Jump to content

I picked up some bug


Recommended Posts

Please Help,

I picked up some sore of trojan/malware etc. I was able to get most of it cleaned up by using Malware scanning etc. However I still have a "redirect" problem with both FireFox and IE. I tried reinstalling Firefox but that did not work. Attached are the logs that were asked for under the I'm Infected - What do I do know? topic.

Hope you can help.

thanks

Bill

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Instructor at 21:44:30 on 2011-11-13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.313 [GMT -8:00]

.

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\hasplms.exe

c:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dimension\CatalystEX 3.0\nt\ModelServer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SolidWorks (2)\PDMWorks Workgroup Server\Vault\pdmwService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SolidWorks (4)\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe

C:\Program Files\SolidWorks (3)\SolidNetWork License Manager\lmgrd.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\SolidWorks (3)\SolidNetWork License Manager\lmgrd.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sierracollegetraining.com/cact.php

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [EPSON Artisan 50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffa.exe /fu "c:\windows\temp\E_S52.tmp" /EF "HKCU"

uRun: [Auto EPSON Artisan 50 Series on CASKEY2] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffa.exe /fu "c:\windows\temp\E_SBC4.tmp" /EF "HKCU"

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229034767484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229035351953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229108089010&h=80ae459ccd939220c55cc07d894b1024/&filename=jinstall-6u11-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxps://www.solidworks.com/sw/support/subscription/sldimdownload.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{907F51EF-9B2E-42C7-99FC-13AACF7D8AA9} : DhcpNameServer = 192.168.2.1

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\instructor\application data\mozilla\firefox\profiles\lwyqgjgj.default\

FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-2 366152]

R2 ModelServerWinServiceP;Dimension 3D Printers Service;c:\program files\dimension\catalystex 3.0\nt\ModelServer.exe [2008-4-8 442368]

R2 PDMWorks Workgroup Server;PDMWorks Workgroup Server;c:\program files\solidworks (2)\pdmworks workgroup server\vault\pdmwService.exe [2008-10-18 3158016]

R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\solidworks (4)\cosmosfloworks\floworks\bincfw\StandAloneSlv.exe [2008-9-15 237568]

R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\program files\solidworks (3)\solidnetwork license manager\lmgrd.exe [2007-5-11 1372160]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-5 105592]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-12-12 88192]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-2 22216]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111113.005\naveng.sys [2011-11-13 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111113.005\navex15.sys [2011-11-13 1576312]

R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

.

=============== Created Last 30 ================

.

2011-11-11 05:13:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-11-11 05:13:46 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-11-11 05:13:46 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-11-11 05:13:46 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-11-11 05:13:46 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-11-11 05:13:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-11-11 05:13:46 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-11-11 05:13:46 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-11-11 05:13:46 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-11-11 05:13:46 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-11-06 05:05:39 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{2c1de83f-92ee-438f-ba62-1fc95f9146c1}\mpengine.dll

2011-11-06 05:05:38 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-03 04:38:05 -------- d-----w- c:\documents and settings\instructor\application data\Malwarebytes

2011-11-03 04:37:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-03 04:37:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-03 04:37:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

.

============= FINISH: 21:45:59.33 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.