Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked, sent to myshovel.com and others


  • This topic is locked This topic is locked
4 replies to this topic

#1 Nilzar

Nilzar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 15 February 2009 - 11:55 AM

Hello, and thank you for looking at my problem, I know you guys are volunteers and donate your time to help people like me with their computer problems.

It started a few days ago when I tryed to click on a link to yahoo. I got redirected to a different search site. I get redirected to multipul different sites. myshovel.com is one of them, upon doing some searching I found myself here, I downloaded "mbam-setup" and hijack this. I don't know if this makes a difference but I could not run either program untill I renamed it. I double clicked on them and it did nothing. But when I renamed the two files they ran and installed fine.

When ever I click on a link from any search bar I get redirected to a different site, I can't put any URL into the address bar cause I will get redirected, I can however go to my bookmarks. I ran Hijack this but could not use the analyze this function of the program because I get an error and the program shuts down. I was able to take a screen shot of the results of the scan

Posted Image


Posted Image


Here is the Hijack this Log File

********************************** HiJack Log*******************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:52 AM, on 2/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ImgBurn\ImgBurn.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\cuteftp.exe
C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\DOCUME~1\Raz\LOCALS~1\Temp\Nero Web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [b8f55e7b] rundll32.exe "C:\WINDOWS\system32\dwihyckd.dll",b
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdwareProMFCT] C:\Program Files\AdwareProSolution\StartApp.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: tonoox.dll dyntzd.dll eztkgj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13394 bytes



*****************************End of hijack log file**********************************

This is my dds log file

*****************************DDS Log*********************************

DDS (Ver_09-02-01.01) - NTFSx86
Run by Raz at 11:40:33.22 on Sun 02/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1198 [GMT -5:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ImgBurn\ImgBurn.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\cuteftp.exe
C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Raz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {2d704122-83cd-43a6-be91-360418e489b8} - c:\windows\system32\hgGwTJyW.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\byXOgeCt.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdwareProMFCT] c:\program files\adwareprosolution\StartApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini
mRun: [RestartNeroSetup] "c:\docume~1\raz\locals~1\temp\nero web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [b8f55e7b] rundll32.exe "c:\windows\system32\dwihyckd.dll",b
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: byXOgeCt - byXOgeCt.dll
AppInit_DLLs: tonoox.dll dyntzd.dll eztkgj.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\byXOgeCt.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGwTJyW

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\raz\applic~1\mozilla\firefox\profiles\9fzc7e7w.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-12-31 139888]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2008-8-6 90112]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-5 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-8-12 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080815.007\NAVENG.Sys [2008-8-15 89936]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080815.007\NavEx15.Sys [2008-8-15 856336]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 gqmdpcjr;gqmdpcjr;\??\c:\glider2\gqmdpcjr.sys --> c:\glider2\gqmdpcjr.sys [?]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]
S3 shadow.sys;shadow.sys;c:\glider2\shadow.sys.sys [2008-12-27 31232]

=============== Created Last 30 ================

2009-02-15 00:18 1,583,467 ---sh--- c:\windows\system32\dkcyhiwd.ini
2009-02-15 00:18 72,704 a------- c:\windows\system32\dwihyckd.dll
2009-02-15 00:15 129,024 a------- c:\windows\system32\eztkgj.dll
2009-02-15 00:15 129,024 a------- c:\windows\system32\wuhkrcvk.dll
2009-02-14 12:18 129,024 a------- c:\windows\system32\dyntzd.dll
2009-02-14 12:18 129,024 a------- c:\windows\system32\siwebexk.dll
2009-02-14 12:15 1,583,467 ---sh--- c:\windows\system32\fuletmnt.ini
2009-02-14 12:15 72,704 -------- c:\windows\system32\tnmteluf.dll
2009-02-14 00:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-14 00:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 00:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 00:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-14 00:15 129,024 a------- c:\windows\system32\tonoox.dll
2009-02-14 00:15 129,024 a------- c:\windows\system32\ajawievv.dll
2009-02-14 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-02-14 00:13 1,583,467 ---sh--- c:\windows\system32\kqsojtrr.ini
2009-02-14 00:13 72,704 -------- c:\windows\system32\rrtjosqk.dll
2009-02-13 15:37 23,132 a------- c:\windows\system32\AAWService_2009_02_13_15_37_22.dmp
2009-02-13 14:35 23,132 a------- c:\windows\system32\AAWService_2009_02_13_14_35_37.dmp
2009-02-13 14:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-13 13:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-13 12:54 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 12:54 <DIR> --d----- c:\program files\Lavasoft
2009-02-13 12:23 0 a------- c:\windows\system32\MSVolume.dll
2009-02-13 12:23 <DIR> --d----- c:\windows\AdwareProSolution
2009-02-13 12:23 <DIR> --d----- c:\program files\AdwareProSolution
2009-02-12 23:13 1,537,658 ---sh--- c:\windows\system32\ktdpweic.ini
2009-02-12 23:13 72,704 a------- c:\windows\system32\ciewpdtk.dll
2009-02-12 23:13 129,024 a------- c:\windows\system32\vxgmaq.dll
2009-02-12 23:13 129,024 a------- c:\windows\system32\okmpeaxo.dll
2009-02-12 17:37 1 a------- c:\windows\system32\uniq.tll
2009-02-12 17:37 24,064 a------- c:\windows\system32\frmwrk32.exe
2009-02-12 17:37 161,260 a------- c:\windows\system32\ndcmehfq.exe
2009-02-12 17:34 129,024 a------- c:\windows\system32\wprizb.dll
2009-02-12 17:34 129,024 a------- c:\windows\system32\levvkemu.dll
2009-02-12 17:31 1,570,768 ---sh--- c:\windows\system32\pujugmik.ini
2009-02-12 17:31 72,704 a------- c:\windows\system32\kimgujup.dll
2009-02-12 17:31 31,766 a--sh--- c:\windows\system32\tAdLoUvw.ini2
2009-02-12 17:31 31,766 a--sh--- c:\windows\system32\tAdLoUvw.ini
2009-02-12 17:30 302,592 a------- c:\windows\system32\wvUoLdAt.dll
2009-02-12 17:25 48,128 a------- c:\windows\system32\nnnnNEus.dll
2009-02-11 23:13 129,024 a------- c:\windows\system32\bikcpk.dll
2009-02-11 23:13 129,024 a------- c:\windows\system32\npeuwklg.dll
2009-02-11 23:13 1,537,658 ---sh--- c:\windows\system32\notopbbj.ini
2009-02-10 23:11 129,024 a------- c:\windows\system32\ggcvqx.dll
2009-02-10 23:10 129,024 a------- c:\windows\system32\qcgkubqg.dll
2009-02-10 23:10 1,537,658 ---sh--- c:\windows\system32\thbyxyso.ini
2009-02-10 23:09 31,823 a--sh--- c:\windows\system32\WyJTwGgh.ini2
2009-02-10 23:09 31,823 a--sh--- c:\windows\system32\WyJTwGgh.ini
2009-02-10 23:09 302,592 a------- c:\windows\system32\hgGwTJyW.dll
2009-02-10 23:04 36,352 a------- c:\windows\system32\byXOgeCt.dll
2009-02-04 18:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-04 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-01 11:18 69 a------- c:\windows\NeroDigital.ini
2009-01-31 20:21 <DIR> --d----- c:\program files\abgx360
2009-01-31 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-01-31 11:41 <DIR> --d----- c:\program files\Nero
2009-01-31 11:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-28 22:49 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-28 21:03 <DIR> --d----- C:\iPrep
2009-01-28 20:58 <DIR> --d----- c:\docume~1\raz\applic~1\Xbins
2009-01-28 20:18 <DIR> --d----- c:\program files\iPrep
2009-01-28 15:30 2,973 a------- c:\windows\system32\spupdsvc.inf
2009-01-28 15:24 <DIR> --d----- c:\windows\system32\scripting
2009-01-28 15:24 <DIR> --d----- c:\windows\l2schemas
2009-01-28 15:24 <DIR> --d----- c:\windows\system32\en
2009-01-28 15:24 <DIR> --d----- c:\windows\system32\bits
2009-01-28 15:21 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-28 15:19 <DIR> --d----- c:\windows\network diagnostic
2009-01-20 01:14 <DIR> --d----- c:\program files\Interbank FX Trader 4
2009-01-19 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2009-01-19 11:02 <DIR> --d----- c:\program files\GlobalSCAPE
2009-01-19 04:55 268 a---h--- C:\sqmdata17.sqm
2009-01-19 04:55 244 a---h--- C:\sqmnoopt17.sqm

==================== Find3M ====================

2009-01-28 15:28 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-28 15:27 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-01-28 15:27 217,088 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-01-28 15:27 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-01-28 15:27 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-01-28 15:27 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-01-28 15:27 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-01-28 15:27 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-01-28 15:27 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-01-28 15:27 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-01-17 01:12 256 a------- c:\documents and settings\raz\pool.bin
2009-01-13 01:51 23,225 a------- c:\windows\War3Unin.dat
2009-01-11 20:29 126,976 a------- c:\windows\War3Unin.exe
2009-01-11 20:29 2,829 a------- c:\windows\War3Unin.pif
2009-01-06 11:49 322 a------- c:\docume~1\raz\applic~1\wklnhst.dat
2009-01-05 21:37 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-05 21:37 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-05 21:37 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-05 21:37 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 00:31 3,674 a------- c:\docume~1\raz\applic~1\SAS7_000.DAT
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-06-18 18:47 1,299,456 a------- c:\documents and settings\raz\dvdshrink32setup.exe
2006-10-19 00:06 22 ac-sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 11:42:47.49 ===============


*********************************End DDS Log***************************************

I also attached the attach.zip file per the forum rules...

Thank you in advance for your time....

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:32 PM

Posted 23 February 2009 - 03:56 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Nilzar

Nilzar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 24 February 2009 - 01:31 PM

Ok here is the new dds.txt. Do you need the new attach?



****************

DDS (Ver_09-02-01.01) - NTFSx86
Run by Raz at 13:25:53.57 on Tue 02/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1219 [GMT -5:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Raz\Desktop\dds(2).scr
C:\Program Files\Messenger\msmsgs.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {79c0cb72-f8b2-cde9-2264-84db2c8625b2}: {2b5268c2-bd48-4622-9edc-2b8f27bc0c97} - c:\windows\system32\tayknh.dll
BHO: {2D704122-83CD-43A6-BE91-360418E489B8} - No File
BHO: {4527682f-ed4a-4e5e-8c9f-92ea35a06dcd} - c:\windows\system32\hgGwTJyW.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\byXOgeCt.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {CB52A190-C9A4-492B-9248-4359FB6A6D44} - No File
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [AdwareProMFCT] c:\program files\adwareprosolution\StartApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [b8f55e7b] rundll32.exe "c:\windows\system32\tkebbhoi.dll",b
mRun: [RestartNeroSetup] "c:\docume~1\raz\locals~1\temp\nero web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
Trusted Zone: trymedia.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: byXOgeCt - byXOgeCt.dll
AppInit_DLLs: tonoox.dll dyntzd.dll eztkgj.dll bamzcu.dll tayknh.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\byXOgeCt.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGwTJyW

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\raz\applic~1\mozilla\firefox\profiles\9fzc7e7w.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-12-31 139888]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2008-8-6 90112]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-5 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-8-12 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080815.007\NAVENG.Sys [2008-8-15 89936]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080815.007\NavEx15.Sys [2008-8-15 856336]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 gqmdpcjr;gqmdpcjr;\??\c:\glider2\gqmdpcjr.sys --> c:\glider2\gqmdpcjr.sys [?]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]
S3 shadow.sys;shadow.sys;c:\glider2\shadow.sys.sys [2008-12-27 31232]

=============== Created Last 30 ================

2009-02-24 05:28 129,024 a------- c:\windows\system32\tayknh.dll
2009-02-24 05:28 129,024 a------- c:\windows\system32\scbnluwo.dll
2009-02-24 05:28 1,625,418 a--sh--- c:\windows\system32\pakxnled.ini
2009-02-24 05:28 72,704 a------- c:\windows\system32\delnxkap.dll
2009-02-23 17:31 1,625,417 a--sh--- c:\windows\system32\tuoonnuv.ini
2009-02-23 17:28 129,024 a------- c:\windows\system32\wgunwx.dll
2009-02-23 17:28 129,024 a------- c:\windows\system32\aglwaawj.dll
2009-02-23 05:31 1,607,797 a--sh--- c:\windows\system32\ffvbpjqr.ini
2009-02-23 05:28 129,024 a------- c:\windows\system32\rxhgivfb.dll
2009-02-23 05:28 129,024 a------- c:\windows\system32\ajmdqx.dll
2009-02-22 17:28 1,607,788 a--sh--- c:\windows\system32\kupyqrxm.ini
2009-02-22 17:25 129,024 a------- c:\windows\system32\kebdfj.dll
2009-02-22 17:25 129,024 a------- c:\windows\system32\isdcdyln.dll
2009-02-20 00:25 129,024 a------- c:\windows\system32\bvlnml.dll
2009-02-20 00:25 129,024 a------- c:\windows\system32\islogcit.dll
2009-02-20 00:22 1,616,764 a--sh--- c:\windows\system32\iohbbekt.ini
2009-02-20 00:22 72,704 a------- c:\windows\system32\tkebbhoi.dll
2009-02-19 12:22 129,024 a------- c:\windows\system32\myzhep.dll
2009-02-19 12:22 129,024 a------- c:\windows\system32\yhukboua.dll
2009-02-19 12:21 1,616,764 a--sh--- c:\windows\system32\kutjgbss.ini
2009-02-19 00:22 129,024 a------- c:\windows\system32\vcqinz.dll
2009-02-19 00:22 129,024 a------- c:\windows\system32\rlyweyuk.dll
2009-02-19 00:22 1,611,600 a--sh--- c:\windows\system32\cidogbgj.ini
2009-02-18 12:22 1,611,600 a--sh--- c:\windows\system32\mhfvjjph.ini
2009-02-18 12:22 129,024 a------- c:\windows\system32\oyslmh.dll
2009-02-18 12:21 129,024 a------- c:\windows\system32\gvjypohq.dll
2009-02-18 00:20 1,603,855 a--sh--- c:\windows\system32\yeiryqdq.ini
2009-02-18 00:20 129,024 a------- c:\windows\system32\zuvoxf.dll
2009-02-18 00:20 129,024 a------- c:\windows\system32\yqhbvvjo.dll
2009-02-17 12:18 129,024 a------- c:\windows\system32\ratjbp.dll
2009-02-17 12:17 129,024 a------- c:\windows\system32\rlythmvk.dll
2009-02-17 12:17 1,603,856 a--sh--- c:\windows\system32\tmruktwq.ini
2009-02-17 00:20 1,589,969 a--sh--- c:\windows\system32\bmalwaaq.ini
2009-02-17 00:17 129,024 a------- c:\windows\system32\isryqp.dll
2009-02-17 00:17 129,024 a------- c:\windows\system32\dlvnipgi.dll
2009-02-16 12:17 1,589,985 a--sh--- c:\windows\system32\vqtinpee.ini
2009-02-16 12:17 129,024 a------- c:\windows\system32\mjdsgf.dll
2009-02-16 12:17 129,024 a------- c:\windows\system32\bmwjpdou.dll
2009-02-16 00:16 129,024 a------- c:\windows\system32\aecjel.dll
2009-02-16 00:16 129,024 a------- c:\windows\system32\xecpusxv.dll
2009-02-16 00:13 1,583,467 a--sh--- c:\windows\system32\ddkgvinu.ini
2009-02-15 12:14 129,024 a------- c:\windows\system32\lbdbsxbl.dll
2009-02-15 12:14 129,024 a------- c:\windows\system32\bamzcu.dll
2009-02-15 12:13 1,583,467 a--sh--- c:\windows\system32\aanwgjgr.ini
2009-02-15 00:18 1,583,467 a--sh--- c:\windows\system32\dkcyhiwd.ini
2009-02-15 00:15 129,024 a------- c:\windows\system32\eztkgj.dll
2009-02-15 00:15 129,024 a------- c:\windows\system32\wuhkrcvk.dll
2009-02-14 12:18 129,024 a------- c:\windows\system32\dyntzd.dll
2009-02-14 12:18 129,024 a------- c:\windows\system32\siwebexk.dll
2009-02-14 12:15 1,583,467 a--sh--- c:\windows\system32\fuletmnt.ini
2009-02-14 00:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-14 00:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 00:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 00:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-14 00:15 129,024 a------- c:\windows\system32\tonoox.dll
2009-02-14 00:15 129,024 a------- c:\windows\system32\ajawievv.dll
2009-02-14 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-02-14 00:13 1,583,467 a--sh--- c:\windows\system32\kqsojtrr.ini
2009-02-13 15:37 23,132 a------- c:\windows\system32\AAWService_2009_02_13_15_37_22.dmp
2009-02-13 14:35 23,132 a------- c:\windows\system32\AAWService_2009_02_13_14_35_37.dmp
2009-02-13 14:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-13 13:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-13 12:54 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 12:54 <DIR> --d----- c:\program files\Lavasoft
2009-02-13 12:23 0 a------- c:\windows\system32\MSVolume.dll
2009-02-13 12:23 <DIR> --d----- c:\windows\AdwareProSolution
2009-02-13 12:23 <DIR> --d----- c:\program files\AdwareProSolution
2009-02-12 23:13 1,537,658 a--sh--- c:\windows\system32\ktdpweic.ini
2009-02-12 23:13 72,704 a------- c:\windows\system32\ciewpdtk.dll
2009-02-12 23:13 129,024 a------- c:\windows\system32\vxgmaq.dll
2009-02-12 23:13 129,024 a------- c:\windows\system32\okmpeaxo.dll
2009-02-12 17:37 1 a------- c:\windows\system32\uniq.tll
2009-02-12 17:37 24,064 a------- c:\windows\system32\frmwrk32.exe
2009-02-12 17:37 161,260 a------- c:\windows\system32\ndcmehfq.exe
2009-02-12 17:34 129,024 a------- c:\windows\system32\wprizb.dll
2009-02-12 17:34 129,024 a------- c:\windows\system32\levvkemu.dll
2009-02-12 17:31 1,570,768 a--sh--- c:\windows\system32\pujugmik.ini
2009-02-12 17:31 72,704 a------- c:\windows\system32\kimgujup.dll
2009-02-12 17:31 31,766 a--sh--- c:\windows\system32\tAdLoUvw.ini2
2009-02-12 17:31 31,766 a--sh--- c:\windows\system32\tAdLoUvw.ini
2009-02-12 17:30 302,592 a------- c:\windows\system32\wvUoLdAt.dll
2009-02-12 17:25 48,128 a------- c:\windows\system32\nnnnNEus.dll
2009-02-11 23:13 129,024 a------- c:\windows\system32\bikcpk.dll
2009-02-11 23:13 129,024 a------- c:\windows\system32\npeuwklg.dll
2009-02-11 23:13 1,537,658 a--sh--- c:\windows\system32\notopbbj.ini
2009-02-10 23:11 129,024 a------- c:\windows\system32\ggcvqx.dll
2009-02-10 23:10 129,024 a------- c:\windows\system32\qcgkubqg.dll
2009-02-10 23:10 1,537,658 a--sh--- c:\windows\system32\thbyxyso.ini
2009-02-10 23:09 6,355 a--sh--- c:\windows\system32\WyJTwGgh.ini2
2009-02-10 23:09 6,355 a--sh--- c:\windows\system32\WyJTwGgh.ini
2009-02-10 23:09 302,592 a------- c:\windows\system32\hgGwTJyW.dll
2009-02-10 23:04 36,352 a------- c:\windows\system32\byXOgeCt.dll
2009-02-04 18:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-04 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-01 11:18 69 a------- c:\windows\NeroDigital.ini
2009-01-31 20:21 <DIR> --d----- c:\program files\abgx360
2009-01-31 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-01-31 11:41 <DIR> --d----- c:\program files\Nero
2009-01-31 11:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-28 22:49 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-28 21:03 <DIR> --d----- C:\iPrep
2009-01-28 20:58 <DIR> --d----- c:\docume~1\raz\applic~1\Xbins
2009-01-28 20:18 <DIR> --d----- c:\program files\iPrep
2009-01-28 15:30 2,973 a------- c:\windows\system32\spupdsvc.inf
2009-01-28 15:24 <DIR> --d----- c:\windows\system32\scripting
2009-01-28 15:24 <DIR> --d----- c:\windows\l2schemas
2009-01-28 15:24 <DIR> --d----- c:\windows\system32\en
2009-01-28 15:24 <DIR> --d----- c:\windows\system32\bits
2009-01-28 15:21 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-28 15:19 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2009-01-28 15:28 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-28 15:27 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-01-28 15:27 217,088 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-01-28 15:27 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-01-28 15:27 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-01-28 15:27 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-01-28 15:27 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-01-28 15:27 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-01-28 15:27 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-01-28 15:27 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-01-17 01:12 256 a------- c:\documents and settings\raz\pool.bin
2009-01-13 01:51 23,225 a------- c:\windows\War3Unin.dat
2009-01-11 20:29 126,976 a------- c:\windows\War3Unin.exe
2009-01-11 20:29 2,829 a------- c:\windows\War3Unin.pif
2009-01-06 11:49 322 a------- c:\docume~1\raz\applic~1\wklnhst.dat
2009-01-05 21:37 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-05 21:37 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-05 21:37 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-05 21:37 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 00:31 3,674 a------- c:\docume~1\raz\applic~1\SAS7_000.DAT
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\dllcache\srv.sys
2008-06-18 18:47 1,299,456 a------- c:\documents and settings\raz\dvdshrink32setup.exe
2006-10-19 00:06 22 ac-sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 13:27:51.09 ===============

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:32 PM

Posted 25 February 2009 - 10:17 AM

Hi

No need to re-post the attach part :thumbup2:


You seem to have P2P program(s) installed there. Nowadays major part of infections are spread in P2P networks. I recommend uninstalling related programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:32 PM

Posted 02 March 2009 - 12:52 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users