Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinDefender 2009


  • Please log in to reply
1 reply to this topic

#1 kentmdd

kentmdd

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 01 January 2009 - 07:04 AM

DDS (Version 1.1.0) - NTFSx86
Run by Virgie at 19:54:36.37 on Thu 01/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.109 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinDefender\wdscan.exe
C:\Documents and Settings\Virgie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/intl/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: GigaNet.com: {de2c5ef2-dfbf-49b0-bbf2-3b2805a52722} - c:\windows\system32\dhofozr.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [cdloader] "c:\documents and settings\virgie\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [WinDefender2009] c:\program files\windefender\wdscan.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\virgie\startm~1\programs\startup\styler.lnk - c:\docume~1\virgie\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\virgie\applic~1\mozilla\firefox\profiles\6egigtdm.default\
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-1 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-1 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-1 81288]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-1 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-1 1079176]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-01-01 19:46 <DIR> --d----- c:\program files\WinDefender
2009-01-01 19:30 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-01 19:30 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-01 19:30 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-01 19:30 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-01 19:30 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-01 19:30 <DIR> --d----- c:\docume~1\virgie\applic~1\PC Tools
2009-01-01 19:06 <DIR> --d----- c:\windows\pss
2009-01-01 18:38 <DIR> --d----- C:\Fraps
2009-01-01 09:10 21,446 a------- c:\windows\system32\sf.ico
2009-01-01 09:10 13,942 a------- c:\windows\system32\m3.ico
2009-01-01 09:10 13,942 a------- c:\windows\system32\c.ico
2009-01-01 09:10 11,062 a------- c:\windows\system32\p.ico
2009-01-01 09:10 7,662 a------- c:\windows\system32\m.ico
2009-01-01 09:10 4,286 a------- c:\windows\system32\s.ico
2009-01-01 09:10 3,097 a------- c:\windows\ios.dat
2009-01-01 09:10 167,936 a------- c:\windows\system32\dhofozr.dll
2008-12-31 08:08 <DIR> --d----- c:\program files\common files\SWF Studio
2008-12-31 08:07 <DIR> --dsh--- c:\docume~1\virgie\applic~1\.#
2008-12-30 14:48 <DIR> --d----- c:\windows\system32\DirectX
2008-12-30 07:01 <DIR> --d----- c:\program files\Sony Setup
2008-12-23 05:12 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2008-12-23 05:12 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2008-12-23 05:12 <DIR> --d----- c:\docume~1\virgie\applic~1\mjusbsp
2008-12-23 05:12 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2008-12-23 05:12 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-22 11:23 <DIR> --d----- c:\docume~1\virgie\applic~1\uTorrent
2008-12-20 07:30 81,920 a------- c:\windows\system32\frapsvid.dll
2008-12-19 21:41 31 a------- c:\documents and settings\virgie\jagex_runescape_preferences.dat
2008-12-19 21:40 <DIR> --d----- c:\windows\.jagex_cache_32
2008-12-19 13:21 <DIR> --d----- c:\windows\RegisteredPackages
2008-12-18 14:56 0 a------- c:\windows\PowerReg.dat
2008-12-17 20:35 376 a------- c:\windows\ODBC.INI
2008-12-17 20:35 17,920 a------- c:\windows\system32\mdimon.dll
2008-12-17 20:34 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-12-17 20:33 <DIR> --d----- c:\windows\SHELLNEW
2008-12-17 19:24 26,112 a------- c:\windows\system32\drivers\usbser.sys
2008-12-17 19:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-17 19:24 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-17 19:24 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2008-12-17 18:27 483,328 a------- c:\windows\system32\actskn45.ocx
2008-12-15 20:34 <DIR> --d----- c:\program files\common files\PCSuite
2008-12-15 20:34 <DIR> --d----- c:\program files\common files\Nokia
2008-12-15 20:33 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2008-12-15 20:33 <DIR> --d----- c:\program files\PC Connectivity Solution
2008-12-15 20:33 8,064 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-15 20:33 8,064 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-15 20:33 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2008-12-15 20:33 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2008-12-15 20:33 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2008-12-15 20:33 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2008-12-15 20:33 91,136 a------- c:\windows\system32\nmwcdcls.dll
2008-12-15 20:33 <DIR> --d----- c:\program files\Nokia
2008-12-15 19:20 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-15 17:49 <DIR> --d----- c:\program files\VideoLAN
2008-12-15 17:37 91,648 a------- c:\windows\system32\E_SAGSET.DLL
2008-12-15 17:37 76,054 a------- c:\windows\system32\EBPMON24.DLL
2008-12-15 17:37 64,000 a------- c:\windows\system32\ECBTEG.DLL
2008-12-15 17:37 34,304 a------- c:\windows\system32\EBPCHP.DLL
2008-12-15 17:37 31,744 a------- c:\windows\system32\E_DCINST.DLL
2008-12-15 17:37 182 a------- c:\windows\system32\EBPPORT4.DAT
2008-12-15 17:36 <DIR> --d----- c:\program files\EPSON
2008-12-15 16:46 <DIR> --d----- c:\docume~1\virgie\applic~1\LimeWire
2008-12-15 16:37 <DIR> --d----- c:\program files\LimeWire
2008-12-15 03:32 3,072 a------- c:\windows\system32\drivers\audstub.sys
2008-12-15 03:31 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-12-15 03:31 57,600 a------- c:\windows\system32\drivers\redbook.sys
2008-12-15 03:31 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2008-12-15 03:31 14,208 a------- c:\windows\system32\drivers\battc.sys
2008-12-15 03:31 13,952 a------- c:\windows\system32\drivers\CmBatt.sys
2008-12-15 03:30 74,240 a------- c:\windows\system32\usbui.dll
2008-12-15 03:30 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2008-12-15 03:28 4,444 a------- c:\windows\system32\pid.PNF
2008-12-15 03:28 522,706 a------- c:\windows\system32\PerfStringBackup.INI
2008-12-15 03:28 <DIR> --dsh--- c:\windows\Installer
2008-12-15 03:28 4,161 a------- c:\windows\ODBCINST.INI
2008-12-15 03:28 <DIR> --d----- c:\program files\common files\ODBC
2008-12-15 03:28 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-15 03:28 <DIR> --d--r-- C:\Program Files
2008-12-15 03:28 66,082 a------- c:\windows\system32\c_28603.nls
2008-12-15 03:28 6,144 a----r-- c:\windows\system32\kbdtuq.dll
2008-12-15 03:28 6,144 a----r-- c:\windows\system32\kbdtuf.dll
2008-12-15 03:28 5,632 a----r-- c:\windows\system32\kbdazel.dll
2008-12-15 03:28 66,594 a------- c:\windows\system32\c_857.nls
2008-12-15 03:28 66,082 a------- c:\windows\system32\c_28599.nls
2008-12-15 03:28 66,082 a------- c:\windows\system32\c_10081.nls
2008-12-15 03:27 <DIR> --d--r-- c:\documents and settings\all users\Documents
2008-12-15 03:26 604,928 a------- c:\windows\system32\drivers\BCMWL5.SYS
2008-12-15 03:25 104,320 a------- c:\windows\system32\drivers\Rtnicxp.sys
2008-12-15 03:25 9,344 a------- c:\windows\system32\drivers\CPQBttn.sys
2008-12-15 03:25 7,808 a------- c:\windows\system32\drivers\eabfiltr.sys
2008-12-15 03:25 5,760 a------- c:\windows\system32\drivers\EabUsb.sys
2008-12-15 03:24 <DIR> --d----- C:\Documents and Settings
2008-12-15 03:24 849 a------- c:\windows\system32\$winnt$.inf
2008-12-14 21:39 <DIR> --d----- c:\program files\Yahoo!
2008-12-14 20:30 <DIR> --d----- c:\program files\Image-Line
2008-12-14 20:28 <DIR> --d----- c:\docume~1\virgie\applic~1\NetMedia Providers
2008-12-14 20:27 <DIR> --d----- c:\program files\Vstplugins
2008-12-14 20:26 <DIR> --d----- c:\program files\Sony
2008-12-14 20:09 <DIR> --d----- c:\program files\CONEXANT
2008-12-14 20:04 <DIR> --d----- c:\docume~1\virgie\applic~1\Styler
2008-12-14 19:58 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-12-14 19:56 <DIR> --d----- c:\program files\Alky for Applications
2008-12-14 19:56 <DIR> --d----- c:\program files\Kristanix
2008-12-14 19:56 <DIR> --d----- c:\program files\Resource Hacker 3.4.0
2008-12-14 19:56 <DIR> --d----- c:\program files\Stardock
2008-12-14 19:56 <DIR> --d----- c:\program files\common files\Stardock
2008-12-14 19:55 <DIR> --d----- c:\program files\CCleaner
2008-12-14 19:46 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-14 19:45 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-14 19:45 <DIR> --d----- c:\program files\Online Services
2008-12-14 19:45 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-14 19:40 <DIR> --d----- c:\program files\VistaExperience.org
2008-12-14 19:38 <DIR> --d----- c:\program files\Styler
2008-12-14 19:37 <DIR> --d----- c:\program files\Desktop
2008-12-14 19:36 <DIR> --d----- c:\program files\LClock
2008-12-14 19:36 <DIR> --d----- c:\program files\HashTab Shell Extension
2008-12-14 19:36 <DIR> --d----- c:\program files\Unlocker
2008-12-14 19:36 <DIR> --d----- c:\program files\Microsoft PowerToys
2008-12-14 19:36 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2008-12-22 23:38 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-14 19:44 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-29 11:24 831,048 a------- c:\windows\system32\WudfUpdate_01005.dll

============= FINISH: 19:55:00.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:06 AM

Posted 02 January 2009 - 12:41 PM

Hello Kentmdd and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users