Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SpywareGuard2008


  • This topic is locked This topic is locked
2 replies to this topic

#1 MountainDew

MountainDew

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 28 December 2008 - 04:18 PM

Recently I started noticing this "new" anti-spyware program. I already have a few programs that I thought kept me protected, guess I'm wrong eh? Anyway I tried uninstalling it and it just keep re-installing itself over and over. I ran a couple anit-malware programs and read up on this matter. Apparently i'm not the only person to have this problem. My guess it that I have to manually remove it, which i am skeptical about because I don't want to mess up. So now I am here. Thanks in advance for all the help.



DDS (Version 1.1.0) - NTFSx86
Run by HP_Administrator at 16:06:49.31 on Sun 12/28/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.232 [GMT -5:00]

AV: AVG 7.5.524 *On-access scanning enabled* (Outdated)
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)
AV: avast! antivirus 4.8.1229 [VPS 081228-0] *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Pro Firewall *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\NetfxUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dynex G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: {6A87B991-A31F-4130-AE72-6D0C294BF082} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {95AB667E-1671-49C3-BE3A-4053E0A89ADA} - No File
BHO: {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No File
BHO: {B656C8B9-B02D-4AFF-B83F-409BC3D4CE8C} - No File
BHO: {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - No File
BHO: {E5A1691B-D188-4419-AD02-90002030B8EE} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpyZooka] c:\program files\spyzooka\SpyZookaLdr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB4629] command /c del "c:\documents and settings\hp_administrator\start menu\programs\spyware guard 2008\Uninstall.lnk"
uRunOnce: [SpybotDeletingD3595] cmd /c del "c:\documents and settings\hp_administrator\start menu\programs\spyware guard 2008\Uninstall.lnk"
uRunOnce: [SpybotDeletingB8338] command /c del "c:\windows\wt\webdriver.dll"
uRunOnce: [SpybotDeletingD6823] cmd /c del "c:\windows\wt\webdriver.dll"
uRunOnce: [SpybotDeletingB3416] command /c del "c:\windows\wt\data.wts"
uRunOnce: [SpybotDeletingD745] cmd /c del "c:\windows\wt\data.wts"
uRunOnce: [SpybotDeletingB6471] command /c del "c:\program files\asksbar\bar\1.bin\A2HIGHIN.EXE"
uRunOnce: [SpybotDeletingD3013] cmd /c del "c:\program files\asksbar\bar\1.bin\A2HIGHIN.EXE"
uRunOnce: [SpybotDeletingB2550] command /c del "c:\program files\asksbar\bar\1.bin\A2FFXTBR.JAR"
uRunOnce: [SpybotDeletingD9494] cmd /c del "c:\program files\asksbar\bar\1.bin\A2FFXTBR.JAR"
uRunOnce: [SpybotDeletingB7023] command /c del "c:\program files\asksbar\bar\1.bin\A2NTSTBR.JAR"
uRunOnce: [SpybotDeletingD7448] cmd /c del "c:\program files\asksbar\bar\1.bin\A2NTSTBR.JAR"
uRunOnce: [SpybotDeletingB1158] command /c del "c:\program files\asksbar\bar\1.bin\A2FFXTBR.MANIFEST"
uRunOnce: [SpybotDeletingD2093] cmd /c del "c:\program files\asksbar\bar\1.bin\A2FFXTBR.MANIFEST"
uRunOnce: [SpybotDeletingB5447] command /c del "c:\program files\asksbar\bar\1.bin\A2NTSTBR.MANIFEST"
uRunOnce: [SpybotDeletingD5328] cmd /c del "c:\program files\asksbar\bar\1.bin\A2NTSTBR.MANIFEST"
uRunOnce: [SpybotDeletingB6850] command /c del "c:\program files\asksbar\bar\1.bin\NPASKSBR.DLL"
uRunOnce: [SpybotDeletingD166] cmd /c del "c:\program files\asksbar\bar\1.bin\NPASKSBR.DLL"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Wsayabipereweh] rundll32.exe "c:\windows\Dsodekepe.dll",e
mRun: [Lnepoberebevamik] rundll32.exe "c:\windows\ariribec.dll",e
mRun: [Broadcom Wireless Manager] c:\windows\system32\wltray.exe
mRun: [WheelMouse] c:\program files\ocz technology\mouse\Amoumain.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
dRun: [Spyware Doctor]
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynex wireless networking utility.lnk - c:\program files\dynex g desktop card adapter\DynexWCUI.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {92848C13-5482-49CB-B31C-CA8D74EFF508}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CF4DA62E-8A85-4C89-8232-F555BC352B0B}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA}
Notify: iifdbYpM - iifdbYpM.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
AppInit_DLLs: wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ieModule - {470C7121-85A7-4ABA-B836-7C9B52E2303F} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {7013B8A6-29AD-4263-91DA-CE9B09ADCE72} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\shrxllucjj.dll
SEH: {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - No File
SEH: SpyZooka Service Hook: {d468bce5-d18e-49a4-8ea7-34bd583659d5} - c:\progra~1\spyzooka\spyguard.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXQihEt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\lpxib6mm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\lpxib6mm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npq3px.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npssn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\windows\system32\solidstatenetworks\solidstateion\npssn.dll
FF - HiddenExtension: XUL Cache: {1BB24390-3DB6-489E-A96C-4F3263687A46} - c:\documents and settings\hp_administrator\local settings\application data\{1BB24390-3DB6-489E-A96C-4F3263687A46}

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-28 78416]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-8-15 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-8-15 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-8-15 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-8-15 10760]
R1 ikhlayer;Kernel Anti-Spyware Driver;\??\c:\windows\system32\drivers\ikhlayer.sys [2007-4-23 50048]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-9-12 394952]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-6-2 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-28 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-12-28 147640]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-8-15 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-8-15 49664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NetFxUpdate_v1.0.3705;Microsoft .NET Framework v1.0.3705 Update;c:\windows\microsoft.net\framework\v1.0.3705\NetfxUpdate.exe [2007-1-15 73728]
R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-12-28 250040]
R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-12-28 348344]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-10-6 21920]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2008-5-17 223232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-28 38496]

=============== Created Last 30 ================

2008-12-28 15:42 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-28 14:51 18,941 a------- c:\windows\vmreg.dll
2008-12-28 14:51 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-28 14:51 51,197 a------- c:\windows\spoolsystem.exe
2008-12-28 14:51 47,872 a------- c:\windows\syscert.exe
2008-12-28 14:47 795 a------- c:\windows\wininit.ini
2008-12-28 13:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-28 13:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-28 13:45 <DIR> --d----- c:\program files\SpyZooka
2008-12-28 13:06 <DIR> --d----- c:\program files\Enigma Software Group
2008-12-28 01:26 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Uniblue
2008-12-28 01:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2008-12-28 01:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-28 01:20 164,352 a------- c:\windows\system32\unrar.dll
2008-12-28 01:20 38 a------- c:\windows\avisplitter.ini
2008-12-28 01:20 839,680 a------- c:\windows\system32\lameACM.acm
2008-12-28 01:20 414 a------- c:\windows\system32\lame_acm.xml
2008-12-28 01:20 217,088 a------- c:\windows\system32\yv12vfw.dll
2008-12-28 01:20 118,784 a------- c:\windows\system32\ac3acm.acm
2008-12-28 01:20 795,648 a------- c:\windows\system32\xvidcore.dll
2008-12-28 01:20 130,048 a------- c:\windows\system32\xvidvfw.dll
2008-12-28 01:20 57,344 a------- c:\windows\system32\ff_vfw.dll
2008-12-28 01:20 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-12-28 01:20 <DIR> --d----- c:\program files\K-Lite Codec Pack
2008-12-28 01:14 <DIR> --d----- c:\program files\GPL MPEG Decoder
2008-12-28 00:26 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2008-12-28 00:26 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-28 00:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-28 00:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 21:29 <DIR> --d----- c:\program files\OCZ Technology
2008-12-27 15:57 <DIR> --d----- c:\program files\Dynex G Desktop Card Adapter
2008-12-27 15:54 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-27 15:54 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-27 15:54 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2008-12-27 15:54 14,848 a------- c:\windows\system32\dllcache\kbdhid.sys
2008-12-25 17:31 133,120 a------- c:\windows\ariribec.dll
2008-12-25 17:20 384,000 a------- c:\windows\system32\winscenter.exe
2008-12-25 17:20 134,149 a------- c:\windows\reged.exe
2008-12-25 17:20 50,620 a------- c:\windows\sys.com
2008-12-25 17:20 <DIR> --d----- c:\temp\REX81
2008-12-25 17:19 112,364 a------- c:\windows\system32\drivers\353b983a.sys
2008-12-25 17:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2008-12-25 17:19 81,931 a------- C:\yuqpba.exe
2008-12-25 17:19 29,701 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2008-12-25 17:19 29,701 a------- C:\alfqentw.exe
2008-12-25 17:19 2 a------- C:\1966254546
2008-12-25 17:19 2,710 a------- c:\windows\system32\TDSSqqcn.dll
2008-12-25 17:19 44,032 a------- c:\windows\Dsodekepe.dll
2008-12-25 17:19 44,032 a------- C:\aqpbouph.exe
2008-12-25 17:19 15,000 a------- c:\windows\system32\jkse73hedfdgf.dll
2008-12-25 17:19 441 a------- c:\windows\system32\TDSSwupe.dat
2008-12-25 17:19 60,416 a------- c:\windows\system32\drivers\TDSSmxoe.sys
2008-12-25 17:19 15,000 a------- c:\windows\system32\tyshb36rfjdf.dll
2008-12-25 17:19 58,368 a------- c:\windows\system32\wVpqqQjG.dll
2008-12-22 09:07 <DIR> --d----- C:\CFLog
2008-12-22 08:30 <DIR> --d----- c:\program files\G4box

==================== Find3M ====================

2008-12-28 15:31 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-10-02 18:46 81,920 a------- c:\windows\system32\frapsvid.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-07-16 18:37 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys
2007-03-08 06:25 468 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

============= FINISH: 16:07:02.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 05 January 2009 - 06:03 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 12 January 2009 - 03:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users