Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a couple of infections, removed some with Malwarebytes


  • Please log in to reply
1 reply to this topic

#1 SETech

SETech

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL
  • Local time:05:40 PM

Posted 05 March 2009 - 06:01 PM

Hello, I'm new to this board. I was wondering if anyone could help me out with this situation I'm in. I have a computer that I ran a Malwarbytes scan and it picked up 654 infections, I kept scanning the computer with Malwarebytes and the same thing was happening, of course in a smaller quantity. Not sure what type of infection I have, but I do have a HJT Log and a DDS Log.

DDS LOG:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Goldo at 16:45:53.00 on Thu 03/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.225 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Goldo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by MySpace
uDefault_Page_URL = hxxp://www.myspace.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173YYUS&fl=0&ptb=RZh2uJhLfndU01e7SssHhA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: : {0f095c72-2361-4780-8d43-e89c38eb8a54} - c:\windows\system32\qfwiwux.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Web Assistant: {66b90adb-0be3-40ae-8680-84a6f0577ca0} - c:\program files\hbtools\bin\4.7.5.0\HbtHostIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [Microsoft Windows logon process] c:\documents and settings\goldo\application data\microsoft\windows\winlogon.exe
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [QuickInstallPack] "c:\documents and settings\goldo\local settings\application data\qip\QuickInstallPack.exe" /autorun
uRun: [jsf8uiw3jnjgffght] c:\docume~1\goldo\locals~1\temp\winlognn.exe
uRun: [tezrtsjhfr84iusjfo84f] c:\docume~1\goldo\locals~1\temp\csrssc.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PromoReg] c:\windows\temp\TMP39.tmp
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/The%20Treasures%20of%20Mystery%20Island/Images/stg_drm.ocx
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
Notify: igfxcui - igfxdev.dll
Notify: sxtsiaaq - qfwiwux.dll
AppInit_DLLs: tvpift.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyAqpNf

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\goldo\applic~1\mozilla\firefox\profiles\kdewegm4.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {48D4F3A8-7F26-4904-9D0B-C460CF23AB24} - c:\windows\system32\config\systemprofile\local settings\application data\{48d4f3a8-7f26-4904-9d0b-c460cf23ab24}\

============= SERVICES / DRIVERS ===============

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 31232]
R2 ywtshknl;PCI Bus Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 31232]
S0 doodmmel;doodmmel;c:\windows\system32\drivers\cvbiju.sys --> c:\windows\system32\drivers\cvbiju.sys [?]
S1 ethhikhz;ethhikhz;c:\windows\system32\drivers\ethhikhz.sys [2009-2-7 137408]
S2 saxnfmoe;saxnfmoe;c:\windows\system32\drivers\cngryb.sys [2009-2-11 30848]

=============== Created Last 30 ================

2009-03-05 14:57 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 14:31 <DIR> --d----- C:\50e3fa094b6385eac7
2009-03-05 14:18 <DIR> --d----- c:\docume~1\goldo\applic~1\Malwarebytes
2009-03-05 13:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 13:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 13:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 13:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 11:29 21,504 a------- c:\windows\system32\hidserv.dll
2009-02-11 13:31 1,748 a------- c:\windows\system32\netsf.inf
2009-02-11 13:31 695 a------- c:\windows\system32\netsf_m.inf
2009-02-11 11:57 75 a------- c:\windows\file.bat
2009-02-10 21:01 32,256 a---h--- c:\documents and settings\goldo\bjdgub.exe
2009-02-10 20:58 88 a------- c:\windows\system32\31.tmp
2009-02-09 23:47 0 a------- c:\windows\system32\46.tmp
2009-02-09 23:44 162,756 a------- c:\windows\system32\30.tmp
2009-02-09 23:44 29,184 a------- c:\windows\system32\2A.tmp
2009-02-09 21:08 0 a------- c:\windows\system32\2F.tmp
2009-02-09 21:06 163,364 a------- c:\windows\system32\26.tmp
2009-02-09 21:06 29,184 a------- c:\windows\system32\25.tmp
2009-02-09 20:13 0 a------- c:\windows\system32\56.tmp
2009-02-09 20:10 163,716 a------- c:\windows\system32\53.tmp
2009-02-09 20:10 29,184 a------- c:\windows\system32\51.tmp
2009-02-09 20:10 172 a------- c:\windows\system32\4E.tmp
2009-02-09 19:59 0 a------- c:\windows\system32\42.tmp
2009-02-09 19:59 163,364 a------- c:\windows\system32\36.tmp
2009-02-09 19:59 29,184 a------- c:\windows\system32\35.tmp
2009-02-09 19:59 172 a------- c:\windows\system32\34.tmp
2009-02-09 19:32 0 a------- c:\windows\system32\29.tmp
2009-02-09 19:32 163,364 a------- c:\windows\system32\24.tmp
2009-02-09 19:32 29,184 a------- c:\windows\system32\21.tmp
2009-02-09 19:32 172 a------- c:\windows\system32\20.tmp
2009-02-09 19:30 0 a------- c:\windows\system32\44.tmp
2009-02-09 19:27 163,364 a------- c:\windows\system32\41.tmp
2009-02-09 19:27 29,184 a------- c:\windows\system32\40.tmp
2009-02-09 19:27 172 a------- c:\windows\system32\3D.tmp
2009-02-09 19:08 <DIR> --dsh--- c:\windows\system32\twain32
2009-02-09 19:08 3,060,224 a------- c:\windows\system32\SET80.tmp
2009-02-09 18:39 0 a------- c:\windows\system32\23.tmp
2009-02-09 18:39 164,708 a------- c:\windows\system32\1E.tmp
2009-02-09 18:39 29,184 a------- c:\windows\system32\16.tmp
2009-02-09 18:39 172 a------- c:\windows\system32\15.tmp
2009-02-09 18:20 0 a------- c:\windows\system32\1D.tmp
2009-02-09 18:20 164,708 a------- c:\windows\system32\14.tmp
2009-02-09 18:20 29,184 a------- c:\windows\system32\13.tmp
2009-02-09 18:20 172 a------- c:\windows\system32\12.tmp
2009-02-09 18:16 0 a------- c:\windows\system32\1C.tmp
2009-02-09 18:13 164,708 a------- c:\windows\system32\11.tmp
2009-02-09 18:13 29,184 a------- c:\windows\system32\10.tmp
2009-02-09 18:12 0 a------- c:\windows\system32\27.tmp
2009-02-09 18:12 0 a------- c:\windows\system32\22.tmp
2009-02-09 18:09 125,333 a------- c:\windows\system32\1B.tmp
2009-02-09 18:08 29,184 a------- c:\windows\system32\1A.tmp
2009-02-09 18:08 172 a------- c:\windows\system32\19.tmp
2009-02-09 16:22 230 a------- c:\windows\system32\spupdsvc.inf
2009-02-07 15:59 616 a------- c:\windows\system32\52.tmp
2009-02-07 15:58 110,080 -------- c:\windows\system32\50.tmp
2009-02-07 15:58 163,780 a------- c:\windows\system32\4F.tmp
2009-02-07 15:58 29,184 a------- c:\windows\system32\4C.tmp
2009-02-07 15:58 172 a------- c:\windows\system32\4B.tmp
2009-02-07 15:33 32,256 a---h--- c:\documents and settings\goldo\tugyjj.exe
2009-02-07 15:33 163,780 a------- c:\windows\system32\3F.tmp
2009-02-07 15:33 29,184 a------- c:\windows\system32\3B.tmp
2009-02-07 15:33 212 a------- c:\windows\system32\3A.tmp
2009-02-07 15:32 32,256 a---h--- c:\documents and settings\goldo\qwibfni.exe
2009-02-07 15:32 66,560 ----h--- c:\windows\system32\secupdat.dat
2009-02-07 15:32 137,408 a------- c:\windows\system32\drivers\ethhikhz.sys
2009-02-07 15:29 6 a------- c:\windows\_id.dat
2009-02-07 15:29 130 a------- c:\windows\adobe.bat
2009-02-07 15:29 163,780 a------- c:\windows\system32\32.tmp
2009-02-07 15:29 29,184 a------- c:\windows\system32\2D.tmp
2009-02-07 15:29 212 a------- c:\windows\system32\2C.tmp
2009-02-04 18:41 142,336 a------- c:\windows\system32\dllcache\userinit.exe
2009-02-04 18:40 96,256 a------- c:\windows\system32\cmdial3.dll
2009-02-04 18:40 53,248 a------- c:\windows\system32\drivers\ndisio.sys

==================== Find3M ====================

2009-02-09 18:39 64,000 a------- c:\windows\system32\regwiz.exe
2009-02-04 18:41 142,336 a------- c:\windows\system32\userinit.exe
2009-02-03 14:12 15,000 a------- c:\windows\system32\hs78k4rgf4d.dll
2009-02-03 14:06 102,912 a------- C:\wgqjqf.exe
2009-02-03 14:05 39,936 a------- C:\nwurjr.exe
2009-02-03 14:05 21,504 a------- C:\ywdhlny.exe
2009-02-03 14:05 15,000 a------- c:\windows\system32\_bgau63hbdd.dll
2009-02-03 14:04 87,040 a------- c:\windows\system32\mxxfevne.dll
2009-02-03 14:01 1,057,229 a--sh--- c:\windows\system32\fNpqAyxx.ini2
2009-01-15 17:49 127,488 a------- c:\windows\system32\nxnnlo.dll
2009-01-15 17:49 127,488 a------- c:\windows\system32\hhhfeckl.dll
2009-01-12 14:19 124,928 a------- c:\windows\system32\zvenno.dll
2009-01-12 14:19 124,928 a------- c:\windows\system32\aaerooyc.dll
2009-01-11 15:26 123,392 a------- c:\windows\system32\ulrovmur.dll
2009-01-11 15:26 123,392 a------- c:\windows\system32\kelxtc.dll
2009-01-11 15:21 123,392 a------- c:\windows\system32\oodmiowk.dll
2009-01-11 14:19 46,592 a------- c:\windows\system32\efcBqPFW.dll
2009-01-11 14:16 280,576 a------- c:\windows\system32\xxyAqpNf.dll.vir
2008-12-12 11:33 3,060,224 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2005-08-25 17:50 3,580 a------- c:\program files\INSTALL.LOG
2001-09-28 16:00 181,760 a------- c:\program files\UNWISE.EXE

============= FINISH: 16:46:18.00 ===============

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:05 PM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0F095C72-2361-4780-8D43-E89C38EB8A54} - c:\windows\system32\qfwiwux.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP39.tmp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Goldo\Application Data\Microsoft\Windows\winlogon.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickInstallPack] "C:\Documents and Settings\Goldo\Local Settings\Application Data\qip\QuickInstallPack.exe" /autorun
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Goldo\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Goldo\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Treasures%20of%20Mystery%20Island/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O20 - AppInit_DLLs: tvpift.dll
O20 - Winlogon Notify: sxtsiaaq - C:\WINDOWS\SYSTEM32\qfwiwux.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 8080 bytes


If anyone could help me out, I would appreciate it. Thank You.

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:40 PM

Posted 12 March 2009 - 05:26 PM

Hello SETech and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users