Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS Note pad


  • Please log in to reply
1 reply to this topic

#1 Sir anthony hopkins

Sir anthony hopkins

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 23 March 2009 - 11:20 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Snaddon Family at 17:06:31.45 on Tue 24/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.64.1033.18.954.121 [GMT 13:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Snaddon Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.xtra.co.nz
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=83&bd=Presario&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=83&bd=Presario&pf=cnnb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-nz\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-23 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-17 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-17 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-17 298264]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-15 28933976]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-2 361808]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-19 348752]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-2 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-5 113664]

=============== Created Last 30 ================

2009-03-23 16:33 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-23 16:33 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-23 16:33 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-23 16:32 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-23 16:32 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-23 16:32 <DIR> --d----- c:\programdata\PC Tools
2009-03-23 16:32 <DIR> --d----- c:\progra~2\PC Tools
2009-03-14 13:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-13 14:29 <DIR> --d----- c:\program files\common files\SWF Studio
2009-03-13 14:22 155,648 a------- c:\windows\system32\FFRAFLIB.DLL
2009-03-13 14:22 274,432 a------- c:\windows\system32\FFTIFF16.dll
2009-03-12 13:02 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-12 13:02 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-12 13:02 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-12 13:02 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-12 12:59 268,288 a------- c:\windows\system32\schannel.dll
2009-03-12 12:57 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-06 19:14 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-28 18:14 <DIR> --d----- c:\users\snaddo~1\appdata\roaming\NCH Software
2009-02-27 20:42 <DIR> --d----- c:\programdata\Nero
2009-02-27 20:42 <DIR> --d----- c:\program files\Nero
2009-02-27 20:42 <DIR> --d----- c:\progra~2\Nero
2009-02-25 18:02 <DIR> --d----- c:\users\snaddo~1\appdata\roaming\Uniblue

==================== Find3M ====================

2009-03-24 16:53 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-24 16:53 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-24 16:53 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-01 11:06 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-01 11:06 86,016 a------- c:\windows\inf\infstor.dat
2009-03-01 11:06 51,200 a------- c:\windows\inf\infpub.dat
2009-02-15 20:08 87,608 a------- c:\users\snaddo~1\appdata\roaming\inst.exe
2009-02-15 20:08 47,360 a------- c:\users\snaddo~1\appdata\roaming\pcouffin.sys
2009-01-15 19:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-12 21:38 157,428 a------- c:\windows\hpoins27.dat
2008-08-02 11:13 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 15:57 174 a--sh--- c:\program files\desktop.ini
2006-11-03 01:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-03 01:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-03 01:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-03 01:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 22:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 22:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 22:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 22:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:07:46.94 ===============

BC AdBot (Login to Remove)

 


#2 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:09:47 PM

Posted 01 April 2009 - 06:28 PM

H iSir anthony hopkins,

Welcome to the BleepingComputer forums.

We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.

If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.

If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.

===Very Important===

The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.

=================


A few things which will make our fix go more smoothly.
  • Please >> DO NOT<< run any scans/tools or other fixes unless I ask you to.
  • Please DO NOT install any software while we are working.
  • Please Do not skip any steps. With some infections skipping a step can be disastrous.
  • If there is something you don't understand or or are unsure of -- please stop and take a moment to ask about it.
  • If you are running P2P filesharing program(s). My recommendation is you uninstall it/them.
  • Remove any cracked/pirated software. I will immediately stop helping you if I discover any.
The most important thing to remember is to be patient. Very seldom can we remove the entire infection in one go. Many of today's infections install other infections and for the most part they do not like to go quietly. :)

Please reply to this thread and let me know whether or not you still need help. Please describe the symptoms you're having. Be as detailed as possible. Thanks -- SCB m :thumbup2:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users