Help

RicoTubbs · August 4, 2010

Hello all, I am having a problem with my browser redirecting me to random sites. I have tried using CCleaner, ComboFix, MGtools and Malwarebytes. I can not get Malwarebytes to update (MBAM_ERROR_UPDATING (12007,0, WinHTTPSendRequest). Any help would be greatly appreciated. I am having this problem on 3 browsers (IE, Google Chrome and FireFox)

*************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:13:56 PM, on 8/4/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\explorer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Suthar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7678 bytes

screen317 · August 5, 2010

Hi and welcome to Malwarebytes.

Please know that running ComboFix is very dangerous unless under the eye of a trained analyst.

With that said, please post the log from C:\ComboFix.txt

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

RicoTubbs · August 6, 2010

Thanx for your help

________________________________________________________________________________

________________________________

ComboFix 10-08-02.01 - Suthar 08/04/2010 14:28:07.1.2 - x86

Microsoft

screen317 · August 6, 2010

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

RicoTubbs · August 9, 2010

Hey Chris, thanx for your help this far but I am still having redirecting problems. The ESET Online Scanner found no threats. I don

RicoTubbs · August 9, 2010

I have updated Java and Adobe Reader

screen317 · August 10, 2010

Hi,

Please delete your copy of ComboFix, grab the latest version from here and save it to your Desktop. Ensure that all security programs are disabled, then run it and post its log. Also post a fresh DDS log.

RicoTubbs · August 10, 2010

ComboFix 10-08-09.03 - Suthar 08/10/2010 11:40:26.1.2 - x86

Microsoft

screen317 · August 12, 2010

Hi,

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

RicoTubbs · August 12, 2010

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: ASUSTek Computer INC.

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: HP-Pavilion

System Product Name: KJ302AA-ABA a6432f

Logical Drives Mask: 0x000002fc

Kernel Drivers (total 151):

0x81E47000 \SystemRoot\system32\ntkrnlpa.exe

0x81E14000 \SystemRoot\system32\hal.dll

0x80408000 \SystemRoot\system32\kdcom.dll

0x8040F000 \SystemRoot\system32\PSHED.dll

0x80420000 \SystemRoot\system32\BOOTVID.dll

0x80428000 \SystemRoot\system32\CLFS.SYS

0x80469000 \SystemRoot\system32\CI.dll

0x80549000 \SystemRoot\system32\drivers\Wdf01000.sys

0x805C5000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x80604000 \SystemRoot\system32\drivers\acpi.sys

0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS

0x80653000 \SystemRoot\system32\drivers\msisadrv.sys

0x8065B000 \SystemRoot\system32\drivers\pci.sys

0x80682000 \SystemRoot\System32\drivers\partmgr.sys

0x80691000 \SystemRoot\system32\drivers\volmgr.sys

0x806A0000 \SystemRoot\System32\drivers\volmgrx.sys

0x806EA000 \SystemRoot\system32\drivers\pciide.sys

0x806F1000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x806FF000 \SystemRoot\System32\drivers\mountmgr.sys

0x8070F000 \SystemRoot\system32\drivers\nvraid.sys

0x8072A000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x8074B000 \SystemRoot\system32\drivers\atapi.sys

0x80753000 \SystemRoot\system32\drivers\ataport.SYS

0x80771000 \SystemRoot\system32\drivers\nvstor32.sys

0x80795000 \SystemRoot\system32\drivers\storport.sys

0x89808000 \SystemRoot\system32\drivers\fltmgr.sys

0x8983A000 \SystemRoot\system32\drivers\fileinfo.sys

0x8984A000 \SystemRoot\System32\Drivers\ksecdd.sys

0x898BB000 \SystemRoot\system32\drivers\ndis.sys

0x899C6000 \SystemRoot\system32\drivers\msrpc.sys

0x89A07000 \SystemRoot\system32\drivers\NETIO.SYS

0x89A42000 \SystemRoot\System32\drivers\tcpip.sys

0x89B2C000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x89C00000 \SystemRoot\System32\Drivers\Ntfs.sys

0x89D10000 \SystemRoot\system32\drivers\volsnap.sys

0x89D49000 \SystemRoot\System32\Drivers\spldr.sys

0x89D51000 \SystemRoot\System32\Drivers\mup.sys

0x89D60000 \SystemRoot\System32\drivers\ecache.sys

0x89D87000 \SystemRoot\system32\drivers\disk.sys

0x89D98000 \SystemRoot\system32\drivers\crcdisk.sys

0x89DDC000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x89DE7000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x89DF0000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x89B47000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x89B5A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x89B65000 \SystemRoot\system32\DRIVERS\PS2.sys

0x89B6A000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x89B75000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x89B7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x89BBD000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x89BCC000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x89BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x8D806000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys

0x8D852000 \SystemRoot\system32\DRIVERS\ks.sys

0x8D87C000 \SystemRoot\system32\DRIVERS\HSX_DP.sys

0x8DA0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x8DAC4000 \SystemRoot\system32\drivers\modem.sys

0x8DAD1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8DC00000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys

0x8DCFD000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8DD15000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0x8DE09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x8E528000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8E5C9000 \SystemRoot\System32\drivers\watchdog.sys

0x8DD1B000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8E5D5000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8E5E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8DD4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8DD55000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8DD78000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8DD87000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8DD9B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8DDB0000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8E5F7000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8DDC0000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8DDCA000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8DB5E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8DDD7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8EC05000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8EE12000 \SystemRoot\system32\drivers\portcls.sys

0x8EE3F000 \SystemRoot\system32\drivers\drmk.sys

0x8EE64000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8EE6D000 \SystemRoot\System32\Drivers\Null.SYS

0x8EE74000 \SystemRoot\System32\Drivers\Beep.SYS

0x8EE7B000 \SystemRoot\System32\drivers\vga.sys

0x8EE87000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8EEA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8EEB0000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8EEB8000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8EEC3000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8EED1000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8EEDA000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8EEF0000 \SystemRoot\System32\Drivers\SYMTDI.SYS

0x8EF1C000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

0x8EF41000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

0x8EF45000 \SystemRoot\System32\Drivers\SYMDNS.SYS

0x8EF47000 \SystemRoot\System32\Drivers\SYMNDISV.SYS

0x8EF54000 \SystemRoot\System32\Drivers\SYMFW.SYS

0x8EF6A000 \SystemRoot\system32\DRIVERS\smb.sys

0x8EF7E000 \SystemRoot\system32\drivers\afd.sys

0x8EFC6000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8DDE8000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8DE00000 \SystemRoot\system32\DRIVERS\SymIMv.sys

0x8DB93000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8DBA1000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8DBB4000 \SystemRoot\System32\Drivers\SRTSPX.SYS

0x8D97E000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

0x8EFF8000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0x8DBBE000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8DA00000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8F402000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100729.001\IDSvix86.sys

0x8F44A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0x8F4A8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x8F4C5000 \SystemRoot\System32\Drivers\dfsc.sys

0x8F4DC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x8F4F1000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8F4F3000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8F500000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x8F50A000 \SystemRoot\System32\Drivers\dump_nvstor32.sys

0x970C0000 \SystemRoot\System32\win32k.sys

0x8F52E000 \SystemRoot\System32\drivers\Dxapi.sys

0x8F538000 \SystemRoot\system32\DRIVERS\monitor.sys

0x972E0000 \SystemRoot\System32\TSDDD.dll

0x97300000 \SystemRoot\System32\cdd.dll

0x8F547000 \SystemRoot\system32\drivers\luafv.sys

0x9C00A000 \SystemRoot\system32\drivers\spsys.sys

0x9C0BA000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x9C0CA000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9C0DD000 \SystemRoot\system32\drivers\HTTP.sys

0x9C14A000 \??\C:\Windows\system32\drivers\CO_Mon.sys

0x9C152000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9C16F000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9C188000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9C19D000 \SystemRoot\system32\drivers\mrxdav.sys

0x9C1BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x8F562000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9C1DD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x8F59B000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA0607000 \SystemRoot\System32\DRIVERS\srv.sys

0xA066D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA0671000 \SystemRoot\system32\drivers\peauth.sys

0xA074F000 \SystemRoot\System32\Drivers\secdrv.SYS

0xA0759000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA0765000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA077A000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0xA078C000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xA0794000 \SystemRoot\System32\Drivers\SRTSP.SYS

0xA6761000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xA6600000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100811.040\NAVEX15.SYS

0xA674C000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100811.040\NAVENG.SYS

0x77630000 \Windows\System32\ntdll.dll

Processes (total 79):

0 System Idle Process

4 System

528 C:\Windows\System32\smss.exe

600 csrss.exe

652 C:\Windows\System32\wininit.exe

664 csrss.exe

696 C:\Windows\System32\services.exe

712 C:\Windows\System32\lsass.exe

728 C:\Windows\System32\lsm.exe

792 C:\Windows\System32\winlogon.exe

888 C:\Windows\System32\svchost.exe

932 C:\Windows\System32\nvvsvc.exe

960 C:\Windows\System32\svchost.exe

1100 C:\Windows\System32\svchost.exe

1132 C:\Windows\System32\svchost.exe

1148 C:\Windows\System32\svchost.exe

1256 C:\Windows\System32\audiodg.exe

1276 C:\Windows\System32\svchost.exe

1308 C:\Windows\System32\SLsvc.exe

1352 C:\Windows\System32\svchost.exe

1460 C:\Windows\System32\rundll32.exe

1536 C:\Windows\System32\svchost.exe

1788 C:\Windows\System32\spoolsv.exe

1828 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

1884 C:\Windows\System32\taskeng.exe

1912 C:\Windows\System32\dwm.exe

1976 C:\Windows\explorer.exe

1992 C:\Windows\System32\taskeng.exe

2168 C:\Windows\System32\svchost.exe

2516 C:\Windows\RtHDVCpl.exe

2536 C:\hp\support\hpsysdrv.exe

2644 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

2684 C:\Windows\System32\rundll32.exe

2696 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

2716 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

2768 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

2804 C:\Program Files\iTunes\iTunesHelper.exe

2816 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2828 C:\Program Files\Windows Sidebar\sidebar.exe

2852 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

2908 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

3200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

3232 C:\Windows\System32\svchost.exe

3252 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

3284 C:\Windows\System32\svchost.exe

3320 C:\Windows\System32\svchost.exe

3340 C:\Windows\System32\svchost.exe

3444 C:\Windows\System32\svchost.exe

3488 C:\Windows\System32\svchost.exe

3572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

3680 C:\Windows\System32\SearchIndexer.exe

3740 WUDFHost.exe

3796 C:\Windows\System32\drivers\XAudio.exe

3824 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

4080 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

1108 C:\Windows\System32\mobsync.exe

1820 C:\Windows\System32\svchost.exe

2104 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

3848 C:\Program Files\Windows Sidebar\sidebar.exe

2156 C:\Windows\System32\wbem\unsecapp.exe

3964 WmiPrvSE.exe

688 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

3456 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

2528 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

1376 C:\Program Files\iPod\bin\iPodService.exe

4468 C:\hp\KBD\kbd.exe

4588 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

4980 C:\Windows\System32\wuauclt.exe

6120 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

4400 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe

4680 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe

5388 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe

880 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe

4296 C:\Windows\System32\SearchProtocolHost.exe

4160 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe

6020 C:\Windows\System32\SearchFilterHost.exe

5272 dllhost.exe

4800 dllhost.exe

5836 C:\Users\Suthar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000072`1af67c00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR10

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected

SHA1: F362CE084BC77B454330005C1657154A64FB9456

Done!

screen317 · August 13, 2010

Hi,

Please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Next, download RootRepeal from one of the following locations and save it to your desktop:

Link 1 Link 2 Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
[*]Click the OK button
[*]In the next dialog, select all drives showing
[*]Click OK to start the scan
Note: The scan can take some time.
DO NOT
run any other programs while the scan is running

[*]When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
[*]Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead. To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Next, please download Rootkit Unhooker and save it to your Desktop.

Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File --> Save Report
Save the report somewhere you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

If you get the following warning, please ignore it:

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

RicoTubbs · August 14, 2010

hello, during the gmer scan I get a BLUE Screen and my computer restarts

screen317 · August 15, 2010

Hi,

Skip the GMER scan and proceed to the other scans.

screen317 · August 29, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Help

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information