Jump to content

DividedSky

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Actually - I just simply downloaded combofix, ran it, and it worked. Have you ever used it before?
  2. I have a work laptop that has been infected with the Windows Antivirus2010 malware. I cannot go to ANY web sites without the malware blocking me, so I burned Malwarebytes onto a disc, and the install is being blocked, even after renaming the file. I went to this post: http://forums.malwarebytes.org/index.php?s...amp;#entry35969 and I have no TDSSserv.sys to disable in my device manager. I was strangely able to get hijack this to install, and have pasted the log below. Can someone take a look and let me know how I can install and run Malwarebytes on my computer? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:27:45 PM, on 2/12/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Documents and Settings\darosj.ROCD1\Local Settings\Application Data\av.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\program files\quicktime\qttask .exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\TechSmith\SnagIt\SnagIt32.exe c:\program files\ati technologies\ati control panel\atiptaxx .exe c:\program files\java\jre6\bin\jusched .exe c:\program files\common files\real\update_ob\realsched .exe c:\program files\apoint\apoint .exe c:\program files\linksys easylink advisor\linksysagent .exe c:\docume~1\darosj~1.roc\locals~1\temp\mdm .exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://citrix/Citrix/MetaFrame/default/default.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by One Communications F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe O4 - HKLM\..\Run: [javomisad] Rundll32.exe "c:\windows\system32\nibiloji.dll",a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\darosj~1.roc\locals~1\temp\mdm .exe O4 - Startup: SnagIt 5.lnk = C:\Program Files\TechSmith\SnagIt\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buy-internetsecurity10.com O15 - Trusted Zone: http://*.buy-is2010.com O15 - Trusted Zone: *.ctcnet.com O15 - Trusted Zone: http://*.is-software-download.com O15 - Trusted Zone: http://*.is-software-download25.com O15 - Trusted Zone: http://*.is10-soft-download.com O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM) O15 - Trusted Zone: http://*.buy-is2010.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://cygate.onecommunications.com/vdesk/...0,2009,514,2217 O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://cygate.onecommunications.com/vdesk/...0,2009,611,1611 O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://cygate.onecommunications.com/vdesk/...,2009,0514,2216 O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://cygate.onecommunications.com/vdesk/...,2009,0514,2204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1120084694550 O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks Static Application Tunnel Control) - https://cygate.onecommunications.com/vdesk/...,2008,0717,1602 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {9F51E426-6EED-11D3-80B8-00C04F610DBB} (WebTransferCtrl Class) - http://iman/worksite/bin/iManFile.cab O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - http://papervision/CABS/PVDMDocView400.cab O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://cygate.onecommunications.com/vdesk/...0,2009,514,2210 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://cygate.onecommunications.com/vdesk/...0,2009,514,2205 O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://cygate.onecommunications.com/policy...,2009,0514,2213 O16 - DPF: {E7C44C86-0CD3-11D2-9311-00A0247A4E65} (SEAGULL J Walk ActiveX Client) - http://206.215.60.4/JWALK/JWalkXS/jwalkx.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.choiceonecom.com O17 - HKLM\Software\..\Telephony: DomainName = ad.choiceonecom.com O17 - HKLM\System\CCS\Services\Tcpip\..\{68DEDE72-5E69-47AD-AD68-4DCEF2E561E7}: NameServer = 83.149.115.157,4.2.2.1,172.31.6.20 172.31.5.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{94EF7DE2-D95E-48DB-8AEF-0BDC37967CB0}: NameServer = 83.149.115.157,4.2.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{96B9CB01-BACB-4EE8-8144-E330279E8F89}: NameServer = 83.149.115.157,4.2.2.1,209.18.47.61 209.18.47.62 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.choiceonecom.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = onecommunications.com,ad.choiceonecom.com,choiceonecom.com,corporate.local,conve rsent.com,ctcnet.com,icn.ctcnet.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = onecommunications.com,ad.choiceonecom.com,choiceonecom.com,corporate.local,conve rsent.com,ctcnet.com,icn.ctcnet.com O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll,tefutovi.dll c:\windows\system32\nibiloji.dll O21 - SSODL: kugumuzuz - {4cd7955b-22b1-4060-a4e0-ab60dc2d21c0} - c:\windows\system32\nibiloji.dll O22 - SharedTaskScheduler: kupuhivus - {4cd7955b-22b1-4060-a4e0-ab60dc2d21c0} - c:\windows\system32\nibiloji.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12009 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.