cleancomp
2010-05-20, 17:25
Hi-
I have run a number of tools, including combofix and malware bytes, but to no avail. combofix indicates rootkit activity, and runs to completion, but I end up back where I began, with IE and FF redirects, an inability to navigate to any site using Chrome, and an inability to run SpyBot S+D after installing it. SpyBot does appear in my tray though, so the IE portion of it appears to be running. I just can't open the SPD+D console and perform a scan. Here is the DDS log and I have attached the other DDS attach log. Thanks so much.
DDS (Ver_10-03-17.01) - NTFSx86
Run by gerryo at 10:10:12.38 on Thu 05/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.307 [GMT -4:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ITTech\Agent\AgentMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ITTech\Agent\KaUsrTsk.exe
C:\Program Files\ITTech\Agent\KaUsrTsk.exe
C:\PROGRA~1\eBLVD\ebhost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\blp\API\office tools\bxlartd.exe
c:\blp\API\office tools\bxlaui.exe
C:\blp\Wintrv\wintrv.exe
C:\blp\Wintrv\blpcbbap.exe
C:\blp\Wintrv\SmartClient\blpsmarthost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\blp\Wintrv\blpcbbap.exe
C:\blp\Wintrv\blpcbbap.exe
c:\program files\microsoft office\office10\MSACCESS.EXE
C:\blp\Wintrv\blpcbbap.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\GerryO\Desktop\dds.pif
C:\WINDOWS\system32\SearchProtocolHost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://10.0.0.2/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [CLRHost] c:\blp\api\office tools\bbxlcmd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SetRefresh] "c:\program files\compaq\setrefresh\SetRefresh.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [KASHITTCHS32939184943849] "c:\program files\ittech\agent\KaUsrTsk.exe"
mRun: [Kaseya Agent Service Helper] "c:\pro
I have run a number of tools, including combofix and malware bytes, but to no avail. combofix indicates rootkit activity, and runs to completion, but I end up back where I began, with IE and FF redirects, an inability to navigate to any site using Chrome, and an inability to run SpyBot S+D after installing it. SpyBot does appear in my tray though, so the IE portion of it appears to be running. I just can't open the SPD+D console and perform a scan. Here is the DDS log and I have attached the other DDS attach log. Thanks so much.
DDS (Ver_10-03-17.01) - NTFSx86
Run by gerryo at 10:10:12.38 on Thu 05/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.307 [GMT -4:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ITTech\Agent\AgentMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ITTech\Agent\KaUsrTsk.exe
C:\Program Files\ITTech\Agent\KaUsrTsk.exe
C:\PROGRA~1\eBLVD\ebhost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\blp\API\office tools\bxlartd.exe
c:\blp\API\office tools\bxlaui.exe
C:\blp\Wintrv\wintrv.exe
C:\blp\Wintrv\blpcbbap.exe
C:\blp\Wintrv\SmartClient\blpsmarthost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\blp\Wintrv\blpcbbap.exe
C:\blp\Wintrv\blpcbbap.exe
c:\program files\microsoft office\office10\MSACCESS.EXE
C:\blp\Wintrv\blpcbbap.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\GerryO\Desktop\dds.pif
C:\WINDOWS\system32\SearchProtocolHost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://10.0.0.2/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [CLRHost] c:\blp\api\office tools\bbxlcmd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SetRefresh] "c:\program files\compaq\setrefresh\SetRefresh.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [KASHITTCHS32939184943849] "c:\program files\ittech\agent\KaUsrTsk.exe"
mRun: [Kaseya Agent Service Helper] "c:\pro