|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
11-01-2009, 01:12 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 1
OS: windows vista
|
[SOLVED] Trojan/Hijacker changing theme on Vista
My computer was infeacted by some trojans couple of months back. I removed them using AVG Free edition. My computer has been behaving weired since then such as 1)theme is changed randomly; 1)I get messages such as "Windows Host Process shut down" 3) SOme registry related message at startup and 4) my computer hangs when I try to connect to VPN (not sure if it is related).
THANK YOU! Here is the DDS log (Also attached GMER log and attach.txt): =================================================== DDS (Ver_09-10-26.01) - NTFSx86 Run by Virginia Ilie at 18:31:27.58 on Sat 10/31/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2045.875 [GMT -5:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Protector Suite QL\upeksvr.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\Explorer.EXE C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe C:\Windows\system32\java.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Users\Virginia Ilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO17Z44Y\dds[1].com C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076 uDefault_Page_URL = hxxp://www.sony.com/vaiopeople mDefault_Page_URL = hxxp://www.sony.com/vaiopeople mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076 mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [<NO NAME>] mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: psfus - c:\windows\system32\psqlpwd.dll Notify: VESWinlogon - VESWinlogon.dll LSA: Notification Packages = scecli psqlpwd ================= FIREFOX =================== FF - ProfilePath - c:\users\virgin~1\appdata\roaming\mozilla\firefox\profiles\yi8jxhl2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\users\virginia ilie\appdata\roaming\mozilla\firefox\profiles\yi8jxhl2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\users\virginia ilie\appdata\roaming\mozilla\firefox\profiles\yi8jxhl2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); ============= SERVICES / DRIVERS =============== R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-1-10 12416] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312] R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-12-18 202592] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-1-10 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-1-10 43904] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-1-10 30976] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2007-1-10 33792] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-1-10 227328] S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\EEXX.sys [2007-1-10 108928] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2007-1-10 52992] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-8-12 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-7-9 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-7-9 1089536] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664] =============== Created Last 30 ================ 2009-10-31 23:05:19 0 d-----w- c:\program files\Microsoft Security Essentials 2009-10-29 21:40:37 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-29 21:40:36 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-27 16:01:35 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-27 16:01:29 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-27 16:01:29 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-27 16:01:09 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-27 16:01:03 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-27 16:01:00 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-02 17:33:11 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 02:08:29 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-02 02:07:48 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-02 02:07:25 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-02 02:07:25 171608 ----a-w- c:\windows\system32\wuwebv.dll ==================== Find3M ==================== 2009-09-17 22:45:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe 2009-07-24 07:11:35 86016 ----a-w- c:\windows\inf\infpub.dat 2009-07-24 07:11:35 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-07-24 07:11:09 143360 ----a-w- c:\windows\inf\infstor.dat 2009-07-19 16:52:51 174 --sha-w- c:\program files\desktop.ini 2009-07-19 16:35:24 665600 ----a-w- c:\windows\inf\drvindex.dat 2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-08-01 04:48:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-08-01 04:48:51 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-08-01 04:48:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-08-01 04:48:51 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2007-09-19 15:57:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007091920070920\index.dat ============= FINISH: 18:33:41.07 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
| Thread Tools | |
|
|
