Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe keeps restarting


  • This topic is locked This topic is locked
25 replies to this topic

#16 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:42 AM

Posted 15 April 2009 - 07:54 PM

Hello,

What do you mean? We can skip the online scan, just remembered we already ran one.

Edited by Jat90, 15 April 2009 - 07:55 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

BC AdBot (Login to Remove)

 


#17 lolopop81

lolopop81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 15 April 2009 - 07:56 PM

What do I do next then?

#18 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:42 AM

Posted 15 April 2009 - 08:02 PM

Viewpoint

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

ReScan

Please rescan with DDS and post DDS.txt
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#19 lolopop81

lolopop81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 15 April 2009 - 08:05 PM

None of those are in my Add and Remove Programs List.

#20 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:42 AM

Posted 15 April 2009 - 08:06 PM

Ok, please rescan with DDS
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#21 lolopop81

lolopop81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 15 April 2009 - 08:11 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:09:21.87 on Wed 04/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.67 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: roblox.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202671746304
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190779466356
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190779604815
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\e6icf8s1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.mozilla.com
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-12-3 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-3 272128]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\liberkey\apps\mediacoder\app\mediacoder\sysinfo.sys --> c:\liberkey\apps\mediacoder\app\mediacoder\SysInfo.sys [?]
S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2007-9-24 11935]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-12-3 13532]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2009-04-15 20:09 <DIR> --d----- C:\Tmp
2009-04-15 19:22 161,792 a------- c:\windows\SWREG.exe
2009-04-15 19:22 98,816 a------- c:\windows\sed.exe
2009-04-15 18:57 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-04-15 18:52 <DIR> --d----- c:\program files\RapidSolution
2009-04-15 18:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-04-14 06:25 <DIR> a-dshr-- C:\cmdcons
2009-04-13 13:45 0 a------- c:\documents and settings\owner\tweaks.reg
2009-04-13 11:44 <DIR> --d----- c:\program files\XCLIENT
2009-04-13 09:41 163,840 a------- c:\windows\system32\SecureNet.dll
2009-04-13 09:41 1,126,400 a------- c:\windows\system32\libeay32.dll
2009-04-13 09:41 204,800 a------- c:\windows\system32\ssleay32.dll
2009-04-13 09:41 <DIR> --d----- c:\program files\Hide My IP 2009
2009-04-12 19:32 <DIR> --d----- c:\program files\Nancy Drew
2009-04-10 16:01 372,736 a------- c:\windows\system32\xvid.ax
2009-04-09 17:28 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2009-04-09 06:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-07 16:45 45,672 a------- c:\windows\system32\uptime.exe
2009-04-05 18:23 <DIR> --d----- C:\Nancy Drew
2009-04-05 17:56 77 a------- c:\documents and settings\owner\Notepad.vbs
2009-04-05 13:37 <DIR> --d----- c:\program files\Lavasoft
2009-04-05 08:27 <DIR> --d----- c:\program files\AVG
2009-04-04 16:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-03 17:55 <DIR> --d----- C:\VundoFix Backups
2009-03-31 18:57 <DIR> --d----- c:\program files\PermissionResearch
2009-03-31 16:14 <DIR> --d----- c:\program files\Messenger
2009-03-28 20:02 <DIR> --d----- c:\program files\Cheat Engine
2009-03-24 16:33 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-03-24 16:01 <DIR> --d----- c:\docume~1\owner\applic~1\uTorrent
2009-03-24 06:43 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-03-23 19:00 <DIR> --d----- c:\windows\ie8updates
2009-03-23 18:58 <DIR> --d----- c:\program files\Yahoo!
2009-03-23 18:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-23 18:46 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-22 16:25 <DIR> --d----- c:\docume~1\owner\applic~1\eMule
2009-03-22 16:24 <DIR> --d----- C:\YouTubeDownload
2009-03-22 16:24 <DIR> --d----- C:\ConverterOutput
2009-03-19 07:03 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-04-14 17:23 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-22 14:27 2,320,000 a------- c:\windows\system32\TUKernel.exe
2009-02-22 14:13 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-08 09:51 4,585,472 a------- c:\windows\system32\logonuiX.exe
2009-01-30 20:56 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-27 17:42 5,068,152 a------- c:\windows\system32\SpoonUninstall.exe
2009-01-25 17:39 39,424 a------- c:\windows\zipinst.exe
2008-01-29 16:14 35,520 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2007-12-26 11:11 0 ac------ c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 20:10:48.45 ===============

#22 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:42 AM

Posted 16 April 2009 - 05:32 AM

Hello,

Install Antivirus

You are missing one important program on that computer: An antivirus.
I am not surprised you are infected. This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

ReScan

Please rescan with DDS and post DDS.txt
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#23 lolopop81

lolopop81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 16 April 2009 - 04:02 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:59:52.96 on Thu 04/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.91 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: roblox.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1202671746304
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190779466356
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190779604815
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\e6icf8s1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.mozilla.com
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-16 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-16 55640]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-12-3 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-3 272128]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\liberkey\apps\mediacoder\app\mediacoder\sysinfo.sys --> c:\liberkey\apps\mediacoder\app\mediacoder\SysInfo.sys [?]
S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2007-9-24 11935]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-12-3 13532]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2009-04-16 06:38 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-16 06:37 <DIR> --d----- c:\program files\Avira
2009-04-16 06:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-15 20:09 <DIR> --d----- C:\Tmp
2009-04-15 19:22 161,792 a------- c:\windows\SWREG.exe
2009-04-15 19:22 98,816 a------- c:\windows\sed.exe
2009-04-15 18:57 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-04-15 18:52 <DIR> --d----- c:\program files\RapidSolution
2009-04-15 18:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-04-15 16:00 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:00 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-15 16:00 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-15 16:00 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:00 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 16:00 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:00 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:00 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:00 723,456 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:00 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 15:59 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-15 15:59 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 15:59 2,180,480 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-15 15:59 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-15 15:59 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-15 15:54 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 06:25 <DIR> a-dshr-- C:\cmdcons
2009-04-13 13:45 0 a------- c:\documents and settings\owner\tweaks.reg
2009-04-13 11:44 <DIR> --d----- c:\program files\XCLIENT
2009-04-13 09:41 163,840 a------- c:\windows\system32\SecureNet.dll
2009-04-13 09:41 1,126,400 a------- c:\windows\system32\libeay32.dll
2009-04-13 09:41 204,800 a------- c:\windows\system32\ssleay32.dll
2009-04-13 09:41 <DIR> --d----- c:\program files\Hide My IP 2009
2009-04-12 19:32 <DIR> --d----- c:\program files\Nancy Drew
2009-04-10 16:01 372,736 a------- c:\windows\system32\xvid.ax
2009-04-09 17:28 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2009-04-07 16:45 45,672 a------- c:\windows\system32\uptime.exe
2009-04-05 18:23 <DIR> --d----- C:\Nancy Drew
2009-04-05 17:56 77 a------- c:\documents and settings\owner\Notepad.vbs
2009-04-05 13:37 <DIR> --d----- c:\program files\Lavasoft
2009-04-05 08:27 <DIR> --d----- c:\program files\AVG
2009-04-04 16:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-03 17:55 <DIR> --d----- C:\VundoFix Backups
2009-03-31 18:57 <DIR> --d----- c:\program files\PermissionResearch
2009-03-31 16:14 <DIR> --d----- c:\program files\Messenger
2009-03-28 20:02 <DIR> --d----- c:\program files\Cheat Engine
2009-03-24 16:33 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-03-24 16:01 <DIR> --d----- c:\docume~1\owner\applic~1\uTorrent
2009-03-24 06:43 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-03-23 19:00 <DIR> --d----- c:\windows\ie8updates
2009-03-23 18:58 <DIR> --d----- c:\program files\Yahoo!
2009-03-23 18:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-23 18:46 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-22 16:25 <DIR> --d----- c:\docume~1\owner\applic~1\eMule
2009-03-22 16:24 <DIR> --d----- C:\YouTubeDownload
2009-03-22 16:24 <DIR> --d----- C:\ConverterOutput
2009-03-21 09:18 986,112 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-19 07:03 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-04-14 17:23 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 09:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-22 14:27 2,320,000 a------- c:\windows\system32\TUKernel.exe
2009-02-22 14:13 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-02-09 05:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 05:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-08 09:51 4,585,472 a------- c:\windows\system32\logonuiX.exe
2009-02-06 12:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 12:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 11:54 35,328 -------- c:\windows\system32\sc.exe
2009-02-06 11:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:08 55,808 a------- c:\windows\system32\secur32.dll
2009-01-30 20:56 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-27 17:42 5,068,152 a------- c:\windows\system32\SpoonUninstall.exe
2009-01-25 17:39 39,424 a------- c:\windows\zipinst.exe
2008-01-29 16:14 35,520 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2007-12-26 11:11 0 ac------ c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 16:01:20.79 ===============

#24 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:42 AM

Posted 18 April 2009 - 06:01 AM

Congratulations you are now clean! :thumbup2:

We should tidy up our mess though.

Uninstall ComboFix
  • Go to Start, then click Run
  • In the box, type: Combofix /u
  • Press Enter or click ok, and ComboFix will uninstall. Refer to the picture below if unsure.
Posted Image

Other Deletions

Locate where you saved DDS.exe, right click the file and select Delete.



Take a read of this excellent tutorial:

Simple and easy ways to keep your computer safe and secure on the Internet


Disable and Enable System Restore.

You should disable and re-enable system restore to make sure there are no infected files found in a restore point. You should now create a new restore point, since your system is clean.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

Visit Microsoft's Windows Update Site Frequently
  • It is important that you visit http://www.windowsupdate.com regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
System still slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Use a Firewall

Some good free firewalls are:Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

Next, I would recommend the download and installation of some (I would say two is enough) of the following programs:

Spybot© - Search and Destroy
  • This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
  • You should also scan your computer with program on a regular basis just as you would an anti virus software.
SUPERAntiSpyware
  • You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
  • Each antispyware product has different detection rates for different infections, using different products therefore increases your chances of finding and killing most malware.
MalwareBytes' Anti-Malware
  • Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.
  • Ability to perform full scans for all drives.
  • The "Quick Scan" option lets the user scan the computer quickly checking for the most damaging threats and completing in usually under 10 minutes.
Javacools© SpywareBlaster
  • SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Glad I could Help :)
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#25 lolopop81

lolopop81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 18 April 2009 - 08:40 AM

Thanks for your help with my problem! :thumbup2:

#26 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:42 AM

Posted 18 April 2009 - 01:20 PM

No Problem

Since the problem appears to be resolved, this topic is now Closed. Glad I could help.
If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users