Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by something nasty


  • This topic is locked This topic is locked
3 replies to this topic

#1 502master

502master

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 15 February 2009 - 06:18 PM

Hello, I am new here. I am very frustrated. I have some sort of nasty mallware, or some other crap. I use the firefox browser and everytime I go to load a web page, I get popups that contain yellowpages, fling.com, and others. My computer is really slow also. Please help me. I appreciate it.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 15:03:44.32 on Sun 02/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.494 [GMT -8:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {6673cd77-502f-9ca9-de64-413ab16a5b05}: {50b5a61b-a314-46ed-9ac9-f20577dc3766} - c:\windows\system32\azsdyz.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
AppInit_DLLs: vvoofq.dll azsdyz.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcBSMgG

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\t4gx490z.default\
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]

=============== Created Last 30 ================

2009-02-15 14:46 <DIR> --d----- c:\program files\Trend Micro
2009-02-15 09:57 72,704 a------- c:\windows\system32\pwwrmfbg.dll
2009-02-15 09:54 129,024 a------- c:\windows\system32\azsdyz.dll
2009-02-15 09:54 129,024 a------- c:\windows\system32\ywcxqsxx.dll
2009-02-15 09:54 30,970 a--sh--- c:\windows\system32\GgMSBcdd.ini
2009-02-15 09:54 368 a--sh--- c:\windows\system32\GgMSBcdd.ini2
2009-02-15 09:54 302,592 a------- c:\windows\system32\ddcBSMgG.dll.vir
2009-02-15 09:48 36,352 a------- c:\windows\system32\pmnkIArP.dll
2009-02-14 23:32 4,324 a------- c:\windows\system32\OEMINFO.PNF
2009-02-14 19:12 <DIR> --d----- c:\windows\pss
2009-02-14 19:01 69 a------- c:\windows\NeroDigital.ini
2009-02-14 18:35 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-14 18:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-14 18:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 18:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-14 18:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 18:24 <DIR> --d----- C:\VundoFix Backups
2009-02-14 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-02-14 17:00 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-02-14 16:59 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-02-14 16:58 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-02-14 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-02-14 16:44 <DIR> --d----- c:\docume~1\owner\applic~1\Azureus
2009-02-14 16:43 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-02-14 16:43 <DIR> --d----- c:\program files\Vuze
2009-02-14 16:35 <DIR> --d----- c:\program files\DVDFab 5
2009-02-14 16:28 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-02-14 16:28 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-14 16:28 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-02-14 16:25 <DIR> --d----- c:\docume~1\owner\applic~1\Ashampoo
2009-02-14 16:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-02-14 16:24 <DIR> --d----- c:\program files\Ashampoo
2009-02-14 16:06 <DIR> --d----- c:\windows\system32\appmgmt
2009-02-14 16:01 2 a------- c:\windows\msoffice.ini
2009-02-14 15:25 <DIR> --d----- c:\windows\system32\scripting
2009-02-14 15:25 <DIR> --d----- c:\windows\l2schemas
2009-02-14 15:25 <DIR> --d----- c:\windows\system32\en
2009-02-14 15:25 <DIR> --d----- c:\windows\system32\bits
2009-02-14 15:22 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-14 15:11 20,992 a------- c:\windows\system32\spupdwxp.exe
2009-02-14 15:10 61,440 a------- c:\windows\system32\kmsvc.dll
2009-02-14 14:40 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-14 14:31 <DIR> --d----- c:\windows\network diagnostic
2009-02-14 14:31 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-02-14 14:08 272,128 ac------ c:\windows\system32\dllcache\bthport.sys
2009-02-14 14:08 272,128 a------- c:\windows\system32\drivers\bthport.sys
2009-02-14 14:04 333,952 ac------ c:\windows\system32\dllcache\srv.sys
2009-02-14 14:04 331,776 ac------ c:\windows\system32\dllcache\msadce.dll
2009-02-14 13:59 1,846,400 ac------ c:\windows\system32\dllcache\win32k.sys
2009-02-14 13:59 23,040 -------- c:\windows\kb913800.exe
2009-02-14 13:58 2,145,280 ac------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-14 13:58 2,189,184 ac------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-14 13:58 2,066,048 ac------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-14 13:58 2,023,936 ac------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-14 13:57 203,136 ac------ c:\windows\system32\dllcache\rmcast.sys
2009-02-14 13:57 455,296 ac------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 13:56 2,330,624 ac------ c:\windows\system32\dllcache\WMVCore.dll
2009-02-14 13:56 691,712 ac------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-14 13:55 337,408 ac------ c:\windows\system32\dllcache\netapi32.dll
2009-02-14 13:55 1,106,944 ac------ c:\windows\system32\dllcache\msxml3.dll
2009-02-14 13:53 <DIR> --dsh--- c:\documents and settings\owner\UserData
2009-02-14 13:48 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-14 13:44 <DIR> --d----- c:\program files\Gateway
2009-02-14 13:38 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-14 13:19 36,352 a------- c:\windows\system32\drivers\AmdK8.sys
2009-02-14 13:19 <DIR> --d----- c:\program files\AMD
2009-02-14 12:59 176,128 a------- c:\windows\system32\nvuide.exe
2009-02-14 12:59 1,537 a------- c:\windows\system32\nvide.nvu
2009-02-14 12:57 <DIR> --d----- C:\cabs
2009-02-14 11:49 <DIR> --d----- c:\windows\system32\Logfiles
2009-02-14 11:49 <DIR> --d----- C:\Inetpub
2009-02-14 11:40 <DIR> --d----- c:\program files\Qwest
2009-02-14 11:40 <DIR> --d----- c:\program files\common files\supportsoft
2009-02-14 11:40 <DIR> --d----- c:\program files\2Wire
2009-02-14 11:40 143,360 a------- c:\windows\GTRemove.exe
2009-02-14 11:40 <DIR> --d----- c:\program files\Actiontec
2009-02-14 11:34 <DIR> --d----- c:\documents and settings\owner\WINDOWS
2009-02-14 11:34 <DIR> --d----- c:\docume~1\owner\applic~1\You've Got Pictures Screensaver
2009-02-14 11:34 <DIR> --d----- c:\docume~1\owner\applic~1\AOL
2009-02-14 11:34 <DIR> --d----- c:\documents and settings\Owner
2009-02-14 11:27 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-14 11:25 0 a------- c:\windows\system32\Gateway_GM5045E__.MRK
2009-02-14 11:25 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-14 11:25 333 a------- c:\windows\system32\$ncsp$.inf
2009-02-14 11:10 181,938 a------- c:\windows\Gateway.bmp
2009-02-14 11:10 <DIR> --d----- c:\program files\common files\McAfee
2009-02-14 11:10 <DIR> --d----- c:\program files\McAfee
2009-02-14 11:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-02-14 11:09 67,072 a------- c:\windows\POWERCFG.EXE
2009-02-14 11:08 <DIR> --d----- c:\program files\MSN Encarta Plus
2009-02-14 11:07 <DIR> --d----- c:\program files\Digital Media Reader
2009-02-14 11:07 <DIR> --d----- c:\windows\Downloaded Installations
2009-02-14 11:06 <DIR> --d----- c:\program files\common files\Nullsoft
2009-02-14 11:06 <DIR> --d----- c:\program files\common files\Real
2009-02-14 11:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-02-14 11:06 <DIR> --d----- c:\program files\Viewpoint
2009-02-14 11:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-02-14 11:06 <DIR> --d----- c:\program files\Pure Networks
2009-02-14 11:05 1,181 a---h--- C:\IPH.PH
2009-02-14 11:05 <DIR> --d----- c:\program files\common files\AOL
2009-02-14 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2009-02-14 11:05 <DIR> --d----- c:\program files\Napster
2009-02-14 11:04 <DIR> --d----- c:\program files\Realtek Sound Manager
2009-02-14 11:04 <DIR> --d----- c:\program files\AvRack
2009-02-14 11:03 <DIR> --d----- c:\program files\Realtek AC97
2009-02-14 11:03 10,458,112 a------- c:\windows\system32\RTLCPL.exe
2009-02-14 11:03 141,016 a------- c:\windows\system32\alsndmgr.wav
2009-02-14 11:03 18,771,968 a------- c:\windows\system32\alsndmgr.cpl
2009-02-14 11:03 90,112 a------- c:\windows\soundman.exe
2009-02-14 11:03 3,644,800 a------- c:\windows\system32\drivers\alcxwdm.sys
2009-02-14 11:03 307,200 a------- c:\windows\alcupd.exe
2009-02-14 11:03 212,992 a------- c:\windows\alcrmv.exe
2009-02-14 11:03 156,672 a------- c:\windows\system32\RtlCPAPI.dll
2009-02-14 11:03 4 a------- c:\windows\Pix11.dat
2009-02-14 11:02 <DIR> --d----- c:\program files\Microsoft Digital Image 2006
2009-02-14 11:02 89,088 a------- c:\windows\system32\atl71.dll
2009-02-14 11:02 20,480 a------- c:\windows\system32\Marker32.exe
2009-02-14 11:02 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-02-14 11:01 2,238 a------- c:\windows\system32\32-aol.ico
2009-02-14 11:01 1,406 a------- c:\windows\system32\16-aol.ico
2009-02-14 11:01 471,298 a------- c:\windows\wallpg.exe
2009-02-14 11:01 51,656 a------- c:\windows\system32\OEMLOGO.bmp
2009-02-14 10:59 376 a------- c:\windows\ODBC.INI
2009-02-14 10:59 24,816 a------- c:\windows\system32\mdimon.dll
2009-02-14 10:55 <DIR> --d----- c:\program files\BigFix
2009-02-14 10:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-02-14 10:54 <DIR> --d----- c:\program files\common files\New Boundary
2009-02-14 10:52 176,128 a------- c:\windows\system32\nvusmb.exe
2009-02-14 10:52 1,391 a------- c:\windows\system32\nvsmb.nvu
2009-02-14 10:52 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-14 10:52 176,128 a------- c:\windows\system32\NVUNINST.EXE
2009-02-14 10:52 90,184 a------- c:\windows\system32\NeroCo.dll
2009-02-14 10:52 57,344 a------- c:\windows\system32\NeroBurnRights.cpl
2009-02-14 10:52 2,658,304 -------- c:\windows\UNNeroBurnRights.exe
2009-02-14 10:52 24,001 -------- c:\windows\UNNeroBurnRights.cfg
2009-02-14 10:51 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-02-14 10:51 471,040 a------- c:\windows\system32\ImagXRA7.dll
2009-02-14 10:51 1,568,768 a------- c:\windows\system32\ImagX7.dll
2009-02-14 10:51 476,320 a------- c:\windows\system32\ImagXpr7.dll
2009-02-14 10:51 262,144 a------- c:\windows\system32\ImagXR7.dll
2009-02-14 10:51 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-02-14 10:51 2 ---shr-- C:\USER
2009-02-14 10:51 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-14 10:51 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-14 10:50 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-02-14 10:50 61,696 a------- c:\windows\system32\drivers\ohci1394.sys
2009-02-14 10:50 53,376 a------- c:\windows\system32\drivers\1394bus.sys
2009-02-14 10:50 <DIR> --d----- c:\program files\CONEXANT
2009-02-14 10:50 17,152 a------- c:\windows\system32\drivers\usbohci.sys
2009-02-14 10:50 30,208 a------- c:\windows\system32\drivers\usbehci.sys
2009-02-14 10:50 7,168 a------- c:\windows\system32\hccoin.dll
2009-02-14 09:44 60 a------- c:\windows\system32\SYSDRV.DAT
2009-02-14 09:44 <DIR> --d----- c:\windows\creator
2009-02-14 09:42 1,033,600 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-02-14 09:42 705,280 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-02-14 09:42 221,440 a------- c:\windows\system32\drivers\HSFHWBS2.sys
2009-02-14 09:42 133,221 a------- c:\windows\system32\drivers\HSFProf.cty
2009-02-14 09:42 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-02-14 09:42 42,858 a------- c:\windows\system32\hsfci014.dll
2009-02-14 09:42 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-02-14 09:42 <DIR> --d----- c:\windows\SMINST
2009-02-14 09:42 <DIR> --d----- c:\windows\I386
2009-02-14 09:40 86,073 a------- c:\windows\system32\usrfaxa.dll
2009-02-14 09:39 294,912 a------- c:\windows\system32\msh263.drv
2009-02-14 09:38 262,528 a------- c:\windows\system32\drivers\cinemst2.sys

==================== Find3M ====================

2009-02-14 15:27 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-14 11:06 8,552 a------- c:\windows\system32\drivers\asctrm.sys
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 15:04:20.21 ===============






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:09 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {6673cd77-502f-9ca9-de64-413ab16a5b05} - {50b5a61b-a314-46ed-9ac9-f20577dc3766} - C:\WINDOWS\system32\azsdyz.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - AppInit_DLLs: vvoofq.dll azsdyz.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 5005 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:09:25 AM

Posted 17 February 2009 - 12:59 PM

"Welcome to BleepingComputer.com"

I'm Deacon10 or Larry if you prefer and will be working with you to resolve your problems. I am reviewing your log which requires an amount of research, so please be patient.
Just a few notes I tell everybody I work with:
  • Please reply to this thread. Do not start a new topic.
  • If you have any questions or don't understand something please stop and ask before you proceed.
  • Please set aside enough time to complete all the steps in each post and follow these instructions in the order stated.
  • Please don't run any extra "scans or fix" programs not requested by me, it could change the results in the reports I request.
  • If you have circumstances that you are aware of that will delay your response, then please let me know. This is to insure that your topic remains open.
  • Please continue here with me until I tell you your system is free from malware. :thumbup2:
    Just because a symptom disappears does not mean your system is clean.
  • The following fix is specifically designed for this users post and this machine only!

Deacon10

"Hindsight explains the injury that foresight would have prevented”

#3 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:09:25 AM

Posted 22 February 2009 - 04:38 PM

Hello 502master,
I am very sorry for the delay in responding to your issues.
Let's get started.

:step1:
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

:)
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus Vuze

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. This practice may be the source of your current malware infestation.

Since we find the nature of P2P programs counter productive to restoring your PC to a healthy state, we ask that you remove P2P file sharing programs prior to our providing you with malware removal assistance.

Go to Start -> Control Panel -> Add/Remove Programs -> uninstall Azureus and Vuze or any variations.

:thumbup2:

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

:step4:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt will be maximized and info.txt will be minimized)
Please post back with:
Goored.txt
log.txt
info.txt

Deacon10

"Hindsight explains the injury that foresight would have prevented”

#4 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:09:25 AM

Posted 28 February 2009 - 10:06 PM

Due to inactivity this topic is closed.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users