Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 Twardwell2


  • Members
  • 11 posts
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 24 February 2009 - 10:15 AM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kids at 9:03:18.43 on Tue 02/24/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2046.985 [GMT -6:00]

AV: Norton Security Online *On-access scanning enabled* (Updated)
FW: Norton Security Online *enabled*

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BarbieGirlsTray] c:\program files\mattel\barbie girls\Mattel.BarbieGirls.Tray.exe
mRun: [<NO NAME>]
mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090217.002\IDSvix86.sys [2009-2-19 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-9 99376]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-1-26 31616]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2008-1-26 141376]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-1-26 7424]
S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-1-26 235808]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-22 129832]

=============== Created Last 30 ================

2009-02-11 11:01 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 11:01 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-29 04:49 <DIR> --d----- c:\programdata\CCP
2009-01-29 04:49 <DIR> --d----- c:\progra~2\CCP
2009-01-29 04:49 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-01-29 04:45 <DIR> --d----- c:\program files\CCP

==================== Find3M ====================

2009-02-17 19:06 652 a------- c:\users\kids\appdata\roaming\wklnhst.dat
2009-01-08 08:36 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-08 08:36 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-08 08:36 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-10-23 16:10 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-23 16:10 51,200 a------- c:\windows\inf\infpub.dat
2008-10-23 16:10 86,016 a------- c:\windows\inf\infstor.dat
2008-06-18 17:35 174 a--sh--- c:\program files\desktop.ini
2008-06-18 17:08 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-26 08:42 81 ---shr-- c:\windows\CT4CET.bin
2008-10-14 05:30 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-10-14 05:30 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-10-14 05:30 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-10-22 12:32 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 9:04:10.07 ===============
Toby S. Wardwell

BC AdBot (Login to Remove)


#2 SpotCheckBilly


  • Members
  • 81 posts
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:06:57 PM

Posted 08 March 2009 - 03:59 PM

Hi Twardwell2,

Welcome back to the BleepingComputer forums.

We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.

If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.

If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.

===Very Important===

The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.


A few things which will make our fix go more smoothly.
  • Please >> DO NOT<< run any scans/tools or other fixes unless I ask you to.
  • Please DO NOT install any software while we are working.
  • Please Do not skip any steps. With some infections skipping a step can be disastrous.
  • If there is something you don't understand or or are unsure of -- please stop and take a moment to ask about it.
  • If you are running P2P filesharing program(s). My recommendation is you uninstall it/them.
  • Remove any cracked/pirated software. I will immediately stop helping you if I discover any.
The most important thing to remember is to be patient. Very seldom can we remove the entire infection in one go. Many of today's infections install other infections and for the most part they do not like to go quietly. :)

Please tell me which Trojan(s) were causing you problems and what steps you took to remove it/them. Thank you. -- SCB :thumbup2:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users