Jump to content

Recommended Posts

Hey,

I am encountering the same problems as Speedr on my rather old laptop with ping.exe, MDM.exe, and a few other things, though I might send you guys my logs/etc. Had redirect issues for a while, as well as some fake software called "XP Spyware 2012" running. but ran malwarebytes and a few other things and that went away. ping.exe and MDM.exe still there.

If you have any suggestions I would really appreciate it! Thank you. Sarah

DDS:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03

Run by Sarah at 0:48:53 on 2011-11-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.15 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Print Manager Plus - Client\CheckPages.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\WINDOWS\System32\ping.exe

C:\WINDOWS\System32\MDM.EXE

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"

mRun: [iPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1139604976\ee\AOLSoftware.exe

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [AppMgrGui] c:\program files\appstream\windowsclient\bin\exeForService.exe

mRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autoclose /waitprograms

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printm~1.lnk - c:\program files\print manager plus - client\CheckPages.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE

IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

LSP: mswsock.dll

DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5DBEF54A-19C5-496C-A1BF-DECD3F8EB217} : DhcpNameServer = 192.168.1.1

Notify: ASWLNDLL - ASWLNDLL.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sarah\application data\mozilla\firefox\profiles\chhwx6vg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

.

============= SERVICES / DRIVERS ===============

.

R1 APPSTREAM;APPSTREAM;c:\windows\system32\drivers\AppStream.sys [2006-9-27 114964]

.

=============== Created Last 30 ================

.

2011-11-29 05:36:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 23:45:09 -------- d-----w- c:\program files\ESET

2011-11-28 23:40:50 -------- d-----w- c:\documents and settings\sarah\application data\Malwarebytes

2011-11-28 23:40:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-28 23:40:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 23:40:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-28 17:08:08 -------- d-----w- c:\program files\Combined Community Codec Pack

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-16 01:18:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL

1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL

1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL

1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL

1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL

1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

.

============= FINISH: 0:51:12.14 ===============

attach.txt

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.