Hi there,
I have been having a problem with a laptop that I am using to post this Thread.
I keep getting redirects to unknown websites
I have run AVG, which gave me the info below
I have also run Malwarebytes (now uninstalled), and Spybot (now uninstalled)
I have 2 PC's running Windows 7 and this laptop running XP Pro on my 'network', and this laptop seems to be the only 1 infected.
Any help with removing these 'problems' would be much appreciated.
AVG Free informed me of these 2 Trojan's, but could not remove them.
Here is some information.
Information I got from AVG
Generic_r.BAT
Luhe.Sirefef.A
C:\\WINDOWS\System32\services.exe(992):\memory_00a80000
C:\\WINDOWS\System32\services.exe(992):\memory_00840000
dds text file:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.7.2
Run by Administrator at 19:00:00 on 2012-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.445.31 [GMT 1:00]
.
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://192.168.1.104/cgi-bin/login.cgi
mWinlogon: SFCDisable = dword:-99
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-System: DisableCAD = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {042134DD-BB44-43FC-A74F-B80FBD465925} - hxxp://192.168.1.104/template/xWebView4.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6FBEE104-5CFB-4371-A0EB-3D370AE7548F} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hrtcp9aa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.drpmds.pwp.blueyonder.co.uk/index.html
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-09-13 12:32:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 12:32:28 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 12:32:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 12:32:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-13 12:26:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-13 12:26:03 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 14:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 02:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 19:00:45.71 ===============
Once again, Any help with removing these 'problems' would be much appreciated
Thanx Dave Potter.
.
I have been having a problem with a laptop that I am using to post this Thread.
I keep getting redirects to unknown websites
I have run AVG, which gave me the info below
I have also run Malwarebytes (now uninstalled), and Spybot (now uninstalled)
I have 2 PC's running Windows 7 and this laptop running XP Pro on my 'network', and this laptop seems to be the only 1 infected.
Any help with removing these 'problems' would be much appreciated.
AVG Free informed me of these 2 Trojan's, but could not remove them.
Here is some information.
Information I got from AVG
Generic_r.BAT
Luhe.Sirefef.A
C:\\WINDOWS\System32\services.exe(992):\memory_00a80000
C:\\WINDOWS\System32\services.exe(992):\memory_00840000
dds text file:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.7.2
Run by Administrator at 19:00:00 on 2012-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.445.31 [GMT 1:00]
.
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://192.168.1.104/cgi-bin/login.cgi
mWinlogon: SFCDisable = dword:-99
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-System: DisableCAD = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {042134DD-BB44-43FC-A74F-B80FBD465925} - hxxp://192.168.1.104/template/xWebView4.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6FBEE104-5CFB-4371-A0EB-3D370AE7548F} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hrtcp9aa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.drpmds.pwp.blueyonder.co.uk/index.html
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-09-13 12:32:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 12:32:28 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 12:32:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 12:32:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-13 12:26:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-13 12:26:03 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 14:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 02:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 19:00:45.71 ===============
Once again, Any help with removing these 'problems' would be much appreciated
Thanx Dave Potter.
.