|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Jump Virus/Redirect
Hi, I'm having a problem with my browsers because every time I try to search something and click on a link, it redirects me to another site that I did not intend to go to. Would anyone please help me out with this? Thank you.
This is my Hijack this log. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:37:09 AM, on 6/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\program files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Joanne\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = webproxy.ucsd.edu:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\ntos.exe,C:\WINDOWS\system32\sdra64.ex e, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Sprint Connection Manager] "C:\Program Files\Sprint\Connection Manager\SprintCM.exe" -a O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/actives.../asproinst.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 17131 bytes |
#2
|
|||
|
|||
The browser is usually redirected to Jump or Overclick. Please help me out if you can!
|
#3
|
||||
|
||||
Hello forchristsake9 and welcome to CTH.
It looks like you have two active Antivirus running - "Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection. Not more." Remove/uninstall from " add/remove programs " in controlpanel: McAfee or Norton. Also remove Viewpoint Reboot. Please download combofix here -> ComboFix Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it. Now, please make sure no other programs are running, close all other windows. Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal. You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed. Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply |
#4
|
|||
|
|||
Hi, thanks so much for helping me out. This is the log from combofix!
ComboFix 09-06-28.02 - Joanne 06/28/2009 22:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.449 [GMT -7:00] Running from: c:\documents and settings\Joanne\Desktop\321.com.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Joanne\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat c:\windows\kb913800.exe c:\windows\setup.exe c:\windows\system32\cssrss.exe c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\nso12k.sys c:\windows\system32\ntos.exe c:\windows\system32\sdra64.exe c:\windows\system32\wsnpoem c:\windows\system32\wsnpoem\audio.dll c:\windows\system32\wsnpoem\audio.dll.cla c:\windows\system32\wsnpoem\video.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DRIVER -------\Service_Driver ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))))) . 2009-06-25 06:34 . 2009-06-25 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WebcamMax 2009-06-25 06:33 . 2009-06-25 06:34 -------- d-----w- c:\documents and settings\Joanne\Application Data\Webcammax 2009-06-25 06:31 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2009-06-25 06:31 . 2009-06-25 06:34 -------- d-----w- c:\program files\WebcamMax 2009-06-22 00:05 . 2009-06-22 00:07 -------- d-----w- c:\documents and settings\Joanne\Application Data\ooVoo Details 2009-06-22 00:04 . 2009-06-22 00:05 -------- d-----w- c:\program files\ooVoo 2009-06-11 18:57 . 2009-06-11 18:57 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\SACore 2009-06-10 17:13 . 2009-05-07 15:44 344064 -c----w- c:\windows\system32\dllcache\localspl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-06-29 05:43 . 2008-06-19 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-29 05:39 . 2007-01-11 22:25 -------- d-----w- c:\documents and settings\Joanne\Application Data\Viewpoint 2009-06-29 05:39 . 2006-12-01 23:00 -------- d-----w- c:\program files\Viewpoint 2009-06-29 05:39 . 2006-12-01 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-29 04:17 . 2008-10-01 22:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-26 02:57 . 2008-10-06 17:29 -------- d-----w- c:\documents and settings\Joanne\Application Data\Skype 2009-06-25 07:03 . 2008-10-06 17:30 -------- d-----w- c:\documents and settings\Joanne\Application Data\skypePM 2009-06-22 00:04 . 2006-07-24 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-19 08:36 . 2009-06-16 04:24 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe 2009-05-19 08:36 . 2009-06-16 04:24 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat 2009-05-19 08:36 . 2009-06-16 04:24 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe 2009-05-19 08:36 . 2009-06-16 04:24 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat 2009-05-19 08:36 . 2009-06-16 04:24 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe 2009-05-19 08:36 . 2009-06-16 04:24 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe 2009-05-19 08:36 . 2009-06-16 04:24 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe 2009-05-19 08:36 . 2009-06-16 04:24 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll 2009-05-07 15:44 . 2006-07-24 17:27 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 19:11 . 2009-05-06 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-06 19:11 . 2007-03-07 07:13 -------- d-----w- c:\program files\iTunes 2009-05-06 19:11 . 2009-05-06 19:11 -------- d-----w- c:\program files\iPod 2009-05-06 19:11 . 2007-11-16 21:39 -------- d-----w- c:\program files\Common Files\Apple 2009-05-06 18:57 . 2009-05-06 18:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-29 04:56 . 2006-07-24 17:27 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2006-07-24 17:27 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2006-07-24 17:27 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2006-07-24 17:27 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2007-01-26 07:23 . 2007-01-25 08:29 80 --sh--r- c:\windows\system32\7FFDBC2D98.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.e xe" [2006-05-08 81920] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] "Google Update"="c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-03 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-28 185896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256] "Sprint Connection Manager"="c:\program files\Sprint\Connection Manager\SprintCM.exe" [2007-05-16 69632] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] Sorry, it said the text was too long so it is separated into 2 different replies. Thanks again! |
#5
|
|||
|
|||
c:\documents and settings\Joanne\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-5-19 3450608] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248] Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2006-8-2 1310720] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2006-08-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1154548953\\ee\\aolsoftware.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"= "c:\\Documents and Settings\\Joanne\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Joanne\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*isabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*isabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*isabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*isabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*isabled:ooVoo UDP port 37675 R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [6/24/2009 11:31 PM 941784] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 10:28 AM 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21 sony.sys [7/24/2006 10:28 AM 226304] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [7/24/2006 12:39 PM 17251] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [7/24/2006 12:39 PM 7520] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . Contents of the 'Scheduled Tasks' folder 2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086087781-1966027462-2823163664-1005.job - c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 06:45] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe HKLM-Run-DISCover - c:\program files\DISC\DISCover.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyServer = webproxy.ucsd.edu:3128 uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Joanne\Application Data\Mozilla\Firefox\Profiles\gq6b92v0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - prefs.js: network.proxy.http - webproxy.ucsd.edu FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Joanne\Application Data\Mozilla\Firefox\Profiles\gq6b92v0.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\documents and settings\Joanne\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 23:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\hjgruinoplhcbc.sys 69632 bytes executable c:\windows\TEMP\hjgruiegewipymed.tmp 93 bytes c:\windows\TEMP\hjgruijnossiqmst.tmp 18944 bytes executable c:\windows\system32\hjgruibratanjt.dat 12301 bytes c:\windows\system32\hjgruioocfnywq.dll 18944 bytes executable c:\windows\system32\hjgruirlxlvcrx.dat 93 bytes c:\windows\system32\hjgruiuhfscbef.dll 44032 bytes executable scan completed successfully hidden files: 7 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h jgruitnkknqdv] "imagepath"="\systemroot\system32\drivers\hjgruino plhcbc.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(1304) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\igfxext.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Apoint\ApntEx.exe c:\program files\AIM6\aolsoftware.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************** ************************ . Completion time: 2009-06-29 23:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-29 06:14 Pre-Run: 65,607,987,200 bytes free Post-Run: 65,872,941,056 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect 299 --- E O F --- 2009-06-11 17:01 |
#6
|
||||
|
||||
My bad, as Iīve missed that part -"The logs will be reasonably large so you may have to divide them into sections and make several posts to post them."
Open notepad and copy/paste the text in the quotebox below into it: Name the file as CFScript and Save it on the desktop Code:
Killall:: Snapshot:: File:: c:\windows\system32\drivers\hjgruinoplhcbc.sys c:\windows\TEMP\hjgruiegewipymed.tmp c:\windows\TEMP\hjgruijnossiqmst.tmp c:\windows\system32\hjgruibratanjt.dat c:\windows\system32\hjgruioocfnywq.dll c:\windows\system32\hjgruirlxlvcrx.dat c:\windows\system32\hjgruiuhfscbef.dll Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruitnkknqdv] Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
#7
|
|||
|
|||
Logs. Thanks!
omboFix 09-06-28.02 - Joanne 06/28/2009 23:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.322 [GMT -7:00] Running from: c:\documents and settings\Joanne\Desktop\321.com.exe Command switches used :: c:\documents and settings\Joanne\Desktop\CFScript.txt FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\windows\system32\drivers\hjgruinoplhcbc.sy s" "c:\windows\system32\hjgruibratanjt.dat" "c:\windows\system32\hjgruioocfnywq.dll" "c:\windows\system32\hjgruirlxlvcrx.dat" "c:\windows\system32\hjgruiuhfscbef.dll" "c:\windows\TEMP\hjgruiegewipymed.tmp" "c:\windows\TEMP\hjgruijnossiqmst.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\hjgruinoplhcbc.sys c:\windows\system32\hjgruibratanjt.dat c:\windows\system32\hjgruioocfnywq.dll c:\windows\system32\hjgruirlxlvcrx.dat c:\windows\system32\hjgruiuhfscbef.dll c:\windows\TEMP\hjgruiegewipymed.tmp c:\windows\TEMP\hjgruijnossiqmst.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruitnkknqdv ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))))) . 2009-06-29 06:10 . 2009-06-29 06:10 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-25 06:34 . 2009-06-25 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WebcamMax 2009-06-25 06:33 . 2009-06-25 06:34 -------- d-----w- c:\documents and settings\Joanne\Application Data\Webcammax 2009-06-25 06:31 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2009-06-25 06:31 . 2009-06-25 06:34 -------- d-----w- c:\program files\WebcamMax 2009-06-22 00:05 . 2009-06-22 00:07 -------- d-----w- c:\documents and settings\Joanne\Application Data\ooVoo Details 2009-06-22 00:04 . 2009-06-22 00:05 -------- d-----w- c:\program files\ooVoo 2009-06-11 18:57 . 2009-06-11 18:57 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\SACore 2009-06-10 17:13 . 2009-05-07 15:44 344064 -c----w- c:\windows\system32\dllcache\localspl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-06-29 05:43 . 2008-06-19 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-29 05:39 . 2007-01-11 22:25 -------- d-----w- c:\documents and settings\Joanne\Application Data\Viewpoint 2009-06-29 05:39 . 2006-12-01 23:00 -------- d-----w- c:\program files\Viewpoint 2009-06-29 05:39 . 2006-12-01 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-29 04:17 . 2008-10-01 22:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-26 02:57 . 2008-10-06 17:29 -------- d-----w- c:\documents and settings\Joanne\Application Data\Skype 2009-06-25 07:03 . 2008-10-06 17:30 -------- d-----w- c:\documents and settings\Joanne\Application Data\skypePM 2009-06-22 00:04 . 2006-07-24 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-19 08:36 . 2009-06-16 04:24 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe 2009-05-19 08:36 . 2009-06-16 04:24 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat 2009-05-19 08:36 . 2009-06-16 04:24 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe 2009-05-19 08:36 . 2009-06-16 04:24 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat 2009-05-19 08:36 . 2009-06-16 04:24 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe 2009-05-19 08:36 . 2009-06-16 04:24 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe 2009-05-19 08:36 . 2009-06-16 04:24 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe 2009-05-19 08:36 . 2009-06-16 04:24 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll 2009-05-07 15:44 . 2006-07-24 17:27 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 19:11 . 2009-05-06 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-06 19:11 . 2007-03-07 07:13 -------- d-----w- c:\program files\iTunes 2009-05-06 19:11 . 2009-05-06 19:11 -------- d-----w- c:\program files\iPod 2009-05-06 19:11 . 2007-11-16 21:39 -------- d-----w- c:\program files\Common Files\Apple 2009-05-06 18:57 . 2009-05-06 18:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-29 04:56 . 2006-07-24 17:27 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2006-07-24 17:27 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2006-07-24 17:27 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2006-07-24 17:27 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2007-01-26 07:23 . 2007-01-25 08:29 80 --sh--r- c:\windows\system32\7FFDBC2D98.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.e xe" [2006-05-08 81920] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] "Google Update"="c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-03 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-28 185896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256] "Sprint Connection Manager"="c:\program files\Sprint\Connection Manager\SprintCM.exe" [2007-05-16 69632] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] c:\documents and settings\Joanne\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-5-19 3450608] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248] Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2006-8-2 1310720] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2006-08-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1154548953\\ee\\aolsoftware.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"= "c:\\Documents and Settings\\Joanne\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Joanne\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= |
#8
|
|||
|
|||
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*isabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*isabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*isabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*isabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*isabled:ooVoo UDP port 37675 R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [6/24/2009 11:31 PM 941784] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 10:28 AM 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21 sony.sys [7/24/2006 10:28 AM 226304] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [7/24/2006 12:39 PM 17251] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [7/24/2006 12:39 PM 7520] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . Contents of the 'Scheduled Tasks' folder 2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086087781-1966027462-2823163664-1005.job - c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 06:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyServer = webproxy.ucsd.edu:3128 uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Joanne\Application Data\Mozilla\Firefox\Profiles\gq6b92v0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - prefs.js: network.proxy.http - webproxy.ucsd.edu FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Joanne\Application Data\Mozilla\Firefox\Profiles\gq6b92v0.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\documents and settings\Joanne\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 23:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h jgruitnkknqdv] "imagepath"="\systemroot\system32\drivers\hjgruino plhcbc.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h jgruitnkknqdv] @DACL=(02 0000) "start"=dword:00000001 "type"=dword:00000001 "group"="file system" "imagepath"=expand:"\\systemroot\\system32\\driver s\\hjgruinoplhcbc.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(4692) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\ApntEx.exe c:\program files\AIM6\aolsoftware.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Symantec\LiveUpdate\AUPDATE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE c:\program files\AIM6\anotify.exe . ************************************************** ************************ . Completion time: 2009-06-29 23:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-29 06:52 ComboFix2.txt 2009-06-29 06:14 Pre-Run: 65,915,584,512 bytes free Post-Run: 65,903,464,448 bytes free 295 --- E O F --- 2009-06-11 17:01 |
#9
|
||||
|
||||
Looks like we have improvements -
Open notepad and copy/paste the text in the codebox below into it: Name the file as CFScript and Save it on the desktop Code:
Killall:: Snapshot:: File:: C:\WINDOWS\system32\drivers\hjgruinoplhcbc.sys" Registry:: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruitnkknqdv] "imagepath"=- [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruitnkknqdv] Reglockdel:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruitnkknqdv] Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
#10
|
|||
|
|||
ComboFix 09-06-28.02 - Joanne 06/29/2009 0:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.309 [GMT -7:00] Running from: c:\documents and settings\Joanne\Desktop\321.com.exe Command switches used :: c:\documents and settings\Joanne\Desktop\CFScript.txt FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\windows\system32\drivers\hjgruinoplhcbc.sy s" . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))))) . 2009-06-29 06:10 . 2009-06-29 06:10 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-25 06:34 . 2009-06-25 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WebcamMax 2009-06-25 06:33 . 2009-06-25 06:34 -------- d-----w- c:\documents and settings\Joanne\Application Data\Webcammax 2009-06-25 06:31 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2009-06-25 06:31 . 2009-06-25 06:34 -------- d-----w- c:\program files\WebcamMax 2009-06-22 00:05 . 2009-06-22 00:07 -------- d-----w- c:\documents and settings\Joanne\Application Data\ooVoo Details 2009-06-22 00:04 . 2009-06-22 00:05 -------- d-----w- c:\program files\ooVoo 2009-06-11 18:57 . 2009-06-11 18:57 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\SACore 2009-06-10 17:13 . 2009-05-07 15:44 344064 -c----w- c:\windows\system32\dllcache\localspl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-06-29 05:43 . 2008-06-19 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-29 05:39 . 2007-01-11 22:25 -------- d-----w- c:\documents and settings\Joanne\Application Data\Viewpoint 2009-06-29 05:39 . 2006-12-01 23:00 -------- d-----w- c:\program files\Viewpoint 2009-06-29 05:39 . 2006-12-01 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-29 04:17 . 2008-10-01 22:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-26 02:57 . 2008-10-06 17:29 -------- d-----w- c:\documents and settings\Joanne\Application Data\Skype 2009-06-25 07:03 . 2008-10-06 17:30 -------- d-----w- c:\documents and settings\Joanne\Application Data\skypePM 2009-06-22 00:04 . 2006-07-24 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-19 08:36 . 2009-06-16 04:24 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe 2009-05-19 08:36 . 2009-06-16 04:24 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat 2009-05-19 08:36 . 2009-06-16 04:24 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe 2009-05-19 08:36 . 2009-06-16 04:24 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat 2009-05-19 08:36 . 2009-06-16 04:24 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe 2009-05-19 08:36 . 2009-06-16 04:24 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe 2009-05-19 08:36 . 2009-06-16 04:24 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe 2009-05-19 08:36 . 2009-06-16 04:24 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll 2009-05-07 15:44 . 2006-07-24 17:27 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 19:11 . 2009-05-06 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-06 19:11 . 2007-03-07 07:13 -------- d-----w- c:\program files\iTunes 2009-05-06 19:11 . 2009-05-06 19:11 -------- d-----w- c:\program files\iPod 2009-05-06 19:11 . 2007-11-16 21:39 -------- d-----w- c:\program files\Common Files\Apple 2009-05-06 18:57 . 2009-05-06 18:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-29 04:56 . 2006-07-24 17:27 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2006-07-24 17:27 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2006-07-24 17:27 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2006-07-24 17:27 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2007-01-26 07:23 . 2007-01-25 08:29 80 --sh--r- c:\windows\system32\7FFDBC2D98.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.e xe" [2006-05-08 81920] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] "Google Update"="c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-03 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-28 185896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256] "Sprint Connection Manager"="c:\program files\Sprint\Connection Manager\SprintCM.exe" [2007-05-16 69632] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] c:\documents and settings\Joanne\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-5-19 3450608] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248] Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2006-8-2 1310720] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2006-08-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1154548953\\ee\\aolsoftware.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"= "c:\\Documents and Settings\\Joanne\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Joanne\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*isabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*isabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*isabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*isabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*isabled:ooVoo UDP port 37675 R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [6/24/2009 11:31 PM 941784] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 10:28 AM 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21 sony.sys [7/24/2006 10:28 AM 226304] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [7/24/2006 12:39 PM 17251] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [7/24/2006 12:39 PM 7520] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . Contents of the 'Scheduled Tasks' folder 2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086087781-1966027462-2823163664-1005.job - c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 06:45] |
#11
|
|||
|
|||
.
------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyServer = webproxy.ucsd.edu:3128 uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Joanne\Application Data\Mozilla\Firefox\Profiles\gq6b92v0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - prefs.js: network.proxy.http - webproxy.ucsd.edu FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Joanne\Application Data\Mozilla\Firefox\Profiles\gq6b92v0.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\documents and settings\Joanne\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Joanne\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-29 00:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(5504) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\ApntEx.exe c:\program files\AIM6\aolsoftware.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Trend Micro\Tmas\ssmsg.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Symantec\LiveUpdate\AUPDATE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . ************************************************** ************************ . Completion time: 2009-06-29 0:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-29 07:26 ComboFix2.txt 2009-06-29 06:52 ComboFix3.txt 2009-06-29 06:14 Pre-Run: 65,890,639,872 bytes free Post-Run: 65,887,735,808 bytes free 268 --- E O F --- 2009-06-11 17:01 |
#12
|
||||
|
||||
Looking good.
Iīll suggest you run a cleanup scan -> Please download Malwarebytes' Anti-Malware: Malwarebytes-Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ? |
#13
|
|||
|
|||
While it was quarantining the Malware scanning program ended up freezing. I don't know if that's normal but hopefully rebooting the computer will fix the other problems.
Malwarebytes' Anti-Malware 1.38 Database version: 2350 Windows 5.1.2600 Service Pack 2 6/29/2009 11:08:35 AM mbam-log-2009-06-29 (11-08-35).txt Scan type: Full Scan (C:\|) Objects scanned: 226896 Time elapsed: 59 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\WINDOWS\system32\nso12k.sys .vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\Temp\hjgruijnossiqm st.tmp.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{ece42d92-315c-418e-8f32-95dc4ff2bbef}\RP593\A0101129.sys (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{ece42d92-315c-418e-8f32-95dc4ff2bbef}\RP594\A0102138.sys (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{ece42d92-315c-418e-8f32-95dc4ff2bbef}\RP595\A0104134.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> Delete on reboot. C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe (Backdoor.Bot) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe (Backdoor.Bot) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\intalscrens.exe (Worm.Autorun) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe (Worm.Autorun) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Worm.Autorun) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe (Trojan.Agent) -> Delete on reboot. C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\csrss.exe (Trojan.Agent) -> Delete on reboot. C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\Services.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1292832515-2685961851-318933812-6215\service.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndrv.exe (Worm.AutoRun) -> Delete on reboot. C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe (Worm.AutoRun) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe (Backdoor.Bot) -> Delete on reboot. C:\RECYCLER\blazewrm.vmx (Worm.BlazeBot) -> Delete on reboot. |
#14
|
|||
|
|||
Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:59 AM, on 6/29/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Joanne\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = webproxy.ucsd.edu:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Sprint Connection Manager] "C:\Program Files\Sprint\Connection Manager\SprintCM.exe" -a O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/actives.../asproinst.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 14358 bytes Things seem to be running fairly smoothly now and I don't have the redirecting problem anymore. Thanks again! |
#15
|
||||
|
||||
Thatīs good news
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtumonde infections. It is very important not only to keep Sun Java up to date, but also to remove older versions which have security holes and can be exploited by malware. In preparation first download the latest version: Here Required: You must accept the license agreement to download the product. Uninstall ALL old versions of Sun Java via Add/Remove Programs in controlpanel. Click the Remove or Change/Remove button Restart your PC once all Java components have been removed. Then install the downloaded java file. And youīre good to go. Now your computer problems are solved, it is time for the clean-up procedure You should Create a New Restore Point to prevent possible reinfection from an old one. The easiest and safest way to do this is: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. When shown the disclaimer, Select "2" The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. To learn more about how to protect yourself while on the internet, please read this guide: How to help Prevent reinfection |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
redirect virus | excelsior07 | Malware Removal | 28 | November 27th, 2012 07:55 AM |
Redirect virus | excelsior07 | Windows Vista | 1 | November 17th, 2012 12:06 AM |
Redirect virus has me | garenzo | Malware Removal | 20 | June 17th, 2010 12:23 AM |
Redirect Virus | jon111 | Malware Removal | 1 | June 14th, 2010 01:59 AM |
Possible Redirect virus | aspall | Malware Removal | 9 | November 16th, 2007 05:42 PM |
All times are GMT +1. The time now is 07:48 PM.