Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 2:56:34.51 on Wed 02/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.282 [GMT -8:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Defy blah] c:\docume~1\owner\applic~1\elsese~1\Long Dumb.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [VIRIT LITE MONITOR] c:\vexplite\MONLITE.EXE
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Mediafour Mac Volume Notifications] "c:\program files\common files\mediafour\MACVNTFY.EXE" /auto
mRun: [VTTrayp] VTtrayp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktimealt\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gettin~1.lnk - c:\program files\mediafour\macdrive5\MDGSTART.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126578284255
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: MacDrive-iTunes compatibility - c:\program files\common files\mediafour\MacDriveiTunesPatch.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yrvk3sw6.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\quicktimealt\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktimealt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktimealt\plugins\npqtplugin3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2004-10-18 44512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-24 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-27 360584]
R1 MDCSER2K;MDCSER2K;c:\windows\system32\drivers\MDCSER2K.SYS [2004-1-8 13952]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2004-6-18 281104]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-11 285392]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-14 234888]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 135664]
S2 KMSFTJEK;KMSFTJEK;\??\c:\windows\system32\kmsftjek.mtc --> c:\windows\system32\kmsftjek.mtc [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-19 16512]
S3 Sbkaudkiw;Sbkaudkiw;c:\windows\system32\drivers\amdk7.sys [2004-8-3 37760]
=============== Created Last 30 ================
2010-02-03 10:21:58 0 d-----w- c:\program files\CCleaner
2010-02-03 04:09:36 0 d-----w- C:\banff tv
2010-02-03 04:07:17 0 d-----w- C:\FLIP THE SCRIPT
2010-02-03 04:06:04 0 d-----r- C:\My Pictures
2010-02-03 00:48:54 873 ----a-w- c:\windows\system32\spupdsvc.inf
2010-02-03 00:47:26 0 dc-h--w- c:\windows\ie8
2010-02-03 00:43:26 594432 ------w- c:\windows\system32\SET1CA.tmp
2010-02-03 00:43:26 55296 ------w- c:\windows\system32\SET1C9.tmp
2010-02-03 00:43:26 25600 ------w- c:\windows\system32\SET1CB.tmp
2010-02-03 00:43:24 916480 ------w- c:\windows\system32\SET1C4.tmp
2010-02-03 00:43:24 1985536 ------w- c:\windows\system32\SET1CD.tmp
2010-02-03 00:43:23 1208832 ------w- c:\windows\system32\SET1C5.tmp
2010-02-03 00:43:22 5942784 ------w- c:\windows\system32\SET1C8.tmp
2010-02-03 00:43:21 11070464 ------w- c:\windows\system32\SET1CF.tmp
2010-01-20 22:09:51 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-01-20 19:32:40 0 d-----w- c:\windows\ie8updates
2010-01-20 19:27:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-20 19:27:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-20 19:27:44 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-20 17:57:14 3254 ----a-w- c:\windows\system32\wbem\Outlook_01ca99f9fe912734.mof
2010-01-13 09:40:12 0 d-----w- c:\docume~1\owner\applic~1\AVG8
2010-01-12 22:33:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
==================== Find3M ====================
2009-11-12 04:24:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2008-09-24 08:18:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat
============= FINISH: 2:57:26.78 ===============
kespersky file:
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, February 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, February 03, 2010 05:18:40
Records in database: 3400183
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
K:\
L:\
N:\
P:\
Scan statistics
Objects scanned 105124
Threats found 3
Infected objects found 4
Suspicious objects found 0
Scan duration 02:33:03
File name Threat Threats count
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Mozilla\Firefox\Profiles\yrvk3sw6.default\Cache\632DC62Fd01 Infected: Exploit.Win32.Pidief.cvl 1
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\BR1RNNPW\._file[1].exe Infected: Trojan.Win32.Sasfis.fyc 1
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BR1RNNPW\._file[1].exe Infected: Trojan.Win32.Sasfis.fyc 1
C:\setup files\3wPlayer-1.0.0.3-setup-0590.exe Infected: Trojan.Win32.Obfuscated.en 1
Selected area has been scanned.
Attached File(s)
-
Attach.txt (13.93K)
Number of downloads: 0 -
ark.txt (4.67K)
Number of downloads: 3
Back to top
and wait for the scan to finish.
and save the logfile to your desktop.
