FrostDDT

Members
  • Content count

    19
  • Joined

  • Last visited

About FrostDDT

  • Rank
    New Member
  1. Maniac, you can go ahead and close this topic. I'm having so many more problems now. My computer is just torn up. Whatever it is that I got did its job. I can't even boot up now, not even in safe mode. I'm posting this from another machine. I'm going to just buy another computer. I wish somone would shoot whoever creates this stuff and puts it out there. Thank you for trying to help.
  2. Yes, this computer is connected through a router.
  3. I took a scorched earth policy last night and uninstalled and deleted everything Mozilla-related on my computer, including profile information and whatnot. I then re-installed Firefox, rebooted, and searched a series of safe sites. Everything was clean! I then unplugged the computer from the Internet and went to bed. This morning I plugged the computer back in to the Internet and did more testing to be sure. Whatever this problem has regenerated itself again. This time Yahoo! appears to be clean. It's just Google that is being redirected now. Man, I thought I was done with this thing.
  4. I did the scans, but the program didn't find anything. The option to save a report list was greyed out and not available to me. I've never had a piece of malware stuff that's been this difficult to get rid of before. I don't know if this thing is brand new or what.
  5. Do you mean the whole response was not for me, or just the OTL part? Thanks.
  6. Thanks, Maniac. Before I begin, though, could you clarify for me what an OTL log is?
  7. Got the latest updated scan. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.24.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: WXP-GNWVS51 [administrator] 7/23/2012 9:03:17 PM mbam-log-2012-07-23 (21-03-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201919 Time elapsed: 6 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. I'm still infected. Whatever this thing is, it's nasty and hates Firefox.
  9. Maniac, I don't have a report to give because Kaspersky didn't find anything. The Save button in Detected threads was not available to me.
  10. Unfortunately, resetting the preferences didn't work either.
  11. Thanks, Maniac. Re-installing Firefox did appear to work. But after I rebooted whatever I had regenerated itself. Now it's back redirecting Firefox again. Internet Explorer still appears to be clean.
  12. PM sent. Thanks.
  13. I'm afraid the browser is still being redirected.
  14. Got it. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=4d77e4fdc7d6dc4d8862493f52e6f25e # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-15 03:06:04 # local_time=2012-07-14 10:06:04 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5891 16776533 42 92 0 9429394 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=93212 # found=0 # cleaned=0 # scan_time=6503 # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=4d77e4fdc7d6dc4d8862493f52e6f25e # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-19 12:08:11 # local_time=2012-07-18 07:08:11 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=86850 # found=0 # cleaned=0 # scan_time=3527
  15. I hope I did it right. ComboFix went through an update as I performed the operation. Here's the latest log. ComboFix 12-07-18.01 - Administrator 07/18/2012 6:51.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1696 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\boost_interprocess c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120712T232814.873740PID912\Service.log c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120713T121551.925187PID236\Service.log c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120714T224316.829363PID480\Service.log c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120714T234050.876038PID3332\Service.log c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120716T204217.374977PID1996\Service.log c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus . . --------------- FCopy --------------- . c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys . ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 ))))))))))))))))))))))))))))))) . . 2012-07-18 11:51 . 2004-08-12 13:17 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2012-07-18 11:51 . 2004-08-12 13:17 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2012-07-16 20:42 . 2012-07-16 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software 2012-07-15 01:11 . 2012-07-15 01:11 -------- d-----w- c:\program files\ESET 2012-07-12 23:06 . 2011-09-29 17:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-07-03 15:36 . 2012-07-03 15:36 1409 ----a-w- c:\windows\QTFont.for 2012-06-23 04:08 . 2012-07-11 21:08 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 21:08 . 2012-04-03 18:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-11 21:08 . 2011-05-17 13:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 18:46 . 2010-09-13 11:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 14:53 . 2010-03-15 00:41 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-06-13 13:19 . 2004-08-12 13:33 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-12 13:27 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19 . 2007-05-31 22:23 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2007-05-31 22:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2006-07-28 17:11 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2006-07-28 17:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2006-07-28 17:11 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2010-09-13 15:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2006-07-28 17:11 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2006-07-28 17:11 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2007-05-31 22:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2006-07-28 17:11 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2006-07-28 17:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2011-10-24 02:30 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2011-10-24 02:30 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18 . 2011-10-24 02:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 07:58 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll 2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2006-07-28 17:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-20 19:29 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-04-20 19:29 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-04-19 12:44 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec 2012-06-18 05:28 . 2012-04-25 01:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-18_00.03.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-18 12:00 . 2012-07-18 12:00 16384 c:\windows\temp\Perflib_Perfdata_e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-03-20 98304] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-10-13 21:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-03-20 05:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "CCALib8"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\epson\\Scanner Driver Update\\PFV500\\E_DUPA10.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [11/2/2006 1:57 PM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [11/2/2006 1:57 PM 48140] R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [11/2/2006 1:57 PM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [11/2/2006 1:57 PM 17664] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 1:11 PM 250056] S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:06 PM 113120] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/24/2008 3:41 PM 47360] S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/2/2006 1:57 PM 11029] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - BEEP . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:08] . 2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: line6.net TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bdeiozaq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-18 07:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(952) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-07-18 07:08:03 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-18 12:08 ComboFix2.txt 2012-07-18 00:10 . Pre-Run: 38,036,754,432 bytes free Post-Run: 38,022,578,176 bytes free . - - End Of File - - 64271D768FD3B01568E48A7AA35C7728