews = 2 (0x2) uPolicies-explorer: Btn_Size = 2 (0x2) uPolicies-explorer: Btn_Print = 1 (0x1) uPolicies-explorer: Btn_Edit = 2 (0x2) uPolicies-explorer: Btn_Discussions = 2 (0x2) uPolicies-explorer: Btn_Cut = 2 (0x2) uPolicies-explorer: Btn_Copy = 2 (0x2) uPolicies-explorer: Btn_Paste = 2 (0x2) uPolicies-explorer: Btn_Encoding = 2 (0x2) uPolicies-explorer: RestrictCpl = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = aim.exe uPolicies-disallowrun: 2 = bckgzm.exe uPolicies-disallowrun: 3 = chkrzm.exe uPolicies-disallowrun: 4 = freecell.exe uPolicies-disallowrun: 5 = hrtzzm.exe uPolicies-disallowrun: 6 = icq.exe uPolicies-disallowrun: 7 = icqlight.exe uPolicies-disallowrun: 8 = limewire.exe uPolicies-disallowrun: 9 = meebo.exe uPolicies-disallowrun: 10 = mshearts.exe uPolicies-disallowrun: 11 = msmsgs.exe uPolicies-disallowrun: 12 = msnmsgr.exe uPolicies-disallowrun: 13 = pinball.exe uPolicies-disallowrun: 14 = rvsezm.exe uPolicies-disallowrun: 15 = shvlzm.exe uPolicies-disallowrun: 16 = skype.exe uPolicies-disallowrun: 17 = sol.exe uPolicies-disallowrun: 18 = spider.exe uPolicies-disallowrun: 19 = trillian.exe uPolicies-disallowrun: 20 = winmine.exe uPolicies-disallowrun: 21 = yahoomessenger.exe uPolicies-disallowrun: 22 = ymsgr6_beta.exe uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoColorChoice = 1 (0x1) uPolicies-system: SetVisualStyle = \\\images$\desktop_theme\zune.msstyles uPolicies-system: Wallpaper = \\\images$\retail\std_active_desktop-1280.jpg uPolicies-system: WallpaperStyle = 2 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206653401605 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206653396578 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0013-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-130-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\amendez\application data\mozilla\firefox\profiles\i2f9y95f.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-9-29 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-9-29 108392] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-5 366640] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-9-29 1832072] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-5 22712] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110809.009\NAVENG.SYS [2011-8-9 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110809.009\NAVEX15.SYS [2011-8-9 1576312] R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 hbzxlmjuaybvw;hbzxlmjuaybvw;\??\c:\windows\system32\drivers\orcbnnhw.sys --> c:\windows\system32\drivers\orcbnnhw.sys [?] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-1-25 30312] S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-5-11 18432] S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-5-11 14336] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-25 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-25 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-25 121576] . =============== Created Last 30 ================ . 2011-08-09 23:12:21 96512 ----a-w- c:\temp\bck2C.tmp 2011-08-09 23:12:21 95360 ----a-w- c:\temp\bck2B.tmp 2011-08-09 21:05:30 347147 ----a-w- c:\temp\jna1542345783173834514.dll 2011-08-09 20:05:12 96512 ----a-w- c:\temp\bckD.tmp 2011-08-09 20:05:11 95360 ----a-w- c:\temp\bckC.tmp 2011-08-09 19:42:13 96512 ----a-w- c:\temp\bck36.tmp 2011-08-09 19:42:13 95360 ----a-w- c:\temp\bck35.tmp 2011-08-09 17:21:28 347147 ------w- c:\temp\jna5058920059044856005.dll 2011-08-05 23:10:42 1404208 ----a-w- c:\temp\temporary directory 3 for tdsskiller.zip\TDSSKiller.exe 2011-08-05 23:10:42 1404208 ----a-r- c:\temp\temporary directory 1 for tdsskiller.zip\TDSSKiller.exe 2011-08-05 20:11:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-05 20:11:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-05 19:43:59 -------- d-----w- c:\program files\CCleaner 2011-08-05 17:09:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-08-05 15:53:15 347147 ------w- c:\temp\jna4471550528621682597.dll 2011-08-02 16:18:30 4608 ----a-w- c:\temp\i4jdel0.exe 2011-07-28 15:32:41 347147 ------w- c:\temp\jna3228157412847774601.dll 2011-07-27 20:30:08 347147 ------w- c:\temp\jna6975733060925450935.dll 2011-07-25 22:02:58 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-07-25 22:02:04 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2011-07-19 20:25:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-19 20:25:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2011-07-19 20:25:16 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeploytk.dll 2011-07-19 19:58:35 836532 ----a-w- c:\temp\tbinstallation.exe 2011-07-19 19:58:35 16664352 ----a-w- c:\temp\jre-6u16-windows-i586.exe 2011-07-12 14:48:59 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-07-12 14:48:59 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2011-07-12 14:33:22 -------- d-----w- C:\WISE . ==================== Find3M ==================== . 2011-06-27 18:29:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 17:04:14.75 ===============
  3. Hi, I have been infected with a root kit and I need guidance on how to remove this. It redirects me to different websites. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.