Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please HELP!


  • Please log in to reply
9 replies to this topic

#1 threeplus10

threeplus10

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 07 March 2009 - 02:09 AM

Hi all,
First I just want to say THANK YOU for everything that everyone on this site does!!! It is an amazing resource for someone like me (a beginner at malware removal... & general computer upkeep :step1: )

So my problem started nearly a month ago when google links started redirecting to incorrect sites... then on Valentine's Day, error messages started popping up, interfering with normal computer use. Then the computer wouldn't even want to fully boot up. the welcome screen would appear (with error messages such as "cmd.exe-bad image", etc.) & then instead of the desktop i would get a solid black screen. Sometimes it would just freeze on the welcome screen.
Recently I get 80+ error messages every time i try to boot up that computer, before i can even click on a program!! Many of them include "Jahanane.dll" & "wisepale.dll" <--- I have no idea what these files are... hopefully you guys do!!
After reading through the site i figured out how to get into Safe Mode & install a firewall (via majorgeeks.com :thumbup2: thanks guys!! ) Things are still VERY BAD... still many, many error messages & random freezes but ThreatFire seems to be blocking some of the malware (stuff like K1956.exe, & CEGP5U.exe & other "number & letter combos". :) ) I have also disconnected that computer from the internet. It seems to work better that way. & I am using my super slow old computer to post this. haha
SO: after nearly 7hrs of fighting to keep the computer from freezing &/or blocking DDS & HijackThis... I got it to run DDS!!! Here is my log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 21:56:41.48 on 2009-03-06
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.71 [GMT -8:00]

FW: PC Tools Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\userinit.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\WINDOWS\V0220Mon.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\TEMP\winlognn.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system\xccef090131.exe
C:\Documents and Settings\Owner\My Documents\deedeeES.scr
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system\xccef090131.exe
C:\WINDOWS\system\xccef090131.exe
C:\WINDOWS\system\xccef090131.exe
C:\WINDOWS\system\xccef090131.exe
C:\WINDOWS\system\xccef090131.exe
C:\WINDOWS\system\xccef090131.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\deedeeES.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,c:\windows\system32\twex.exe,
BHO: c:\windows\system32\osm3of8s3njd.dll: {c5af42a3-94f3-42bd-f634-3604832c897d} - c:\windows\system32\osm3of8s3njd.dll
BHO: c:\windows\system32\hs78344kjkfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs78344kjkfd.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [jsf8uiw3jnjgffght] c:\docume~1\owner\locals~1\temp\winlognn.exe
uRun: [kpekm25gtep9ycb5z3e7nd] c:\docume~1\owner\locals~1\temp\eimr5a.exe
uRun: [dzubrmyunygsi4qsel90qf3qm2va0gpzvrcauvo88u5] c:\docume~1\owner\locals~1\temp\qqkye0a.exe
uRun: [arkn5phqgjn3jfam5nc] c:\docume~1\owner\locals~1\temp\ryycdogj6nrx.exe
uRun: [bxyknx0xuqk783qe5s9ggmagvtg7os014haro] c:\docume~1\owner\locals~1\temp\ir9xo1.exe
uRun: [tmhgwv3unvlamnmuay49zxods8fbhlg1ae035r] c:\docume~1\owner\locals~1\temp\e57ilydnw4iu.exe
uRun: [wc8f8973hf3u1azww71mb5238querhe8b4jlc1bs8p8ffa] c:\docume~1\owner\locals~1\temp\ybsbum.exe
uRun: [yi45hrre1qw1f2kez9jg9uknc8wz3f365do9r4rk1wesa2h7i] c:\docume~1\owner\locals~1\temp\fhn9i59m.exe
uRun: [vlghn4e8hcbvc4iuwfr709wst77e5r6b] c:\docume~1\owner\locals~1\temp\bp23nv2b.exe
uRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
uRun: [o7qjm5k1gujycv21ezdjkhltba] c:\docume~1\owner\locals~1\temp\ealiz8tzyghh.exe
uRun: [ymejuy24djb17b] c:\docume~1\owner\locals~1\temp\moyig0.exe
uRun: [jbumaeqgto3h9nthxusyo79ja2s2p1mf548apfbwee8hc] c:\docume~1\owner\locals~1\temp\ack1hz2b5.exe
uRun: [lncud04s52n9k37u92pcutmsmy93ny] c:\docume~1\owner\locals~1\temp\x2phbj2ucyg4s.exe
uRun: [q65s27469ngdfrvx3jblocaiglemw10m3a8t336fh] c:\docume~1\owner\locals~1\temp\c2clp5qvzxeye.exe
uRun: [nxp3ip6pyoq9kz22ppw25janf3or02174x8dgvaq7yngcr1] c:\docume~1\owner\locals~1\temp\d7zdmy.exe
uRun: [zdfv9wcy5itk8hj8fswbsc0khwr8pud] c:\docume~1\owner\locals~1\temp\h3ndgeuw.exe
uRun: [yb8rpcrrwy2r0yujjh6na3em] c:\docume~1\owner\locals~1\temp\wqq2by4yu7fh.exe
uRun: [nq15ozfdja1jrhl9v8eag6c2nwl] c:\docume~1\owner\locals~1\temp\aa80pdevcz4by.exe
uRun: [uatxu9wmmamri9] c:\docume~1\owner\locals~1\temp\nvdrpc.exe
uRun: [dqlnv4gpope774yeesj0hs8k2sj9ikmrbm0skv8x4x] c:\docume~1\owner\locals~1\temp\zbrjoscj.exe
uRun: [c1u3zbk216jk31cdb9o8axqn] c:\docume~1\owner\locals~1\temp\d44cfpdcwe94d.exe
uRun: [qs3t3rpkew92r17igxl48jw76xfgxrar6q1] c:\docume~1\owner\locals~1\temp\brbd68ovrw.exe
uRun: [zv7ewemx94wuwjw2hbkl80ksu78ll4zolq1inw] c:\docume~1\owner\locals~1\temp\ocnz1n3e3b2co.exe
uRun: [rtbqrwaw7lv1jjr9rm413xb1gmp1tx1yfpi] c:\docume~1\owner\locals~1\temp\dl6rwkhs4.exe
uRun: [n528h1al3b4tm3oxqh8b0cck2hju7l74] c:\docume~1\owner\locals~1\temp\v9nzr6.exe
uRun: [f6icyhxczz2p4hv709w5ufd] c:\docume~1\owner\locals~1\temp\nnde24u9.exe
uRun: [pubhech7lrap3d79ojjw0s2utbbvxooavvtugy4zoy] c:\docume~1\owner\locals~1\temp\tng7z2ngz8.exe
uRun: [i81y205kxwe249995t17icb75dgnsavejti4in] c:\docume~1\owner\locals~1\temp\r1myrjpox4y7.exe
uRun: [nbfp2vvub48tbghup78k6rnwi] c:\docume~1\owner\locals~1\temp\hnd7urd.exe
uRun: [qh26h6fwrzve] c:\docume~1\owner\locals~1\temp\wtzjd6b.exe
uRun: [trr9isr5e18lx4n8ygpreev] c:\docume~1\owner\locals~1\temp\puyylbj.exe
uRun: [l34n9qf55neaui] c:\docume~1\owner\locals~1\temp\syow4uu46.exe
uRun: [o58pc0yd4xt3vki5k14ewsnf97px0p9d5sy7] c:\windows\temp\o8ln4bi.exe
uRun: [t9tar4pe4ol2] c:\windows\temp\normyvjk.exe
uRun: [j7xruysi2yusaxygrzfnsqongvspt2aygbxiuiuf7] c:\docume~1\owner\locals~1\temp\okno5vin.exe
uRun: [qk6fijct2b5si238vu6zqt] c:\docume~1\owner\locals~1\temp\yyj29781h.exe
uRun: [cttbxvgvq4wswbygnsa] c:\docume~1\owner\locals~1\temp\drf8wzg.exe
uRun: [hh73s88t9ba] c:\docume~1\owner\locals~1\temp\i11zan.exe
uRun: [nzzrwp3xij4pwjfhm2v21zecdnutvk7bslbgacw] c:\docume~1\owner\locals~1\temp\j2s0xc8fp5tb0.exe
uRun: [auwuf2zb8a4u1ijimaihh8z] c:\docume~1\owner\locals~1\temp\ce9ka3.exe
uRun: [aeir889qf52nvg7lt1soy250bttwq5t] c:\docume~1\owner\locals~1\temp\ngy37ugcshi5s.exe
uRun: [ilih5o6bfeeis3w2e8pv5t4cow2t1r4vrxj] c:\docume~1\owner\locals~1\temp\dbbaat2i44o.exe
uRun: [h4y1nbbjrob84wacslt20h] c:\docume~1\owner\locals~1\temp\sxs8vy7334.exe
uRun: [ms369zcb22ggpnn8ib8rpzo91] c:\docume~1\owner\locals~1\temp\c7ya077ai3e.exe
uRun: [qn1hq5kpimvdh073pk1b3fuga3qgmhi7toumdpwxh] c:\docume~1\owner\locals~1\temp\o5n192.exe
uRun: [dhu6buifyzaa] c:\docume~1\owner\locals~1\temp\z5un8uj6x.exe
uRun: [h4j9cise7vtr5oftm943hd5raxec3n8wzhf8n5bi9l] c:\docume~1\owner\locals~1\temp\hyeivrq426q.exe
uRun: [hzvzstlt5b822jpi0yqmfxsz8qvyvps0rywxsd29] c:\docume~1\owner\locals~1\temp\bnm81gzveuhaq.exe
uRun: [ths7kq9lrh3z9dvafra3f3rtcpyqb] c:\docume~1\owner\locals~1\temp\exhb7wgcq.exe
uRun: [j9efebmjgrxpfg8dj57nbltphsmsmih2pb5g5fwzik54w9ir7x] c:\docume~1\owner\locals~1\temp\b95brx49xu4n.exe
uRun: [jwbzsywl9cni67mcw30jel7qvco1q7ga] c:\docume~1\owner\locals~1\temp\ngbpt20maukt.exe
uRun: [jn2sa6yfe1ldl43ha4esfs] c:\docume~1\owner\locals~1\temp\pb5ux7620c4et.exe
uRun: [svgv2qn1svy1rncjo3h9y9234o] c:\docume~1\owner\locals~1\temp\bza8lhns.exe
uRun: [vac7p1djogq88abw55ltg771pc2ahooeg8u] c:\docume~1\owner\locals~1\temp\wt5c61739.exe
uRun: [tlbe4b3gmny8] c:\docume~1\owner\locals~1\temp\ue13too25cs.exe
uRun: [l20nr53tfp826dhgg] c:\docume~1\owner\locals~1\temp\o10w675rzi9q.exe
uRun: [ir0a4n6duxx550rmw3ejbuo20ndig8jgbqajsd9y3h3kwf13n] c:\docume~1\owner\locals~1\temp\vkn5dx9vr080.exe
uRun: [htu7ybzcwh8i2mptnntqrfyo1e1jpeluqnaf94i] c:\docume~1\owner\locals~1\temp\pk37y9w.exe
uRun: [uee6mx0nqchddx1vq38mgawj1t7xvj] c:\docume~1\owner\locals~1\temp\go9k4a6t1c.exe
uRun: [o7qwjey57sgo0m9ztavk5anjc17n] c:\docume~1\owner\locals~1\temp\tvyskmej.exe
uRun: [h3p66q7qlyj8jawupjam3hi] c:\docume~1\owner\locals~1\temp\dog4esz486wq.exe
uRun: [z0oz0c8pittw9] c:\docume~1\owner\locals~1\temp\icy9ecc.exe
uRun: [znihf43dn5t3as4acuvow5txac8] c:\docume~1\owner\locals~1\temp\iohpccrk.exe
uRun: [gpgkm835u73] c:\docume~1\owner\locals~1\temp\pi57m7g.exe
uRun: [uvpvyia4xxvjs2enui7b6jl8] c:\docume~1\owner\locals~1\temp\tb3l3p.exe
uRun: [n7ybplum2few9] c:\docume~1\owner\locals~1\temp\du4jcokhwpmx.exe
uRun: [pr4x2edksjpvx3w16fn8brvlt1xj36] c:\docume~1\owner\locals~1\temp\hoeeka0kmj2ki.exe
uRun: [jxl5xp70mayz5qtbylpamhqso] c:\docume~1\owner\locals~1\temp\lqek0g781.exe
uRun: [awva8wn0seji5x16tje5m9ff4c8gr9z1e2gdru] c:\docume~1\owner\locals~1\temp\m0jirxrj29.exe
uRun: [wzw9rll8erqtmh3mng7743go43ov677zdno3x] c:\docume~1\owner\locals~1\temp\cr1dx0cd2f93b.exe
uRun: [glqsx02z875u8g61e6ebnideru67j8e1fcz7og] c:\docume~1\owner\locals~1\temp\f23ad7tx.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [V0220Mon.exe] c:\windows\V0220Mon.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Framework Windows] frmwrk32.exe
mRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
mRun: [Wzaqanohidimen] rundll32.exe "c:\windows\unibevamikumi.dll",e
mRun: [zebosuheru] Rundll32.exe "c:\windows\system32\wisepale.dll",s
mRun: [046305d7] rundll32.exe "c:\windows\system32\gahejeyu.dll",b
mRun: [CPM0750364b] Rundll32.exe "c:\windows\system32\vetahadu.dll",a
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
dRun: [MS AntiSpyware 2009] "c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\msas2009.exe" /autorun
dRun: [iveok77hvg6gdn3dswpbeo877] c:\windows\temp\qrxzwwpwk3of.exe
dRun: [aw4fzlhaq5ixxf4] c:\windows\temp\tsjnsri4rvcs.exe
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
Trusted Zone: unlv.edu\register
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: spsoeoi - spsoeoi32.dll
Notify: ssqOhHBR - ssqOhHBR.dll
AppInit_DLLs: ipnmtb.dll hbbvzh.dll nwknuf.dll ghqnjd.dll c:\windows\system32\jahanane.dll gsbqjd.dll c:\windows\system32\vetahadu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vetahadu.dll
STS: c:\windows\system32\hs78344kjkfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs78344kjkfd.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vetahadu.dll
STS: c:\windows\system32\osm3of8s3njd.dll: {c5af42a3-94f3-42bd-f634-3604832c897d} - c:\windows\system32\osm3of8s3njd.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXQkJab
LSA: Notification Packages = scecli c:\windows\system32\jahanane.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\agnqa97z.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {2276D72E-9B27-45FE-BAA6-6EE76B09EF2F} - c:\documents and settings\owner\local settings\application data\{2276D72E-9B27-45FE-BAA6-6EE76B09EF2F}

============= SERVICES / DRIVERS ===============

R0 ati6jwxx;ati6jwxx;c:\windows\system32\drivers\ati6jwxx.sys [2009-2-16 32768]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-13 40840]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-3-2 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-3-2 39184]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-13 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-13 81288]
R1 nv4mminii;nv4mminii;c:\windows\system32\drivers\nv4mminii.sys [2009-2-14 86144]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-2 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-3-2 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-3-2 146800]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-13 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-13 1079176]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-3-2 95640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-3-2 33040]
S1 4aab919d;4aab919d;c:\windows\system32\drivers\4aab919d.sys [2009-2-14 0]
S1 ethhuzfz;ethhuzfz;c:\windows\system32\drivers\ethhuzfz.sys [2009-3-6 135584]
S2 Ca533av;Mega DV(Video);c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S2 ICF;ICF;c:\windows\system32\svchost.exe:ext.exe []
S2 mrtRate;mrtRate; [x]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-16 24652]
S3 tcpsr;tcpsr;\??\c:\windows\system32\drivers\tcpsr.sys --> c:\windows\system32\drivers\tcpsr.sys [?]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2006-11-24 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2006-11-24 6272]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-03-06 16:02 135,584 a------- c:\windows\system32\drivers\ethhuzfz.sys
2009-03-06 16:02 16,896 a------- c:\windows\system32\spsoeoi.dll
2009-03-02 21:10 368,961 a------- C:\thedds.scr
2009-03-02 20:29 <DIR> --d----- c:\docume~1\owner\applic~1\PCToolsFirewallPlus
2009-03-02 17:51 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-02 17:51 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-02 17:51 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-02 17:50 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-03-02 17:50 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-03-02 17:35 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-03-02 16:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-02 16:39 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-03-02 16:39 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-03-02 16:39 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-03-02 16:39 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-03-02 16:39 <DIR> --d----- c:\program files\ThreatFire
2009-03-02 16:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-23 16:21 <DIR> --d----- c:\program files\CleanMyPC
2009-02-20 23:02 1,608,251 ---sh--- c:\windows\system32\uyejehag.ini
2009-02-20 00:48 <DIR> --d----- c:\program files\Crawler
2009-02-20 00:48 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-20 00:48 <DIR> --d----- c:\docume~1\owner\applic~1\Spyware Terminator
2009-02-20 00:47 <DIR> --d----- c:\program files\Spyware Terminator
2009-02-20 00:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-02-19 20:36 556 a------- c:\documents and settings\owner\FnjrvL.bat
2009-02-19 20:36 38,400 a------- c:\documents and settings\owner\lDbKaBhsXYN.exe
2009-02-19 20:36 20,992 a------- c:\documents and settings\owner\FAavdGP.exe
2009-02-19 20:36 112,348 a------- c:\documents and settings\owner\tMRtQjqB.exe
2009-02-19 20:36 9,728 a------- c:\documents and settings\owner\yxsZvCzO.exe
2009-02-19 20:36 47,104 a------- c:\documents and settings\owner\UAcZsZ.exe
2009-02-19 19:39 129,024 a--sh--- c:\windows\system32\gsbqjd.dll
2009-02-19 15:49 80,384 a------- c:\windows\system32\drivers\gaopdxserv.sys
2009-02-19 15:49 424 ---shr-- C:\autorun.inf
2009-02-19 15:48 100,590 a------- c:\windows\system32\drivers\4a0b790d.sys
2009-02-19 15:48 19,456 a------- C:\owpqhu.exe
2009-02-19 15:48 81,920 a------- C:\wvqn.exe
2009-02-19 15:48 126,976 a------- C:\cuthyixb.exe
2009-02-19 15:48 154,503 a------- C:\nfewsb.exe
2009-02-19 15:47 38,400 a------- c:\documents and settings\owner\ujBZJy.exe
2009-02-19 15:47 20,992 a------- c:\documents and settings\owner\DYyubF.exe
2009-02-19 15:47 112,348 a------- c:\documents and settings\owner\skPsOioZ.exe
2009-02-19 15:47 47,104 a------- c:\documents and settings\owner\tYaXqX.exe
2009-02-19 15:47 260,608 a------- c:\documents and settings\owner\iexplorer.exe
2009-02-19 15:45 132,608 a------- c:\windows\unibevamikumi.dll
2009-02-19 12:50 20,992 a------- c:\documents and settings\owner\PtCNEQH.exe
2009-02-19 12:50 112,348 a------- c:\documents and settings\owner\KqBGIXPvF.exe
2009-02-19 12:50 9,728 a------- c:\documents and settings\owner\sZvDzOSbNwi.exe
2009-02-19 12:50 47,104 a------- c:\documents and settings\owner\VAdZtZRp.exe
2009-02-19 12:45 16,896 a------- c:\windows\system32\spsoeoi.dll.ren
2009-02-19 12:15 80,896 a------- c:\windows\system32\cewwpjro.dll
2009-02-19 11:57 47,104 a------- c:\documents and settings\owner\GlOkElcACR.exe
2009-02-19 11:55 104,960 a------- c:\windows\system32\ntdll64.exe
2009-02-19 11:52 124,416 a------- c:\windows\system32\ghqnjd.dll
2009-02-19 11:52 124,416 a------- c:\windows\system32\dyyaqpls.dll
2009-02-18 23:13 80,896 -------- c:\windows\system32\misyptja.dll
2009-02-18 22:02 15,000 a------- c:\windows\system32\osm3of8s3njd.dll
2009-02-18 16:55 122,880 a------- c:\windows\system32\nwknuf.dll
2009-02-18 16:55 122,880 a------- c:\windows\system32\iialelbn.dll
2009-02-16 21:14 23,552 a------- C:\bwwh.exe
2009-02-16 21:14 479 a------- c:\windows\system32\win32hlp.cnf
2009-02-16 21:13 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-02-16 21:13 1,347 a------- c:\windows\system32\ahtn.htm
2009-02-16 21:13 143 a------- c:\windows\system32\mcrh.tmp
2009-02-16 21:13 4,785 a------- c:\windows\system32\warning.gif
2009-02-16 21:13 38,400 a------- c:\documents and settings\owner\kujkQBgh.exe
2009-02-16 21:13 49,664 a------- c:\windows\system32\khfFUKeD.dll
2009-02-16 21:13 20,992 a------- c:\documents and settings\owner\OojJfMpYCl.exe
2009-02-16 21:13 112,348 a------- c:\documents and settings\owner\VaDzTZ.exe
2009-02-16 21:13 9,728 a------- c:\documents and settings\owner\biEmixb.exe
2009-02-16 21:12 122,880 a------- c:\windows\system32\hbbvzh.dll
2009-02-16 21:12 122,880 a------- c:\windows\system32\gmcdshhi.dll
2009-02-16 21:12 1 a------- c:\windows\system32\uniq.tll
2009-02-16 21:05 32,768 a------- c:\windows\system32\drivers\ati6jwxx.sys
2009-02-16 18:31 <DIR> --d----- c:\program files\Microsoft Common
2009-02-16 18:31 32,768 a------- c:\windows\system32\drivers\ati8ncxx.sys
2009-02-16 18:11 26,624 a------- c:\windows\system32\frmwrk32.exe
2009-02-16 18:11 27,136 a------- C:\etwd.exe
2009-02-16 18:11 15,000 a------- c:\windows\system32\hs78344kjkfd.dll
2009-02-16 18:11 38,400 a------- c:\documents and settings\owner\rYInpexdN.exe
2009-02-16 18:11 20,992 a------- c:\documents and settings\owner\UxfjSduG.exe
2009-02-16 18:11 112,348 a------- c:\documents and settings\owner\aHRwynf.exe
2009-02-16 18:11 49,664 a------- c:\windows\system32\urqRLede.dll
2009-02-16 18:11 9,728 a------- c:\documents and settings\owner\ltPEIRDMZ.exe
2009-02-14 08:43 83,968 a------- c:\documents and settings\owner\GmOlElcAC.exe
2009-02-14 08:43 46 a------- C:\p2hhr.bat
2009-02-14 08:42 <DIR> --d----- c:\docume~1\owner\applic~1\cogad
2009-02-14 08:42 0 a------- c:\windows\system32\drivers\4aab919d.sys
2009-02-14 08:42 90,119 a------- C:\nxspv.exe
2009-02-14 08:42 82,432 a------- C:\xxmwr.exe
2009-02-14 08:42 <DIR> --d----- c:\temp\tn3
2009-02-14 08:42 167,976 -------- c:\windows\system32\drivers\core.cache.dsk
2009-02-14 08:41 86,144 a------- c:\windows\system32\drivers\nv4mminii.sys
2009-02-14 08:41 <DIR> --d----- c:\temp\1cb
2009-02-14 08:41 <DIR> --d----- c:\windows\system32\th3
2009-02-14 08:41 <DIR> --d----- c:\windows\system32\mem5
2009-02-14 08:40 251,392 a------- c:\windows\xccdf32_090131a.dll
2009-02-14 08:40 36,352 a------- c:\windows\xccdf16_090131a.dll
2009-02-14 08:40 2 a------- C:\73598328
2009-02-14 08:40 155,156 a------- c:\windows\system\xccef090131.exe
2009-02-14 08:40 462 a------- c:\windows\xccwinsys.ini
2009-02-14 08:40 <DIR> --d----- c:\windows\system32\inf
2009-02-14 08:40 8,704 a------- C:\vsuirwl.exe
2009-02-14 08:40 15,000 a------- c:\windows\system32\hsfd83jfdg.dll
2009-02-14 08:40 27,136 a------- C:\ainhkx.exe
2009-02-14 08:40 25,088 a------- C:\qsialm.exe
2009-02-14 08:40 40,448 a------- C:\ojypnwxl.exe
2009-02-14 08:40 <DIR> --d----- c:\windows\system32\ghu02
2009-02-14 08:40 <DIR> --d----- c:\temp\itmp2
2009-02-14 08:39 49,664 a------- c:\windows\system32\ddcDtUlj.dll
2009-02-14 08:39 128,512 a------- c:\windows\system32\ipnmtb.dll
2009-02-14 08:39 128,512 a------- c:\windows\system32\ybgsusdt.dll
2009-02-12 19:18 124,416 a------- c:\windows\system32\sccggc.dll
2009-02-12 19:18 124,416 a------- c:\windows\system32\tflbxcwa.dll
2009-02-12 19:18 3,450 a--sh--- c:\windows\system32\baJkQXbc.ini
2009-02-12 19:18 3,303 a--sh--- c:\windows\system32\baJkQXbc.ini2
2009-02-12 19:18 280,064 a------- c:\windows\system32\cbXQkJab.dll.vir
2009-02-12 19:13 <DIR> --d----- c:\windows\system32\tov02
2009-02-12 19:13 <DIR> --d----- c:\temp\sTMP3
2009-02-10 18:20 <DIR> --d----- c:\program files\iSofter
2009-02-07 15:03 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-03-03 12:29 14,336 a------- c:\windows\system32\svchost.exe
2009-02-19 19:39 129,024 a--sh--- c:\windows\system32\defupabo.dll
2009-02-19 19:39 79,872 a--sh--- c:\windows\system32\gahejeyu.dll
2009-02-19 19:39 84,992 a--sh--- c:\windows\system32\vetahadu.dll
2009-02-16 21:12 104,960 a------- c:\windows\system32\userinit.exe
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2007-02-13 02:02 13 -c--h--- c:\docume~1\alluse~1\applic~1\3113.sys
0000-00-00 00:00 0 a--sh--- c:\windows\system32\fetotava.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\jahanane.dll
0000-00-00 00:00 47,104 a--sh--- c:\windows\system32\jihayefo.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\wisepale.dll
0000-00-00 00:00 47,104 a--sh--- c:\windows\system32\wuduzuli.dll
0000-00-00 00:00 47,104 a--sh--- c:\windows\system32\zazovera.dll

============= FINISH: 22:00:48.59 ===============


"is it bad doctor??" :step4:

As I said before: I am a beginner. But I am good at following directions. (I read the whole post "Preparation Guide for use before posting about your potential Malware problem" twice. But since my computer is acting up I wasnt able to locate my attach.txt file that DDS is supposed to create. I'M SORRY!!
Please Help
THANKS AGAIN!!! for everything you people do!!!
-alex-
P.S. i renamed DDS to DEEDEEES to try to get it to run. <--- not sure if that is important.

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:26 PM

Posted 12 March 2009 - 05:30 PM

Hello Threeplus10 and welcome to Bleeping Computer,

Any reason why you have no decent antivirus program installed ? :thumbup2:

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :)

If you have any questions along the way, STOP and ask them before proceeding !!

If ComboFix does run it's full circle, the please try to install Avira Antivir as well, update and run a full system scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 threeplus10

threeplus10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 13 March 2009 - 02:22 PM

Thunder:
THANKS FOR THE HELP!!!!
:)

Here is my GooredLog:

GooredFix v1.92 by jpshortstuff
Log created at 00:07 on 13/03/2009 running Option #2 (Owner)
Firefox version 3.0.6 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{2276D72E-9B27-45FE-BAA6-6EE76B09EF2F}"="C:\Documents and Settings\Owner\Local Settings\Application Data\{2276D72E-9B27-45FE-BAA6-6EE76B09EF2F}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Owner\Local Settings\Application Data\{2276D72E-9B27-45FE-BAA6-6EE76B09EF2F}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"="C:\Program Files\Crawler\Toolbar\firefox\"

After a little fight with the computer, I got it to run ComboFix!!! (What an AMAZING program!!! :thumbup2: )

I'm guessing my computer was/is badly infected (worse than most??) because ComboFix says "Scanning for infected files... This typically doesn't take more than 10 minutes" It took ComboFix close to 45min to run!!!

Then it rebooted my computer & When it restarted ComboFix said "Preparing Log Report. Do not run any programs until ComboFix has finished." So I didn't start any programs. But a warning screen popped up in front of ComboFix, and said I needed to install some phishing program. so I closed that box. & more messages popped up in my system tray. Saying things like "my firewall was disabled" (which I knew because I needed to turn them off to run ComboFix)

I also got a pop up saying the file "CF24648.exe was corrupt" & to run "chkdsk" <--- not sure what either of those are.
At this time I also noticed that ThreatFire was no longer suspended. So I suspended it again.

During all of this, ComboFix remained on the "Preparing Log Report. Do not run any programs until ComboFix has finished." screen with the blinking line at the bottom.
After 45min of watching the blinking line... I decided it was either frozen or making a HUGE report... so i decided to watch some tv & let ComboFix "Prepare the Log Report"

I ended up falling asleep & woke up 7hrs later... The screen was still the same. So I closed it & re-ran ComboFix. It ran just fine (another 45min!!)

The resulting log is attached, as the log alone was too long to post by itself!!! :)

You mentioned:

Any reason why you have no decent antivirus program installed ?

Answer: I thought I did. :) now I feel stupid... there are all kinds of programs in my tray & program folder that I thought were running in the background...
So, as you recommended: I installed, updated, & ran Avira Antivir.
It detected 193 problems!!! :) I quarantined most of them. Should I have deleted them instead??
I've also attached that log, in case it may help.


So, how does it look now?? Is it getting better??
Please let me know what I should do next!!

Thank you SOOO much for all of your help!!! I truly appreciate it!!! :step4: :step1: :step5:
-alex-

note:
I shut down & rebooted the computer. It ran Chkdsk. Chkdsk deleted two indexs (one of which I remember was corrupted).

Attached Files



#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:26 PM

Posted 14 March 2009 - 03:14 PM

Hello Threeplus10,

Your system was definitely badly infected, and I see there's still a load of junk left behind.

Please update Avira Antivir and run another scan ; no need to post that log.

Then run ComboFix again, allow it to update if asked.
Please post that last log in your next reply.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 threeplus10

threeplus10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 March 2009 - 04:20 PM

Thunder,
Thank you Sooooo much for the help!!! :)
I updated & re-ran Avira... I believe it found 3 problems.
I then updated & re-ran ComboFix. It worked really fast this time. Only like 15min!! :thumbup2:
I've attached that log.

Thank you again for all your help!!
-alex-

P.S. I just noticed: my sound no longer works. Under Control Panel it says that there is "No Audio Device". Was that effected by one of the bugs in my system?? How do I fix something like that?? :step4:

Attached Files



#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:26 PM

Posted 16 March 2009 - 05:05 PM

Hello Threeplus10,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/209065/please-help/
Collect::
c:\documents and settings\Owner\UAcZsZ.exe
c:\documents and settings\Owner\lDbKaBhsXYN.exe
c:\documents and settings\Owner\FAavdGP.exe
c:\documents and settings\Owner\FnjrvL.bat
c:\windows\unibevamikumi.dll
c:\windows\system32\cewwpjro.dll
C:\p2hhr.bat
c:\windows\system32\drivers\4aab919d.sys
File::
c:\documents and settings\Owner\tYaXqX.exe
c:\documents and settings\Owner\VAdZtZRp.exe
c:\documents and settings\Owner\GlOkElcACR.exe
c:\documents and settings\Owner\ujBZJy.exe
c:\documents and settings\Owner\kujkQBgh.exe
c:\documents and settings\Owner\rYInpexdN.exe
c:\documents and settings\Owner\DYyubF.exe
c:\documents and settings\Owner\PtCNEQH.exe
c:\documents and settings\Owner\OojJfMpYCl.exe
c:\documents and settings\Owner\UxfjSduG.exe
Driver::
4aab919d
ethhuzfz
FixCSet::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wzaqanohidimen"-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3e6153e-f97b-11dd-86b2-00112f4d0fbf}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Additionally, ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Please go to http://www.bleepingcomputer.com/submit-malware.php?channel=9
Then : [list]1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic=209065
2. In the second window (Browse to the file you want to submit: ) browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button :thumbup2:

Still having problems ?

Greetings,
Thunder

Edited by Thunder, 16 March 2009 - 05:30 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 threeplus10

threeplus10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 20 March 2009 - 06:33 PM

Again: Thank you for your help!!!
You are a life saver!! :thumbup2:

Updates:
-I did the ComboFix cleanup that you suggested & attached that file.

-Then I ran DDS just now & that log is located at the end of this post. I have also zipped & attached the "Attach" log. (unsure if you will need it)

-I also submitted the Zip file (that ComboFix created last time) that you requested to the link that you gave me.

-The computer is working MUCH better than it was.

-The only problems now are:
1.The computer is a bit slower than I remember. (maybe some general cleaning is needed???)
2. There is still no sound. The only sounds I can hear are the beeps & clicks that come from the tower when the computer is running ComboFix or under load. I can't get any sound to come from my speakers!! :)

Thanks again
-alex-

Here is the DDS log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 16:06:56.92 on 2009-03-20
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.270 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\V0220Mon.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\deedeeES.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost;*.local
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [V0220Mon.exe] c:\windows\V0220Mon.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
Trusted Zone: unlv.edu\register
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\agnqa97z.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\agnqa97z.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {04FC0E8B-077F-46D0-A86F-B9107FC3816B} - c:\documents and settings\owner\local settings\application data\{04FC0E8B-077F-46D0-A86F-B9107FC3816B}

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-13 40840]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-3-2 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-3-2 39184]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-13 11840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-13 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-13 81288]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-2 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-13 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-13 151297]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-3-2 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-3-2 146800]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-13 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-13 1079176]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-16 24652]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-13 52032]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-3-2 95640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-3-2 33040]
S2 Ca533av;Mega DV(Video);c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S2 mrtRate;mrtRate; [x]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2006-11-24 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2006-11-24 6272]

=============== Created Last 30 ================

2009-03-16 21:16 <DIR> --d----- C:\lion
2009-03-13 08:31 <DIR> --d----- c:\program files\Avira
2009-03-13 08:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-13 01:34 161,792 a------- c:\windows\SWREG.exe
2009-03-13 01:34 98,816 a------- c:\windows\sed.exe
2009-03-02 22:10 368,961 a------- C:\thedds.scr
2009-03-02 21:29 <DIR> --d----- c:\docume~1\owner\applic~1\PCToolsFirewallPlus
2009-03-02 18:51 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-02 18:51 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-02 18:51 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-02 18:50 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-03-02 18:50 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-03-02 18:35 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-03-02 17:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-02 17:39 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-03-02 17:39 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-03-02 17:39 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-03-02 17:39 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-03-02 17:39 <DIR> --d----- c:\program files\ThreatFire
2009-03-02 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-23 17:21 <DIR> --d----- c:\program files\CleanMyPC
2009-02-20 01:48 <DIR> --d----- c:\program files\Crawler
2009-02-20 01:48 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-20 01:48 <DIR> --d----- c:\docume~1\owner\applic~1\Spyware Terminator
2009-02-20 01:47 <DIR> --d----- c:\program files\Spyware Terminator
2009-02-20 01:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator

==================== Find3M ====================

2009-03-03 13:29 14,336 a------- c:\windows\system32\svchost.exe
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2007-02-13 03:02 13 -c--h--- c:\docume~1\alluse~1\applic~1\3113.sys

============= FINISH: 16:08:35.93 ===============

Attached Files



#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:26 PM

Posted 23 March 2009 - 05:31 PM

Hello Threeplus10,

Can you run GooredFix one more time and post the log, as well as a fresh DDS log in your next reply ?

Looks like something got left behind. :thumbup2:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 threeplus10

threeplus10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 23 March 2009 - 08:00 PM

Hello Again Thunder!!

Here is my GooredFix log: (is it supposed to be that small??)

GooredFix v1.92 by jpshortstuff
Log created at 17:45 on 23/03/2009 running Option #2 (Owner)
Firefox version 3.0.7 (en-US)
(Subsequent Run)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{04FC0E8B-077F-46D0-A86F-B9107FC3816B}"="C:\Documents and Settings\Owner\Local Settings\Application Data\{04FC0E8B-077F-46D0-A86F-B9107FC3816B}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Owner\Local Settings\Application Data\{04FC0E8B-077F-46D0-A86F-B9107FC3816B}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"="C:\Program Files\Crawler\Toolbar\firefox\"


Also: I've attached my DDS Log & Attach files from today too!!

Thanks for everything!! :thumbup2:
-alex-

Attached Files



#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:26 PM

Posted 24 March 2009 - 07:18 AM

Hello Threeplus10,

That's more like it. :thumbup2:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the Download button to the right of Java SE Runtime Environment (JRE) 6 Update 11 (first option).
  • Select your Platform (Windows version) and check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click "Continue" and the page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users