|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Can't Access Microsoft Update Site - ReDirect
The computer I am looking at cannot access the Microsoft update site. It redirects to IP 72.14.205.100. I ran DDR yet I cannot find the malware redirecting me. Here is the DDS info:
DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 12/30/2005 1:09:18 PM System Uptime: 9/18/2010 2:06:35 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 0WC297 Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 149 GiB total, 127.309 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1613: 6/21/2010 4:48:28 AM - System Checkpoint RP1614: 6/22/2010 5:48:29 AM - System Checkpoint RP1615: 6/23/2010 5:54:21 AM - System Checkpoint RP1616: 6/24/2010 6:10:01 AM - System Checkpoint RP1617: 6/25/2010 12:54:39 PM - System Checkpoint RP1618: 6/26/2010 1:26:23 PM - System Checkpoint RP1619: 6/27/2010 2:25:04 PM - System Checkpoint RP1620: 6/28/2010 3:39:15 PM - System Checkpoint RP1621: 6/29/2010 4:27:27 PM - System Checkpoint RP1622: 6/30/2010 4:38:22 PM - System Checkpoint RP1623: 7/1/2010 5:26:35 PM - System Checkpoint RP1624: 7/2/2010 6:27:35 PM - System Checkpoint RP1625: 7/3/2010 7:26:34 PM - System Checkpoint RP1626: 7/4/2010 8:26:34 PM - System Checkpoint RP1627: 7/5/2010 9:26:35 PM - System Checkpoint RP1628: 7/7/2010 12:15:51 PM - System Checkpoint RP1629: 7/7/2010 3:07:27 PM - Software Distribution Service 3.0 RP1630: 7/8/2010 4:03:52 PM - System Checkpoint RP1631: 7/10/2010 8:21:13 AM - System Checkpoint RP1632: 7/11/2010 9:02:51 AM - System Checkpoint RP1633: 7/12/2010 9:05:29 AM - System Checkpoint RP1634: 7/13/2010 10:16:17 AM - System Checkpoint RP1635: 7/14/2010 10:22:30 AM - System Checkpoint RP1636: 7/15/2010 11:09:05 AM - System Checkpoint RP1637: 7/16/2010 11:43:09 AM - System Checkpoint RP1638: 7/17/2010 12:22:09 PM - System Checkpoint RP1639: 7/18/2010 1:22:09 PM - System Checkpoint RP1640: 7/19/2010 5:27:45 PM - System Checkpoint RP1641: 7/20/2010 6:22:10 PM - System Checkpoint RP1642: 7/21/2010 6:55:25 PM - System Checkpoint RP1643: 7/22/2010 7:55:25 PM - System Checkpoint RP1644: 7/23/2010 8:07:55 PM - System Checkpoint RP1645: 7/24/2010 8:55:24 PM - System Checkpoint RP1646: 7/25/2010 9:55:24 PM - System Checkpoint RP1647: 7/26/2010 10:55:24 PM - System Checkpoint RP1648: 7/27/2010 11:55:26 PM - System Checkpoint RP1649: 7/29/2010 12:55:42 AM - System Checkpoint RP1650: 7/30/2010 1:55:42 AM - System Checkpoint RP1651: 7/31/2010 2:55:41 AM - System Checkpoint RP1652: 8/1/2010 3:55:41 AM - System Checkpoint RP1653: 8/2/2010 4:55:41 AM - System Checkpoint RP1654: 8/3/2010 5:55:42 AM - System Checkpoint RP1655: 8/4/2010 6:55:42 AM - System Checkpoint RP1656: 8/5/2010 10:04:04 AM - System Checkpoint RP1657: 8/6/2010 10:38:28 AM - System Checkpoint RP1658: 8/7/2010 11:37:24 AM - System Checkpoint RP1659: 8/8/2010 12:37:23 PM - System Checkpoint RP1660: 8/9/2010 1:16:50 PM - System Checkpoint RP1661: 8/10/2010 1:37:24 PM - System Checkpoint RP1662: 8/11/2010 2:50:54 PM - System Checkpoint RP1663: 8/12/2010 3:01:03 PM - System Checkpoint RP1664: 8/13/2010 4:25:37 PM - System Checkpoint RP1665: 8/14/2010 4:37:26 PM - System Checkpoint RP1666: 8/15/2010 5:41:32 PM - System Checkpoint RP1667: 8/16/2010 5:43:35 PM - System Checkpoint RP1668: 8/17/2010 6:38:32 PM - System Checkpoint RP1669: 8/18/2010 2:00:24 PM - Installed SHARP MX/DX Series Printer Driver RP1670: 8/18/2010 2:01:47 PM - Installed SHARP MX/DX Series Printer Driver RP1671: 8/18/2010 2:04:26 PM - Printer Driver SHARP MX-3100N PCL6 Installed RP1672: 8/18/2010 2:09:19 PM - Installed SHARP MX Series Printer Driver RP1673: 8/18/2010 2:11:27 PM - Printer Driver SHARP MX-M363N PCL5e Installed RP1674: 8/19/2010 8:03:34 AM - Installed Java(TM) 6 Update 21 RP1675: 8/19/2010 11:06:01 AM - Installed SHARP MX/DX Series PC-Fax Driver RP1676: 8/19/2010 11:08:03 AM - Printer Driver SHARP MX-3100N FAX Installed RP1677: 8/20/2010 11:19:18 AM - System Checkpoint RP1678: 8/21/2010 12:19:18 PM - System Checkpoint RP1679: 8/22/2010 1:19:18 PM - System Checkpoint RP1680: 8/23/2010 1:31:48 PM - System Checkpoint RP1681: 8/24/2010 4:46:53 PM - System Checkpoint RP1682: 8/25/2010 5:21:29 PM - System Checkpoint RP1683: 8/26/2010 5:29:06 PM - System Checkpoint RP1684: 8/27/2010 5:39:10 PM - System Checkpoint RP1685: 8/28/2010 6:19:43 PM - System Checkpoint RP1686: 8/29/2010 7:19:44 PM - System Checkpoint RP1687: 8/30/2010 8:20:49 PM - System Checkpoint RP1688: 8/31/2010 9:19:44 PM - System Checkpoint RP1689: 9/1/2010 10:19:52 PM - System Checkpoint RP1690: 9/2/2010 11:19:52 PM - System Checkpoint RP1691: 9/4/2010 12:19:55 AM - System Checkpoint RP1692: 9/5/2010 1:19:55 AM - System Checkpoint RP1693: 9/6/2010 2:19:54 AM - System Checkpoint RP1694: 9/7/2010 3:19:54 AM - System Checkpoint RP1695: 9/8/2010 4:19:54 AM - System Checkpoint RP1696: 9/9/2010 5:20:03 AM - System Checkpoint RP1697: 9/10/2010 6:20:03 AM - System Checkpoint RP1698: 9/11/2010 7:20:03 AM - System Checkpoint RP1699: 9/12/2010 8:20:04 AM - System Checkpoint RP1700: 9/13/2010 12:14:12 PM - System Checkpoint RP1701: 9/14/2010 12:30:31 PM - System Checkpoint RP1702: 9/15/2010 1:21:10 PM - System Checkpoint RP1703: 9/16/2010 3:59:14 PM - System Checkpoint RP1704: 9/17/2010 4:20:13 PM - System Checkpoint ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.4 Adobe® Photoshop® Album Starter Edition 3.2 Annual Parts Return Anzio Lite 12.5 Canon Camera Access Library Canon Camera Support Core Library Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CDDRV_Installer Crash Analysis Tool Critical Update for Windows Media Player 11 (KB959772) Dell Software Uninstall Dell Support Center (Support Software) getPlus(R)_ocx Graphical Interface 4.3 HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Color LaserJet CP3505 HP LaserJet Fonts HP Proactive Services HP Update Intel(R) Extreme Graphics 2 Driver Intel(R) PRO Network Connections Drivers Intel(R) PROSet Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java(TM) 6 Update 21 KhalInstallWrapper KhalSetup Logitech Communications Manager Logitech SetPoint Logitech Updater Mainstay WinFlow 6 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office XP Web Components Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) OGA Notifier 2.0.0048.0 OpenOffice.org 3.2 Operating System Communication Components Panda Security for Desktops Parts Order Entry PowerDVD 5.1 Retrospect Client 7.6 SalesMate SCAT Launch Pad Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981349) SHARP MX-B,M283/M363/M453/M503/M623/M753 Series PCL5e Printer Driver SHARP MX/DX Series PC-Fax Driver SHARP MX/DX Series PCL/PS Printer Driver Spelling Dictionaries Support For Adobe Reader 9 StormFront Suzuki Connect AMDSG Templates Suzuki Connect Applications Install Package Suzuki Connect Core Install package Suzuki Pass-Thru Reprogramming Tool Suzuki Shared Components Tech2 Reflash Application V3.0.3 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VB Runtime Virtual Print Engine 3 Virtual Print Engine 3 Installation w481complete WarrantyClaimEntry WarrantyWizard Subaru WebEx WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 7 Windows Live Sign-in Assistant Windows Media Connect Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows PowerShell(TM) 1.0 Windows PowerShell(TM) 1.0 MUI pack Windows Presentation Foundation Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 9/18/2010 12:35:36 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting. 9/18/2010 12:35:05 PM, error: Service Control Manager [7022] - The Windows Search service hung on starting. 9/18/2010 12:31:14 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 9/18/2010 12:31:14 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 9/18/2010 12:26:10 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s). ==== End Of File =========================== |
#2
|
|||
|
|||
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 14:27:41.45 on Sat 09/18/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.969 [GMT -4:00] AV: Panda Security for Desktops *On-access scanning enabled* (Updated) {208F4477-D1F0-411A-8D21-0367EC0D3D43} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Panda Software\AVTC\PavSrvX86.exe C:\Program Files\Panda Software\AVTC\AVENGINE.EXE svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Panda Software\AVTC\PsCtrlS.exe C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe C:\Program Files\Panda Software\AVTC\PsImSvc.exe C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe C:\Program Files\Retrospect\Retrospect Client\retroclient.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Panda Software\AVTC\SrvLoad.exe C:\Program Files\Panda Software\AVTC\WebProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Panda Software\AVTC\PSCtrlC.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV .exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\regedit.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mDefault_Page_URL = hxxp://www.dell.com mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [Panda Controller Client] "c:\program files\panda software\avtc\PSCtrlC.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [SN0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV .exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\panda software\avtc\pavlsp.dll Trusted Zone: scat.suz.com\www Trusted Zone: suz.com\cww.scat Trusted Zone: suz.com\www.scat Trusted Zone: suzuki.com\www.dealer Trusted Zone: suzukiconnect.com\qa Trusted Zone: suzukiconnect.com\www Trusted Zone: suzukidcs.com\www Trusted Zone: scat.suz.com\cww Trusted Zone: scat.suz.com\www Trusted Zone: suz.com\Cww.scat Trusted Zone: suz.com\www.scat Trusted Zone: suzuki.co.jp\scan Trusted Zone: suzuki.com\www.dealer Trusted Zone: suzukiconnect.com\qa Trusted Zone: suzukiconnect.com\www Trusted Zone: suzukidcs.com\www DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {171B10C1-475C-11D4-8E21-005004718DC0} - hxxps://www.scat.suz.com/cab/Prjaos.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {194129C5-CA7D-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/wsndctl.CAB DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://powerkatalyst.jdpa.com/download/CfxIEAx.cab DPF: {2345F907-F5CF-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/scatdp2a.CAB DPF: {2D361311-74CA-11D2-B3F4-0060083BE8BF} - hxxps://www.scat.suz.com/cab/Scatdp2.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {399548B6-253E-11D2-BE13-000000000000} - hxxps://www.scat.suz.com/cab/vpectrl3.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {43241AD9-3A89-4815-9A9C-7D9B549AA13A} - hxxps://www.scat.suz.com/cab/prj481E.CAB DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://67.151.197.153/XTSAC.cab DPF: {4772479E-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w481.CAB DPF: {477247AA-D3FB-11D3-9261-00104B6943CA} - hxxps://www.scat.suz.com/CAB/w4831.CAB DPF: {477247B6-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w4832.CAB DPF: {477247C2-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w4841.CAB DPF: {477247DA-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w485.CAB DPF: {4EA5AA95-5B42-11DA-A56E-0003FFDCDC17} - hxxps://www.scat.suz.com/cab/sd.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} DPF: {531CD468-D7BF-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/cab/Scatdp4.CAB DPF: {55E14374-97C6-11D1-BF85-0060083BE8BF} - hxxps://www.suzukiconnect.com/CAB/prjTitlebar2.cab DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx DPF: {5DE9821B-6881-40B1-9A78-EEBE4A8B1BD8} - hxxps://www.suzukiconnect.com/COMMON/installer/scm.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264503984042 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264503968699 DPF: {71E098B7-728F-11D2-B3F4-0060083BE8BF} - hxxps://www.scat.suz.com/cab/Scatdp1.CAB DPF: {7FE4F4D9-141D-11D6-9FC3-00010262094C} - hxxps://www.suzukiconnect.com/cab/w489.CAB DPF: {87FA653D-4C13-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/ScatUpdater.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8EBAC640-ECA5-404C-AFD9-18D61BE4AF82} - hxxps://www.scat.suz.com/cab/ctlepc.CAB DPF: {915DB736-2591-11D3-8E1F-005004718DC0} - hxxps://www.suzukiconnect.com/cab/scatdp3.cab DPF: {AFFC1B04-97F4-11DA-A56E-0003FFDDDC17} - hxxps://www.suzukiconnect.com/CAB/w486.CAB DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CBCF1FEA-4905-11D4-8E21-005004718DC0} - hxxps://www.scat.suz.com/cab/w281ctlE.CAB DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4C4A875-FD4E-11D4-AC39-00010262094C} - hxxps://www.scat.suz.com/cab/Scatdp1a.CAB DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://proquest.webex.com/client/T23SP33EP5/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EA712BDB-7FE5-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/login.CAB DPF: {F25620FB-9C81-11D1-BF85-0060083BE8BF} - hxxps://www.scat.suz.com/cab/priStatusBox.CAB DPF: {F789E003-CC28-11CF-AEF7-444553540000} - hxxps://www.scat.suz.com/cab/vpectrl.cab DPF: {FDC1DAA5-BC3E-11D2-B3F6-0060083BE8BF} - hxxps://www.scat.suz.com/cab/Scatchk1.CAB TCP: NameServer = 93.188.164.72,93.188.166.222 TCP: {8C2B14CE-A6AB-4E9C-BCD5-0EC5082DC5D7} = 93.188.164.72,93.188.166.222 Notify: avldr - avldr.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\prof iles\ip6xkn2c.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ip6xkn2c.default\ext ensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2007-7-28 36744] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sy s [2010-6-12 51208] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2007-1-13 3712] R2 Panda Software Controller;Panda Software Controller;c:\program files\panda software\avtc\PSCtrlS.exe [2007-8-4 383232] R2 PAVAGENTE;Panda AdminSecure Communications Agent;c:\program files\panda software\panda administrator 3\pav_agent\Pagent.exe [2010-6-12 468224] R2 PavAtScheduler;Panda AdminSecure Scheduler;c:\program files\panda software\panda administrator 3\scheduler\pavsched.exe [2010-6-12 255232] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2006-6-24 172168] R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2006-6-24 62768] R2 PavSrv;Panda Antivirus Service;c:\program files\panda software\avtc\pavsrvx86.exe [2010-6-12 183040] R2 Retrospect Client;Retrospect Client;c:\program files\retrospect\retrospect client\RemotSvc.exe [2008-12-1 61440] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] S3 PavReport;Panda Antivirus Report Service;c:\program files\panda software\panda administrator 3\pavreport\PavReport.exe [2010-6-12 926976] S3 PDIBUSB;USB Driver for PC Diagnosis System;c:\windows\system32\drivers\PDIBUSB.sys [2005-10-5 12657] =============== Created Last 30 ================ ==================== Find3M ==================== 2010-08-18 12:40:26 98304 ----a-w- c:\windows\system32\SR0DLMON.dll 2010-08-18 12:40:26 77492 ----a-w- c:\windows\system32\SCN2PM.dll 2010-08-18 12:40:26 53248 ----a-w- c:\windows\system32\SCN2PMR.dll 2010-08-18 12:40:26 51855 ----a-w- c:\windows\system32\SCN2PMUI.dll 2010-08-18 12:40:26 45056 ----a-w- c:\windows\system32\SR0DMTNT.dll 2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 14:29:39.60 =============== |
#3
|
|||
|
|||
It looks like your Name Servers have been changed. We can fix those, but if there's more to this if the malware is still present. it will put them right back.
Download the latest version of Combofix.exe from here and save it to your Desktop. Doubleclick on combofix.exe and the scan will start. Go ahead and install the Recovery Console if you are asked to do so (this doesnt apply to Vista or Windows 7). When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. NB Please disable your antivirus program as it may interfere with ComboFix's routines.[/QUOTE] |
#4
|
|||
|
|||
Sorry I forgot about this one. After I posted the results, I found the DNS problem and forgot to update the ticket. It was the last thing to be removed as I had found all the other things using OTL and RSIT along with manual searches of the registry. (Just my process of doing things.)
Last edited by cuervo1.8k; July 17th, 2011 at 10:08 PM. |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Urgent Help with site redirect PLEEASE | jrbing | Web Development & Graphic Design | 4 | January 26th, 2005 09:31 PM |
Microsoft Update Site | tattoo113 | Windows XP | 2 | October 11th, 2004 04:52 AM |
Cannot access Windows Update site | skeptikyl | Internet / Browsers | 2 | October 7th, 2004 08:02 PM |
Just got games. Won't let game access site for update. | findout | Gaming | 10 | July 30th, 2004 08:59 PM |
Stubborn about:blank & microsoft redirect (log included) | StopPCTerrorism | Malware Removal | 3 | June 15th, 2004 06:24 PM |
All times are GMT +1. The time now is 09:58 PM.