Jump to content

Taimaishu371

Members
  • Content Count

    3
  • Joined

  • Last visited

About Taimaishu371

  • Rank
    Newbie
  1. Earlier today my avg picked up constant infections (many of which are trojans), one notification after another, but was unable to heal anything. it was as if viruses are continuously coming through onto my computer or it was reproducing itself on my system. at first i did not experience any redirection on google, but after a good few hours i began to be redirected. i noticed that a process called "PING.exe" was using a lot of CPU usage, but i know its usually not a harmful process, so it must be used by the malware. i tried using rkill in safe mode and then mbam and superantispyware but nothing significant was picked up. im currently in safe mode with networking right now but i have no idea what to do next. so what should i do? geek squad is way over-priced for virus removal. . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26 Run by Peter at 12:22:49 on 2011-12-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2558.1652 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82} SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Windows\helppane.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mDefault_Page_URL = hxxp://www.sony.com/vaiopeople mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn4\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4C534315-E4CB-4568-8B22-04AD5BA4C4F2} uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [GrpConv] grpconv -o StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secunia psi tray.lnk - c:\program files\secunia\psi\psi_tray.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1AA6E58D-AAEA-4597-97C3-288CFD31CD43} : DhcpNameServer = 7.254.254.254 TCP: Interfaces\{C1319178-532E-419E-BB89-4EDA91133B98} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: avgrsstx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\h2alqhui.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - TranslatorBar 5.2 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\h2alqhui.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\h2alqhui.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\users\peter\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\users\peter\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 108552] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-5 116608] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-11-9 4232704] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-10-22 27136] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-7 335240] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-7 27784] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-7 908056] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-7 297752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504] S2 gupdate1c9873a9bfa7297;Google Update Service (gupdate1c9873a9bfa7297);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104] S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] S2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-10-22 716024] S2 VCL MySQL Database Server;VCL MySQL Database Server;c:\program files\chemistry lab\mysql\bin\mysqld.exe [2011-10-16 3956736] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104] S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-8-27 75952] S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-8-27 67760] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-5-1 74240] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-5-1 43904] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872] S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-1 31104] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-5-1 807424] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-27 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-8-27 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-27 1089536] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-04 03:25:13 388096 ----a-r- c:\users\peter\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-12-04 03:25:12 -------- d-----w- c:\program files\Trend Micro 2011-11-09 22:41:47 4232704 ----a-w- c:\windows\system32\drivers\NETw5v32.sys 2011-11-09 22:41:46 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2011-11-09 22:41:46 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2011-11-09 07:00:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-11-09 07:00:34 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 07:00:34 707584 ----a-w- c:\program files\common files\system\wab32.dll 2011-11-09 07:00:34 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ==================== Find3M ==================== . 2011-12-03 04:25:30 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-12-03 04:25:16 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-12-03 04:25:16 234536 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll 2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec 2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-29 20:48:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys . dds.txt
×
×
  • Create New...