Jump to content

Malwarebytes

Redirected on Google searches

- - - - -
Started by alexboy, Oct 31 2009 07:55 PM

9 replies to this topic

#1
alexboy
Posted 31 October 2009 - 07:55 PM

    New Member

  • Members
  • Pip
  • 44 posts
After doing a Google search and clicking on the given links, I am often (but not always) redirected to another bogus site. A MBAM scan came back clean, and after running Spybot and allegedly "fixing" the problems it found, the Google problem persists. If anyone can help, I'd be very grateful. Here are the MBAM and HJT logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 2

10/31/2009 2:17:19 PM
mbam-log-2009-10-31 (14-17-19).txt

Scan type: Quick Scan
Objects scanned: 125948
Time elapsed: 18 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:48 PM, on 10/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Documents and Settings\HP_Administrator\Desktop\yProxy.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238527934296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA62877-8BEA-458E-9209-6F51E4CC697E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E71310-75FF-497D-BECD-E9C49FE7B764}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7B8D55-4C0A-480F-9C44-79656DC6EC28}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA62877-8BEA-458E-9209-6F51E4CC697E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0BA62877-8BEA-458E-9209-6F51E4CC697E}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca08a443d5b73e) (gupdate1ca08a443d5b73e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7953 bytes

#2
alexboy
Posted 03 November 2009 - 12:01 AM

    New Member

  • Members
  • Pip
  • 44 posts
Anyone have any ideas?

#3
Blade81
Posted 08 November 2009 - 03:14 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Hello,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#4
alexboy
Posted 09 November 2009 - 12:57 AM

    New Member

  • Members
  • Pip
  • 44 posts
Thanks for your help, I really appreciate it. I'm running the GMER scan now, and since it's taking quite a while to finish, I'm going to post the DDS and Attach logs you requested here, and when the scan finishes, I'll post it separately. Here's the DDS log:



DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 16:55:26.98 on Sun 11/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1456 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Documents and Settings\HP_Administrator\Desktop\yProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\iexplore.exe.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238527934296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0BA62877-8BEA-458E-9209-6F51E4CC697E} = 208.67.220.220,208.67.222.222
TCP: {49E71310-75FF-497D-BECD-E9C49FE7B764} = 208.67.220.220,208.67.222.222
TCP: {4B7B8D55-4C0A-480F-9C44-79656DC6EC28} = 208.67.220.220,208.67.222.222
TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 208.67.220.220,208.67.222.222
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\gs1t2cw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-3 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-7-21 468768]
S2 gupdate1ca08a443d5b73e;Google Update Service (gupdate1ca08a443d5b73e);c:\program files\google\update\GoogleUpdate.exe [2009-7-19 133104]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-12-28 83496]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-23 20:47:44 0 d-----w- c:\program files\joogqs

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-13 21:08:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-13 21:08:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2008-12-17 02:16:00 7518240 ----a-w- c:\program files\Firefox Setup 3.0.5.exe
2008-11-12 00:16:26 14622342 ----a-w- c:\program files\vlc-0.9.6-win32.exe
2008-11-06 23:38:24 2078831 ----a-w- c:\program files\mplayerc_20081005.zip
2006-08-29 23:13:44 599592 ----a-w- c:\program files\DMSetup.exe
2006-08-28 22:40:27 13736064 ----a-w- c:\program files\GoogleEarthWin.exe
2006-08-28 19:43:49 37518744 ----a-w- c:\program files\iTunesSetup.exe
2006-08-28 19:33:35 5834344 ----a-w- c:\program files\winzip100.exe
2006-08-28 02:42:33 410309 ----a-w- c:\program files\yproxy12.zip
2006-08-28 00:39:14 198656 ----a-w- c:\program files\yproxywizard.exe
2006-10-31 01:40:06 22 -csha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 16:57:00.42 ===============


And here's the Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2006 12:58:42 PM
System Uptime: 11/8/2009 4:07:58 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Basswood
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 159.803 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 20.73 GiB free.
E: is FIXED (FAT32) - 9 GiB total, 0.389 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 1397 GiB total, 948.051 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/1/2009 10:26:14 PM - System Checkpoint
RP2: 9/3/2009 4:55:24 PM - Installed Java™ 6 Update 15
RP3: 9/3/2009 4:56:46 PM - Installed Java™ 6 Update 16
RP4: 9/3/2009 9:55:22 PM - Avira AntiVir Personal - 9/3/2009 21:55
RP5: 9/5/2009 10:20:16 AM - System Checkpoint
RP6: 9/6/2009 3:48:57 PM - System Checkpoint
RP7: 9/7/2009 5:13:26 PM - Installed Hearts of Iron III
RP8: 9/7/2009 5:43:57 PM - Installed DirectX
RP9: 9/7/2009 6:02:52 PM - Installed Hearts of Iron III
RP10: 9/8/2009 6:16:51 PM - System Checkpoint
RP11: 9/9/2009 7:36:54 PM - System Checkpoint
RP12: 9/9/2009 11:06:34 PM - Software Distribution Service 3.0
RP13: 9/11/2009 6:55:36 PM - System Checkpoint
RP14: 9/13/2009 5:19:41 PM - System Checkpoint
RP15: 9/14/2009 7:09:40 PM - System Checkpoint
RP16: 9/15/2009 7:17:47 PM - System Checkpoint
RP17: 9/16/2009 10:33:28 PM - Software Distribution Service 3.0
RP18: 9/18/2009 7:20:21 PM - System Checkpoint
RP19: 9/20/2009 4:55:44 PM - System Checkpoint
RP20: 9/21/2009 7:45:26 PM - System Checkpoint
RP21: 9/22/2009 8:35:03 PM - System Checkpoint
RP22: 9/24/2009 1:43:59 PM - System Checkpoint
RP23: 9/25/2009 5:40:36 PM - System Checkpoint
RP24: 9/26/2009 5:50:40 PM - System Checkpoint
RP25: 9/27/2009 7:06:49 PM - System Checkpoint
RP26: 9/29/2009 5:59:46 PM - System Checkpoint
RP27: 10/1/2009 6:27:49 PM - System Checkpoint
RP28: 10/3/2009 8:02:22 AM - System Checkpoint
RP29: 10/4/2009 7:06:03 PM - System Checkpoint
RP30: 10/6/2009 4:50:37 PM - System Checkpoint
RP31: 10/7/2009 6:57:30 PM - System Checkpoint
RP32: 10/8/2009 7:46:58 PM - System Checkpoint
RP33: 10/10/2009 11:22:58 AM - System Checkpoint
RP34: 10/11/2009 5:41:07 PM - System Checkpoint
RP35: 10/13/2009 6:18:43 PM - System Checkpoint
RP36: 10/13/2009 10:50:20 PM - Software Distribution Service 3.0
RP37: 10/15/2009 7:02:41 PM - System Checkpoint
RP38: 10/16/2009 7:15:06 PM - System Checkpoint
RP39: 10/18/2009 2:12:45 AM - System Checkpoint
RP40: 10/19/2009 6:53:35 PM - System Checkpoint
RP41: 10/20/2009 8:21:54 PM - System Checkpoint
RP42: 10/22/2009 1:42:10 PM - System Checkpoint
RP43: 10/23/2009 6:24:13 PM - System Checkpoint
RP44: 10/25/2009 7:40:17 PM - System Checkpoint
RP45: 10/27/2009 8:06:20 PM - System Checkpoint
RP46: 10/29/2009 12:51:08 PM - System Checkpoint
RP47: 10/30/2009 1:38:11 PM - System Checkpoint
RP48: 10/31/2009 5:55:20 PM - System Checkpoint
RP49: 11/1/2009 7:09:22 PM - System Checkpoint
RP50: 11/2/2009 8:17:37 PM - System Checkpoint
RP51: 11/4/2009 8:09:44 PM - System Checkpoint
RP52: 11/4/2009 11:47:47 PM - Software Distribution Service 3.0
RP53: 11/7/2009 8:52:05 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avira AntiVir Personal - Free Antivirus
BitTornado 0.3.7
Bonjour
BufferChm
Combined Community Codec Pack 2006-05-01 (Remove Only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DISCover
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doomsday
Easy Internet Sign-up
Empire: Total War
Enhanced Multimedia Keyboard Solution
FLV Player 2.0 (build 25)
FullDPAppQFolder
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hearts of Iron III
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB918766)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 16
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
LightScribe 1.4.105.1
Malwarebytes' Anti-Malware
MasterSplitter Program
Matrix-ks
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft Office Standard Edition 2003 60 days trial
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Media Player
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NVIDIA Drivers
OpenOffice.org Installer 1.0
OptionalContentQFolder
Otto
PC-Doctor 5 for Windows
PhotoGallery
Pixia
Player
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickPar 0.9
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VLC media player 0.9.4
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
WinZip
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/4/2009 5:21:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

==== End Of File ===========================

#5
alexboy
Posted 09 November 2009 - 02:31 AM

    New Member

  • Members
  • Pip
  • 44 posts
Here's the scan results:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 20:28:46
Windows 5.1.2600 Service Pack 2
Running: 7brderby.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwxyafob.sys


---- System - GMER 1.0.15 ----

SSDT BAFE05E6 ZwCreateKey
SSDT BAFE05DC ZwCreateThread
SSDT BAFE05EB ZwDeleteKey
SSDT BAFE05F5 ZwDeleteValueKey
SSDT BAFE05FA ZwLoadKey
SSDT BAFE05C8 ZwOpenProcess
SSDT BAFE05CD ZwOpenThread
SSDT BAFE0604 ZwReplaceKey
SSDT BAFE05FF ZwRestoreKey
SSDT BAFE05F0 ZwSetValueKey
SSDT BAFE05D7 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[584] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2980] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\F6MV0AIB\style[2].css 6242 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\F6MV0AIB\th_70658_x2_123_351lo[1].jpg 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K3XU48E3\t[2].gif 49 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MEQWD10N\viewtopic[1].htm 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TFTQK6RI\viewtopic[1].htm 76615 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TFTQK6RI\th_30591_2008_07_07_4900yummz_0_123_643lo[1].jpg 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TP26BI2V\th_31915_2008_07_14_4944chic_2_123_984lo[1].jpg 0 bytes

---- EOF - GMER 1.0.15 ----

#6
Blade81
Posted 09 November 2009 - 07:52 AM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Hi,

BitTornado

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode

  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.


  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#7
alexboy
Posted 10 November 2009 - 04:50 AM

    New Member

  • Members
  • Pip
  • 44 posts
OK, running Combofix seems to have crashed my system. It detected rootkit activity and had to reboot, but Windows could not restart from any mode I attempted. I had to use system recovery to get it to reboot, and that in itself seems to have solved my Google issue. Now I just need to restore my settings over the next few days.

#8
Blade81
Posted 10 November 2009 - 06:56 AM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Sorry to hear that. Did you try last known good configuration too?
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#9
alexboy
Posted 11 November 2009 - 12:55 AM

    New Member

  • Members
  • Pip
  • 44 posts
Yes, I tried every option I was given, and Windows simply would not boot. I didn't see another option other than to use system recovery. Everything seems to be working fine now, but I have a few days of updating ahead of me. Thanks for your assistance, I think this thread can be locked unless you have anything else.

#10
Blade81
Posted 11 November 2009 - 06:07 AM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Getting all things updated again is a con but positive thing is that you have clean system now for sure. To save from the trouble I recommend to create regular backup images of your system. I have good experience of Acronis True Image & Paragon Software Drive Backup.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us