Jump to content

Google Redirect (Trojan.BHO) HELP!


Recommended Posts

No need to re-explain as I'ms ure you know the deal. MBAM won't remove the virus (it keeps re-appearing) so here are my MBAM, DSS, and GMER logs. Any help you can providde it MUCH appreciated!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7736

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/17/2011 4:38:43 PM

mbam-log-2011-09-17 (16-38-43).txt

Scan type: Quick scan

Objects scanned: 165152

Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DSS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Erin at 16:42:17 on 2011-09-17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.197 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: {1657d141-3efa-434d-ad62-32ad560629ac} - c:\windows\system32\wscui32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2AAA8095-C440-4DD3-86A2-C38CAFC3C343} : DhcpNameServer = 198.41.0.4

TCP: Interfaces\{E61DF480-70C3-47D7-9E3C-111D9825B206} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E61DF480-70C3-47D7-9E3C-111D9825B206}\2454536533 : DhcpNameServer = 192.168.1.1 68.237.161.12

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-5 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-10 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-16 04:08:01 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-16 04:01:56 -------- d-----w- c:\users\erin\appdata\local\temp

2011-09-16 02:06:01 98816 ----a-w- c:\windows\sed.exe

2011-09-16 02:06:01 518144 ----a-w- c:\windows\SWREG.exe

2011-09-16 02:06:01 256000 ----a-w- c:\windows\PEV.exe

2011-09-16 02:06:01 208896 ----a-w- c:\windows\MBR.exe

2011-09-16 00:47:17 -------- d-----w- c:\program files\CCleaner

2011-09-16 00:46:35 -------- d-----w- c:\users\erin\appdata\local\Google

2011-09-16 00:29:11 -------- d-----w- c:\users\erin\appdata\roaming\Malwarebytes

2011-09-16 00:29:00 -------- d-----w- c:\programdata\Malwarebytes

2011-09-16 00:28:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-16 00:28:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-15 04:20:17 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-15 04:19:46 -------- d-----w- c:\programdata\Hitman Pro

2011-09-14 01:04:20 355328 ----a-w- c:\windows\system32\wscui32.dll

2011-09-09 23:39:53 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{44fefa3a-a94e-4d7b-b68e-92dc9bd82685}\mpengine.dll

2011-09-06 00:06:21 -------- d-----w- c:\users\erin\appdata\local\{63EEB03E-E10E-4897-A852-CC8BFD3DCEAF}

2011-09-06 00:06:00 -------- d-----w- c:\users\erin\appdata\local\{6B63F882-4622-4EEA-A518-91CCB1C6FBBC}

2011-09-05 16:13:32 -------- d-----w- c:\users\erin\Tracing

2011-09-05 16:10:16 -------- d-----w- c:\windows\en

2011-09-05 16:08:13 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-09-05 16:06:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-09-05 16:00:39 -------- d-----w- c:\program files\Microsoft

2011-09-05 16:00:12 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-09-05 16:00:12 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-09-05 16:00:11 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-09-05 15:59:02 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-09-05 15:57:10 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-09-05 15:57:09 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-09-05 15:53:42 7450888 ----a-w- c:\program files\common files\windows live\.cache\f8a31b8b1cc6be306\bingbarsetup.exe

2011-09-05 15:53:13 15712 ----a-w- c:\program files\common files\windows live\.cache\eb22f2601cc6be305\MeshBetaRemover.exe

2011-09-05 15:53:09 94040 ----a-w- c:\program files\common files\windows live\.cache\e8866bc61cc6be304\DSETUP.dll

2011-09-05 15:53:09 525656 ----a-w- c:\program files\common files\windows live\.cache\e8866bc61cc6be304\DXSETUP.exe

2011-09-05 15:53:09 1691480 ----a-w- c:\program files\common files\windows live\.cache\e8866bc61cc6be304\dsetup32.dll

2011-09-05 15:53:04 94040 ----a-w- c:\program files\common files\windows live\.cache\e4eeb89e1cc6be303\DSETUP.dll

2011-09-05 15:53:04 525656 ----a-w- c:\program files\common files\windows live\.cache\e4eeb89e1cc6be303\DXSETUP.exe

2011-09-05 15:53:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\e4eeb89e1cc6be303\dsetup32.dll

2011-09-05 15:52:31 -------- d-----w- c:\users\erin\appdata\local\Windows Live

2011-09-05 15:52:28 -------- d-----w- c:\program files\common files\Windows Live

2011-09-05 15:49:20 -------- d-----w- c:\users\erin\appdata\local\{20F53E2A-347A-474C-A9F5-1CFA14AC90D2}

2011-09-03 13:01:22 2048 ----a-w- c:\windows\system32\tzres.dll

.

==================== Find3M ====================

.

2011-09-07 22:33:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-26 23:38:28 15544 ----a-w- c:\windows\system32\drivers\CPQBttn.sys

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 16:43:20.09 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/10/2010 2:01:00 AM

System Uptime: 9/17/2011 2:13:16 PM (2 hours ago)

.

Motherboard: Quanta | | 30BB

Processor: Intel® Core2 CPU T5200 @ 1.60GHz | U2E1 | 1600/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 68.046 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30BB103C&REV_01\4&16649F33&0&2AF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30BB103C&REV_01\4&16649F33&0&2AF0

Service:

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30BB103C&REV_0A\4&16649F33&0&2BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30BB103C&REV_0A\4&16649F33&0&2BF0

Service:

.

==== System Restore Points ===================

.

RP209: 8/21/2011 10:33:14 AM - Scheduled Checkpoint

RP210: 9/3/2011 9:39:35 AM - Scheduled Checkpoint

RP211: 9/4/2011 12:39:04 PM - Windows Update

RP212: 9/5/2011 11:48:41 AM - CheckIfInstallerIsBusy

RP213: 9/5/2011 11:51:54 AM - CheckIfInstallerIsBusy

RP215: 9/5/2011 11:53:07 AM - Windows Live Essentials

RP216: 9/5/2011 11:54:14 AM - Windows Update

RP217: 9/5/2011 11:56:33 AM - Windows Update

RP219: 9/5/2011 11:58:10 AM - Installed DirectX

RP221: 9/5/2011 11:59:49 AM - Installed DirectX

RP222: 9/5/2011 12:02:32 PM - WLSetup

RP223: 9/7/2011 6:25:48 PM - Windows Update

RP224: 9/14/2011 8:32:15 PM - Windows Update

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

Adobe Flash Player 10 ActiveX

Adobe Photoshop 7.0

Adobe Reader 9.2

Bing Bar

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MG5200 series MP Drivers

Canon MG5200 series User Registration

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

CCleaner

Citrix Presentation Server Client - Web Only

Classic Menu for Office

Coupon Printer for Windows

D3DX10

Facebook Plug-In

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

MSVCRT

My Sportsbook

MySportsbook Poker

ODF Add-in for Microsoft Office

OffiSync

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Symantec Technical Support Web Controls

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2553110)

Veetle TV 0.9.17

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

9/17/2011 7:48:46 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.

9/17/2011 4:29:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

9/17/2011 2:34:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.

9/17/2011 2:08:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

9/16/2011 7:32:02 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

9/16/2011 12:02:10 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/15/2011 7:50:36 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.

9/15/2011 7:50:32 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.

9/15/2011 12:31:10 AM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error The operation completed successfully..

9/15/2011 11:54:24 PM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

9/15/2011 11:53:45 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

9/15/2011 10:14:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

9/15/2011 10:14:53 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/15/2011 10:14:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/15/2011 10:14:28 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/15/2011 10:14:28 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

9/13/2011 10:20:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.

9/10/2011 6:53:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

.

==== End Of File ===========================

GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-17 17:40:27

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9120821AS rev.7.24

Running: imp4cqm6.exe; Driver: C:\Users\Erin\AppData\Local\Temp\kxldapog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A5E539 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A83092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? C:\Users\Erin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!CreateWindowExW 76470E51 5 Bytes JMP 6D74819F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!DialogBoxIndirectParamW 76494AA7 5 Bytes JMP 6D870208 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!DialogBoxParamW 7649564A 5 Bytes JMP 6D664B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!DialogBoxParamA 764ACF6A 5 Bytes JMP 6D8701A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!DialogBoxIndirectParamA 764AD29C 5 Bytes JMP 6D87026B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!MessageBoxIndirectA 764BE8C9 5 Bytes JMP 6D87013A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!MessageBoxIndirectW 764BE9C3 5 Bytes JMP 6D8700CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!MessageBoxExA 764BEA29 5 Bytes JMP 6D87006D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5876] USER32.dll!MessageBoxExW 764BEA4D 5 Bytes JMP 6D87000B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!UnhookWindowsHookEx 7646CC7B 5 Bytes JMP 6D7583CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!CallNextHookEx 7646CC8F 5 Bytes JMP 6D739DAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!CreateWindowExW 76470E51 5 Bytes JMP 6D74819F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!SetWindowsHookExW 7647210A 5 Bytes JMP 6D6F461B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxIndirectParamW 76494AA7 5 Bytes JMP 6D870208 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxParamW 7649564A 5 Bytes JMP 6D664B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxParamA 764ACF6A 5 Bytes JMP 6D8701A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!DialogBoxIndirectParamA 764AD29C 5 Bytes JMP 6D87026B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxIndirectA 764BE8C9 5 Bytes JMP 6D87013A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxIndirectW 764BE9C3 5 Bytes JMP 6D8700CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxExA 764BEA29 5 Bytes JMP 6D87006D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] USER32.dll!MessageBoxExW 764BEA4D 5 Bytes JMP 6D87000B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] ole32.dll!OleLoadFromStream 77345BF6 5 Bytes JMP 6D870566 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5984] ole32.dll!CoCreateInstance 7739590C 5 Bytes JMP 6D748C8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.