WarShrike Posted November 15, 2010 ID:345448 Share Posted November 15, 2010 Hi guys, need a little help. I've got a bit of an issue with a hijacker, I've cleared one a year ago, but this one has popped up recently and I can't track it down.Thanks.MWB Log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5117Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1311/14/2010 7:36:08 PMmbam-log-2010-11-14 (19-36-08).txtScan type: Quick scanObjects scanned: 151712Time elapsed: 18 minute(s), 0 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here's the DDS log:DDS (Ver_10-11-10.01) - NTFSx86 Run by WarShrike at 21:48:19.60 on Sun 11/14/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.339 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Aston\aston.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\Program Files\Motherboard Monitor 5\MBM5.EXEC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exeC:\Program Files\CoolMon\CoolMon.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\ctfmon.exeC:\32788R22FWJFW\License\iexplore.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeD:\Downloads\ryzd5vrz.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://co107w.col107.mail.live.com/mail/TodayLight.aspx?n=200856444&wa=wsignin1.0&n=1565144568uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = http=127.0.0.1:5643uInternet Settings,ProxyOverride = <local>uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllmURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {2bb4b268-69f6-4d47-8e74-ddd69d7734fd} - c:\windows\system32\mlJdAsTn.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [sansaDispatch] c:\documents and settings\warshrike\application data\sandisk\sansa updater\SansaDispatch.exemRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"mRun: [MBM 5] "c:\program files\motherboard monitor 5\MBM5.EXE"mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [AVG8_TRAY] c:\pro Link to post Share on other sites More sharing options...
LDTate Posted November 16, 2010 ID:346262 Share Posted November 16, 2010 http://forums.malwarebytes.org/index.php?showtopic=67692 Link to post Share on other sites More sharing options...
Recommended Posts