Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009 & Nexplore


  • Please log in to reply
1 reply to this topic

#1 neesi70

neesi70

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 19 January 2009 - 02:39 AM

I have tried Malwarebytes and have Hijack This. The Malwarebytes removed the mirar problem I was having but did not stop the pop ups from Antivirus 2009 and Nexplore, pplus some extremely inappropriate things I'd rather my kids never see.
I use the CA yahoo spyware nearly everytime I boot up but it doesn't stop these annoying pop-ups!

DDS (Ver_09-01-18.01) - NTFSx86
Run by Denise at 0:28:13.02 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.810 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Denise\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: VisualTool: {f3a54897-9e68-b11e-a37a-4d1422ce9caa} - c:\program files\visualtool\VisualTool-2.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [jamtray] C:/Program Files/Jaman Player/jamtray.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [Easy Dock]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\denise\applic~1\mozilla\firefox\profiles\qnmjiig4.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll

============= SERVICES / DRIVERS ===============

R4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-01-18 18:19 <DIR> --d----- c:\program files\Cooking Academy
2009-01-18 09:30 <DIR> --d----- c:\program files\Hidden Wonders of the Depths
2009-01-17 11:50 <DIR> --d----- c:\program files\LimeWire
2009-01-15 21:46 <DIR> --d----- c:\program files\trend micro
2009-01-15 21:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 21:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 21:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 06:33 <DIR> --d----- c:\windows\ie8updates
2009-01-14 07:37 <DIR> --dsh--- c:\documents and settings\denise\PrivacIE
2009-01-14 07:28 81,920 a------- c:\windows\system32\ieencode.dll
2009-01-14 07:28 81,920 a------- c:\windows\system32\dllcache\ieencode.dll
2009-01-14 06:21 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-11 21:14 16 a------- c:\windows\popcinfo.dat
2009-01-11 16:14 620 a------- c:\windows\RegGenie.ini
2009-01-11 16:12 158,720 a------- c:\windows\RegGenieOnUninstall.exe
2009-01-11 16:12 <DIR> --d----- c:\program files\RegGenie
2009-01-11 13:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zylom
2009-01-10 23:32 <DIR> --d----- c:\docume~1\denise\applic~1\Oberon Media
2009-01-10 23:30 <DIR> --d----- c:\program files\Magic Match
2009-01-10 11:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\JollyBear
2009-01-09 11:58 25 a------- c:\windows\cdplayer.ini
2009-01-09 11:58 <DIR> --d----- c:\program files\common files\xing shared
2009-01-09 11:58 <DIR> --d----- c:\program files\common files\Real
2009-01-05 05:06 <DIR> --d----- c:\docume~1\denise\applic~1\FrostWire
2009-01-01 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\35110
2009-01-01 20:37 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-01 20:37 1,409 a------- c:\windows\QTFont.for
2009-01-01 13:50 <DIR> --d----- c:\program files\ReflexiveArcade
2008-12-28 18:05 <DIR> --d----- c:\documents and settings\denise\Autumn is Falling
2008-12-28 18:02 <DIR> --d----- c:\documents and settings\denise\Sunset
2008-12-28 18:01 <DIR> --d----- c:\documents and settings\denise\Committed
2008-12-27 02:45 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2008-12-25 14:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\08B
2008-12-25 14:28 483,328 a------- c:\windows\system32\actskn45.ocx
2008-12-25 07:42 <DIR> --d----- c:\documents and settings\denise\Church
2008-12-25 06:52 376 a------- c:\windows\ODBC.INI
2008-12-25 06:52 28,040 a------- c:\windows\system32\mdimon.dll
2008-12-25 06:52 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-12-25 06:52 <DIR> --d----- c:\windows\SHELLNEW
2008-12-20 18:24 <DIR> --d----- c:\docume~1\denise\applic~1\Playrix Entertainment
2008-12-20 08:05 <DIR> --dsh--- c:\windows\ftpcache

==================== Find3M ====================

2009-01-09 11:58 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-19 16:25 4,024 a------- c:\windows\system32\d3d9caps.dat
2008-12-11 15:34 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-11 03:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-10 17:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 17:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 19:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 19:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 19:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 19:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-15 10:00 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-13 20:04 2,678 a------- c:\windows\java\packages\data\9VZHNLBZ.DAT
2008-11-13 20:04 2,678 a------- c:\windows\java\packages\data\WIQB9FRV.DAT
2008-11-13 20:04 2,678 a------- c:\windows\java\packages\data\N31RDN31.DAT
2008-11-13 20:04 2,678 a------- c:\windows\java\packages\data\9B7JLFBB.DAT
2008-11-13 20:04 2,678 a------- c:\windows\java\packages\data\E4GSGQ2L.DAT
2008-11-13 10:32 503,808 a------- c:\windows\system32\msvcp71.dll
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-06 09:37 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-06 09:37 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-06 09:37 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-06 09:37 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-11-06 09:37 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-11-06 09:35 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-06 09:35 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-06 09:33 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-11-06 09:33 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-11-06 09:33 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-11-06 09:33 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-11-06 09:33 684,032 a------- c:\windows\system32\DivX.dll
2008-11-06 09:33 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-11-04 17:00 558,142 a------- c:\windows\java\packages\VZLJNNJB.ZIP
2008-11-04 17:00 155,995 a------- c:\windows\java\packages\E3V93JR1.ZIP
2008-11-04 16:58 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-23 05:36 286,720 a------- c:\windows\system32\gdi32.dll
2004-07-22 10:51 3,432,656 ac------ c:\program files\ManagedDX.CAB
2004-07-19 22:58 1,156,363 ac------ c:\program files\BDANT.cab
2004-07-19 22:53 976,020 ac------ c:\program files\BDAXP.cab
2004-07-09 14:17 13,265,040 ac------ c:\program files\dxnt.cab
2004-07-09 09:13 15,493,481 ac------ c:\program files\DirectX.cab
2004-07-09 09:13 703,080 ac------ c:\program files\BDA.cab
2004-07-09 04:08 472,576 ac------ c:\program files\dxsetup.exe
2004-07-09 04:08 2,242,560 ac------ c:\program files\dsetup32.dll
2004-07-09 03:03 62,976 ac------ c:\program files\DSETUP.dll

============= FINISH: 0:28:32.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:12 AM

Posted 30 January 2009 - 08:00 AM

Hello neesi70

Welcome to BleepingComputer :thumbup2:
========================
If you are still in need of assistance please post a new dds log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users