sarah27 Posted November 29, 2011 ID:499204 Share Posted November 29, 2011 Hey,I am encountering the same problems as Speedr on my rather old laptop with ping.exe, MDM.exe, and a few other things, though I might send you guys my logs/etc. Had redirect issues for a while, as well as some fake software called "XP Spyware 2012" running. but ran malwarebytes and a few other things and that went away. ping.exe and MDM.exe still there.If you have any suggestions I would really appreciate it! Thank you. SarahDDS:DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03Run by Sarah at 0:48:53 on 2011-11-29Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.15 [GMT -5:00]..============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Print Manager Plus - Client\CheckPages.exeC:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXEC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\SNDVOL32.EXEC:\WINDOWS\System32\ping.exeC:\WINDOWS\System32\MDM.EXE.============== Pseudo HJT Report ===============.BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dllBHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTOmRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"mRun: [iPHSend] c:\program files\common files\aol\iphsend\IPHSend.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [HostManager] c:\program files\common files\aol\1139604976\ee\AOLSoftware.exemRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exemRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [ATIModeChange] Ati2mdxx.exemRun: [AGRSMMSG] AGRSMMSG.exemRun: [AppMgrGui] c:\program files\appstream\windowsclient\bin\exeForService.exemRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autoclose /waitprogramsStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printm~1.lnk - c:\program files\print manager plus - client\CheckPages.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXEIE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTMLIE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dllLSP: mswsock.dllDPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CABDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{5DBEF54A-19C5-496C-A1BF-DECD3F8EB217} : DhcpNameServer = 192.168.1.1Notify: ASWLNDLL - ASWLNDLL.dllNotify: LMIinit - LMIinit.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\sarah\application data\mozilla\firefox\profiles\chhwx6vg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dllFF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - plugin: c:\program files\virtual earth 3d\npVE3D.dll.============= SERVICES / DRIVERS ===============.R1 APPSTREAM;APPSTREAM;c:\windows\system32\drivers\AppStream.sys [2006-9-27 114964].=============== Created Last 30 ================.2011-11-29 05:36:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-28 23:45:09 -------- d-----w- c:\program files\ESET2011-11-28 23:40:50 -------- d-----w- c:\documents and settings\sarah\application data\Malwarebytes2011-11-28 23:40:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-11-28 23:40:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-28 23:40:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-11-28 17:08:08 -------- d-----w- c:\program files\Combined Community Codec Pack.==================== Find3M ====================.2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-16 01:18:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL.============= FINISH: 0:51:12.14 ===============attach.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:501970 Share Posted December 6, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix When the tool is finished, it will produce a report for you.Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506569 Share Posted December 19, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Recommended Posts