zambony4life
2010-08-15, 23:31
hi, i am trying to fix my bosses computer and i had a problem with wireshark antivirus or something like that and it was keeping me from running spybot. i downloaded malewarebytes and used it in safe mode to take care of that problem and reinstalled spybot and found fraud.windowsProtection suite(12 problems) and microsoft.Windows. redirected hosts(3 problems). im trying to keep the computer unplugged from the internet and have another one at my disposial. i plugged the infected one in, backed up with enrut and did the dds log.i would like to thank you in advanced for any help.
here is the dds log
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dale at 13:19:40.62 on Sun 08/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.578 [GMT -7:00]
AV: My Security Shield *On-access scanning enabled* (Updated) {A0E4605E-BE01-4123-8C83-50D024175D21}
FW: My Security Shield *enabled* {7D743688-DA84-44DA-B0D5-9214FACDC904}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dale\Local Settings\Temporary Internet Files\Content.IE5\A9FZYD6T\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: ADC PlugIn: {19090308-636d-4e9b-a1ce-a647b6f794bf} - c:\program files\shk_v10.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\dale\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 secure-plus-payments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-10 135664]
=============== Created Last 30 ================
2010-08-15 19:13:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-15 18:49:00 0 d-----w- c:\docume~1\dale\applic~1\Malwarebytes
2010-08-15 18:48:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 18:48:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-15 18:48:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 18:48:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 18:40:47 0 d-----w- C:\Wireshark Antivirus
2010-08-14 16:41:25 0 d-----w- c:\windows\pss
2010-08-14 07:38:39 1550 ----a-w- C:\Wireshark Antivirus.lnk
2010-08-14 05:41:16 0 d-----w- c:\program files\scdata
2010-08-14 05:36:50 98304 ----a-w- c:\program files\conhost.exe
2010-08-14 05:36:48 372224 ----a-w- c:\program files\shk_v10.dll
2010-08-14 05:36:46 60 ----a-w- c:\program files\sh4.dat
2010-08-14 05:36:46 2 ----a-w- c:\program files\sh3.dat
2010-08-14 05:36:44 0 d-----w- c:\program files\Wireshark Antivirus
2010-08-14 05:36:33 0 ----a-w- c:\program files\qtime8_32.exe
2010-08-11 06:24:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-11 06:22:15 0 d-----r- c:\program files\Skype
2010-08-10 03:36:29 0 d-sh--w- c:\documents and settings\dale\IECompatCache
2010-08-05 00:41:51 0 d-sh--w- c:\docume~1\dale\applic~1\My Security Shield
2010-08-05 00:41:49 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSZIHTGGS
2010-08-05 00:41:31 0 d-sh--w- c:\docume~1\alluse~1\applic~1\510cd2d
2010-07-30 01:11:52 0 d-----w- c:\program files\test
2010-07-30 01:11:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-01-30 18:38:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010013020100131\index.dat
============= FINISH: 13:20:04.59 ===============
i am trying to fix my bosses computer
Personal computers or..... (http://forums.spybot.info/showpost.php?p=25712&postcount=5)
here is the dds log
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dale at 13:19:40.62 on Sun 08/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.578 [GMT -7:00]
AV: My Security Shield *On-access scanning enabled* (Updated) {A0E4605E-BE01-4123-8C83-50D024175D21}
FW: My Security Shield *enabled* {7D743688-DA84-44DA-B0D5-9214FACDC904}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dale\Local Settings\Temporary Internet Files\Content.IE5\A9FZYD6T\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: ADC PlugIn: {19090308-636d-4e9b-a1ce-a647b6f794bf} - c:\program files\shk_v10.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\dale\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 secure-plus-payments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-10 135664]
=============== Created Last 30 ================
2010-08-15 19:13:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-15 18:49:00 0 d-----w- c:\docume~1\dale\applic~1\Malwarebytes
2010-08-15 18:48:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 18:48:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-15 18:48:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 18:48:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 18:40:47 0 d-----w- C:\Wireshark Antivirus
2010-08-14 16:41:25 0 d-----w- c:\windows\pss
2010-08-14 07:38:39 1550 ----a-w- C:\Wireshark Antivirus.lnk
2010-08-14 05:41:16 0 d-----w- c:\program files\scdata
2010-08-14 05:36:50 98304 ----a-w- c:\program files\conhost.exe
2010-08-14 05:36:48 372224 ----a-w- c:\program files\shk_v10.dll
2010-08-14 05:36:46 60 ----a-w- c:\program files\sh4.dat
2010-08-14 05:36:46 2 ----a-w- c:\program files\sh3.dat
2010-08-14 05:36:44 0 d-----w- c:\program files\Wireshark Antivirus
2010-08-14 05:36:33 0 ----a-w- c:\program files\qtime8_32.exe
2010-08-11 06:24:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-11 06:22:15 0 d-----r- c:\program files\Skype
2010-08-10 03:36:29 0 d-sh--w- c:\documents and settings\dale\IECompatCache
2010-08-05 00:41:51 0 d-sh--w- c:\docume~1\dale\applic~1\My Security Shield
2010-08-05 00:41:49 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSZIHTGGS
2010-08-05 00:41:31 0 d-sh--w- c:\docume~1\alluse~1\applic~1\510cd2d
2010-07-30 01:11:52 0 d-----w- c:\program files\test
2010-07-30 01:11:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-01-30 18:38:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010013020100131\index.dat
============= FINISH: 13:20:04.59 ===============
i am trying to fix my bosses computer
Personal computers or..... (http://forums.spybot.info/showpost.php?p=25712&postcount=5)