|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
05-21-2009, 01:15 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 2
OS: vista
|
Clever Malware Problem
Thanks in anticipation of your help, really appreciate it.
Brief summary of problems noticed in last couple of days: Google links redirect (via counter.fastclick.net) to random sites Unable to install AVG as it thinks there is already antivirus software installed (there isnt) Unable to install superantispyware under its usual filename, under an alternate filename it blue screen crashes near the end of installation Malwarebytes antimalware installs (again under an alt filename) but wont load Spyware is getting smarter huh? Used to be able to find the program in taskmanager... this is way beyond me. Ive followed your sticky, again I really appreciate you taking the time to help me with this, was up till 3am pulling my hair out! DDS: DDS (Ver_09-05-14.01) - NTFSx86 Run by Dane at 19:48:33.40 on 21/05/2009 Internet Explorer: 7.0.6000.16809 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1222 [GMT 1:00] AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Users\Dane\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Users\Dane\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Palm\Hotsync.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\igfxext.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Acer\ALaunch\ALaunchSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Dane\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://en.uk.acer.yahoo.com uSEARCH PAGE = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.uk.acer.yahoo.com mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\dane\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [eRecoveryService] mRun: [eDSMSNfix] c:\acer\empowering technology\eDSMSNfix.exe mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\dane\appdata\roaming\micros~1\windows\startm~1\programs\startup\civili~1.lnk - f:\ATR1.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe mPolicies-system: EnableLUA = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: NameServer = 85.255.112.125,85.255.112.159 TCP: {2365FB32-FBFF-4E97-B4B8-24AA92CA4F9D} = 85.255.112.125,85.255.112.159 TCP: {88786960-82BE-4254-9F01-755107806846} = 85.255.112.125,85.255.112.159 Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\dane\appdata\roaming\mozilla\firefox\profiles\8bjgt47s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\users\dane\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll ============= SERVICES / DRIVERS =============== R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-3-22 50688] =============== Created Last 30 ================ 2009-05-21 19:36 185,030,174 a------- c:\windows\MEMORY.DMP 2009-05-21 19:35 <DIR> --d----- c:\users\dane\appdata\roaming\SUPERAntiSpyware.com 2009-05-21 19:35 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-05-21 19:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-05-21 19:26 1,341,005 a------- C:\MGtools.exe 2009-05-21 00:59 <DIR> --d----- c:\program files\CCleaner 2009-05-20 22:49 <DIR> a-d----- c:\programdata\TEMP 2009-05-20 22:43 2,923,520 a------- c:\windows\explorer.exe 2009-05-20 22:40 441,856 a------- c:\windows\system32\win32spl.dll 2009-05-20 22:40 37,376 a------- c:\windows\system32\printcom.dll 2009-05-20 22:40 290,304 a------- c:\windows\system32\drivers\srv.sys 2009-05-20 22:40 269,824 a------- c:\windows\system32\schannel.dll 2009-05-19 00:55 370 ---shr-- C:\autorun.inf 2009-05-18 20:56 <DIR> --d----- c:\program files\common files\xing shared 2009-05-18 20:56 <DIR> --d----- c:\program files\common files\Real 2009-04-28 02:40 <DIR> --d----- C:\slsk 2009-04-28 02:31 <DIR> --d----- c:\programdata\Soulseek 2009-04-28 02:31 <DIR> --d----- c:\progra~2\Soulseek 2009-04-28 02:27 <DIR> --d----- c:\program files\SoulseekNS ==================== Find3M ==================== 2009-05-20 23:02 174 a--sh--- c:\program files\desktop.ini 2009-05-17 22:46 143,360 a------- c:\windows\inf\infstrng.dat 2009-05-17 22:46 51,200 a------- c:\windows\inf\infpub.dat 2009-03-17 02:09 86,016 a------- c:\windows\inf\infstor.dat 2009-03-12 20:47 52,736 a------- c:\windows\apppatch\iebrshim.dll 2009-03-12 20:47 826,368 a------- c:\windows\system32\wininet.dll 2009-03-12 20:47 26,624 a------- c:\windows\system32\ieUnatt.exe 2009-03-12 20:47 56,320 a------- c:\windows\system32\iesetup.dll 2009-03-12 20:44 297,472 a------- c:\windows\system32\gdi32.dll 2009-03-12 20:42 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-03-12 20:42 2,560 a------- c:\windows\apppatch\AcRes.dll 2009-03-12 20:42 2,144,256 a------- c:\windows\apppatch\AcGenral.dll 2009-03-12 20:42 537,600 a------- c:\windows\apppatch\AcLayers.dll 2009-03-12 20:42 449,536 a------- c:\windows\apppatch\AcSpecfc.dll 2009-03-12 20:42 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-03-12 20:42 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-03-12 20:42 1,687,040 a------- c:\windows\system32\gameux.dll 2009-03-12 20:41 303,616 a------- c:\windows\system32\wmpeffects.dll 2009-03-12 20:40 1,194,496 a------- c:\windows\system32\msxml3.dll 2009-03-12 20:40 2,048 a------- c:\windows\system32\msxml3r.dll 2009-03-12 20:36 2,048 a------- c:\windows\system32\tzres.dll 2009-03-12 20:34 8,147,968 a------- c:\windows\system32\wmploc.DLL 2009-03-12 20:34 7,680 a------- c:\windows\system32\spwmp.dll 2009-03-12 20:34 4,096 a------- c:\windows\system32\dxmasf.dll 2009-03-12 20:08 96,760 a------- c:\windows\system32\dfshim.dll 2009-03-12 20:08 41,984 a------- c:\windows\system32\netfxperf.dll 2009-03-12 20:08 282,112 a------- c:\windows\system32\mscoree.dll 2009-03-12 20:08 158,720 a------- c:\windows\system32\mscorier.dll 2009-03-12 20:08 83,968 a------- c:\windows\system32\mscories.dll 2009-03-12 19:47 2,855,424 a------- c:\windows\system32\mf.dll 2009-03-12 19:47 98,816 a------- c:\windows\system32\mfps.dll 2009-03-12 19:47 52,736 a------- c:\windows\system32\rrinstaller.exe 2009-03-12 19:47 24,576 a------- c:\windows\system32\mfpmp.exe 2009-03-12 19:47 2,048 a------- c:\windows\system32\mferror.dll 2009-03-12 19:47 996,352 a------- c:\windows\system32\WMNetMgr.dll 2009-03-12 19:47 94,720 a------- c:\windows\system32\logagent.exe 2009-03-12 19:47 2,028,032 a------- c:\windows\system32\win32k.sys 2009-03-12 19:46 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe 2009-03-12 19:46 3,470,904 a------- c:\windows\system32\ntoskrnl.exe 2009-03-12 19:45 1,341,440 a------- c:\windows\system32\msxml6.dll 2009-03-12 19:45 2,048 a------- c:\windows\system32\msxml6r.dll 2009-03-08 13:07 71,824 a------- c:\users\dane\appdata\roaming\GDIPFONTCACHEV1.DAT 2008-08-31 10:41 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-01-16 22:05 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-01-16 22:05 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-01-16 22:05 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 19:49:40.07 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
05-22-2009, 03:43 PM
|
#2 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 2
OS: vista
|
Re: Clever Malware Problem
Hi hope you dont consider this an early bump just thought i'd let you know having seen my DDS and also tried to update windows defender that I dont have norton installed. I haven't used it for years (always felt it was an uberdrain on resources) and when I search my hdd for 'norton' It only returned four files none of which are norton antivirus.
Also is windows defender an AV? Not really paid much attention to it until now. Cheers |
|
|
|
|
06-04-2009, 01:05 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Feb 2006
Posts: 222
OS: 2K
|
Re: Clever Malware Problem
A belated welcome to TSF irishdave,
Unfortunately, when someone posts a second time in their own new request thread that gives us the impression someone has already replied here. If you still have not resolved the issues there, let's get a look for any hidden settings right off. Download Gmer from here (click the Download EXE button) to your desktop, then click that file to run Gmer. If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things. If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
__________________
|
|
|
|
|
| Thread Tools | |
|
|
