Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there anything wrong in here?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mergatroyd

Mergatroyd

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 05 April 2009 - 01:31 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Debbi Peck at 14:24:57.07 on Sun 04/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.15 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Debbi Peck\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://drudgereport.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_12_0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: {c1d458f1-b97c-11d5-b3df-00b0d0a5b433} - Wavexpress BHO
TB: {EC438C92-C5DE-4D36-BC16-CD09982DBA28} - No File
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_12_0.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {D6A116E7-5906-42E4-87F6-E7E15936415E} - No File
uRun: [IgfxTray] c:\windows\system32\igfxtray.exe
uRun: [HP Component Manager] c:\program files\hp\hpcoretech\hpcmpmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BCMSMMSG] BCMSMMSG.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} - hxxp://idsm.citadelprocessing.com/SafeCommon/downloads/WalletCab.CAB
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/295a1e947b54049aa415/netzip/RdxIE601.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2003-11-3 4064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2003-1-25 77312]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [2003-1-25 18432]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2001-8-17 114944]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?]

=============== Created Last 30 ================

2009-04-05 12:14 812,344 a------- c:\program files\HJTsetup.exe
2009-04-05 12:02 <DIR> --d----- c:\program files\Trend Micro
2009-04-05 01:01 <DIR> --d----- c:\windows\LastGood.Tmp
2009-04-04 22:26 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 22:26 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 22:26 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-04 22:26 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 22:26 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 22:26 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-04 22:26 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 22:26 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 22:26 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-02 21:23 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-04-02 21:23 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-04-02 21:19 19,569 a------- c:\windows\006068_.tmp
2009-04-02 10:56 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-02 10:01 3,594,752 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-04-02 10:00 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-04-02 09:58 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-03-30 22:56 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-30 22:21 <DIR> --d----- c:\program files\lspfix
2009-03-30 22:20 201,030 a------- c:\program files\lspfix.zip
2009-03-30 22:10 318,369 a------- c:\program files\HiJackThis.zip
2009-03-23 23:18 7,208 -------- c:\windows\system32\secupd.sig
2009-03-23 23:18 4,569 -------- c:\windows\system32\secupd.dat
2009-03-23 23:17 56,700 a------- c:\windows\system32\ieuinit.inf
2009-03-23 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-23 22:52 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-23 22:52 <DIR> --d----- c:\docume~1\debbip~1\applic~1\SUPERAntiSpyware.com
2009-03-23 22:05 1,082,368 a------- c:\windows\system32\esent.dll
2009-03-21 15:56 1,106,944 a------- c:\windows\system32\msxml3.dll
2009-03-21 15:56 1,084,416 a------- c:\windows\system32\msxml3(3).dll
2009-03-21 15:56 68,096 a------- c:\windows\system32\webclnt.dll
2009-03-21 15:55 249,856 a------- c:\windows\system32\tapisrv.dll
2009-03-21 15:55 60,416 a------- c:\windows\system32\colbact.dll
2009-03-21 15:55 246,272 a------- c:\windows\system32\es.dll
2009-03-21 15:55 243,200 a------- c:\windows\system32\es(3).dll
2009-03-21 15:55 226,304 a------- c:\windows\system32\catsrv.dll
2009-03-21 15:55 498,688 a------- c:\windows\system32\clbcatq.dll
2009-03-21 15:55 625,664 a------- c:\windows\system32\catsrvut.dll
2009-03-21 15:55 584,704 a------- c:\windows\system32\rpcrt4.dll
2009-03-21 15:55 74,752 a------- c:\windows\system32\olecli32.dll
2009-03-21 15:55 1,267,200 a------- c:\windows\system32\comsvcs.dll
2009-03-21 15:55 399,360 a------- c:\windows\system32\rpcss.dll
2009-03-21 15:55 1,287,168 a------- c:\windows\system32\ole32.dll
2009-03-21 15:54 198,144 a------- c:\windows\system32\netman.dll
2009-03-21 15:54 74,240 a------- c:\windows\system32\mscms(2).dll
2009-03-21 15:54 73,728 a------- c:\windows\system32\mscms.dll
2009-03-21 15:53 101,888 a------- c:\windows\system32\cscdll.dll
2009-03-20 21:48 1,435,648 a------- c:\windows\system32\query.dll
2009-03-20 21:45 123,392 a------- c:\windows\system32\umpnpmgr.dll
2009-03-19 00:00 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-03-19 00:00 354,304 a------- c:\windows\system32\winhttp.dll
2009-03-18 23:43 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-03-18 23:40 151,552 a------- c:\windows\system32\igfxres.dll
2009-03-18 23:40 191,488 a------- c:\windows\system32\iuengine.dll
2009-03-18 23:27 65,024 ac------ c:\windows\system32\dllcache\unicdime.ime
2009-03-18 23:26 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-03-18 23:25 605,696 ac------ c:\windows\system32\dllcache\getuname.dll
2009-03-18 23:24 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-03-18 23:24 <DIR> --d----- c:\program files\msn gaming zone
2009-03-18 23:23 1,106,944 ac------ c:\windows\system32\dllcache\msxml3.dll
2009-03-18 23:09 61,440 ac------ c:\windows\system32\dllcache\icwres.dll
2009-03-18 23:09 40,960 ac------ c:\windows\system32\dllcache\trialoc.dll
2009-03-18 23:09 73,728 ac------ c:\windows\system32\dllcache\icwtutor.exe
2009-03-18 23:00 7,046 a----r-- c:\windows\SET8E.tmp
2009-03-18 23:00 13,608 a----r-- c:\windows\SET7C.tmp
2009-03-18 23:00 1,086,182 a----r-- c:\windows\SET70.tmp
2009-03-18 22:54 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-18 22:52 252,928 a------- c:\windows\system32\msoeacct.dll
2009-03-18 22:52 105,984 a------- c:\windows\system32\msoert2.dll
2009-03-18 22:52 691,712 a------- c:\windows\system32\inetcomm.dll
2009-03-18 22:52 274,944 a------- c:\windows\system32\mstask.dll
2009-03-18 22:52 192,512 a------- c:\windows\system32\schedsvc.dll
2009-03-18 22:52 12,288 a------- c:\windows\system32\mstinit.exe
2009-03-18 22:48 58,880 a------- c:\windows\system32\licwmi.dll
2009-03-18 22:48 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-03-18 22:46 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-03-18 22:46 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-03-18 22:46 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-18 22:46 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-03-18 22:43 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-03-18 22:41 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-03-18 22:41 13,312 a------- c:\windows\system32\irclass.dll
2009-03-18 22:41 11,264 a------- c:\windows\system32\drivers\irenum.sys
2009-03-18 22:41 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-03-18 22:41 146,432 a------- c:\windows\system\winspool.drv
2009-03-18 22:41 24,661 a------- c:\windows\system32\spxcoins.dll
2009-03-18 22:41 74,752 a------- c:\windows\system32\storprop.dll
2009-03-18 22:40 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-03-18 22:40 13,472 ac------ c:\windows\system32\dllcache\HPCRDP.CAT
2009-03-18 22:40 8,574 ac------ c:\windows\system32\dllcache\IASNT4.CAT
2009-03-18 22:40 7,046 ac------ c:\windows\system32\dllcache\OEMBIOS.CAT
2009-03-18 22:40 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-18 22:40 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-03-18 22:40 7,046 a----r-- c:\windows\SETE2.tmp
2009-03-18 22:40 13,608 a----r-- c:\windows\SETD0.tmp
2009-03-18 22:40 1,086,182 a----r-- c:\windows\SETC4.tmp
2009-03-18 22:37 1,122,665 a------- c:\windows\setupapi.log.0.old
2009-03-18 14:25 <DIR> --dsh--- C:\found.001
2009-03-17 20:26 <DIR> --d----- C:\1c0255e2903f027620596867b0
2009-03-17 20:18 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-17 19:47 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-17 19:47 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-17 19:47 <DIR> --d----- C:\df89b8e2cc861c3bf9e9a5eaf50f9dcd
2009-03-17 19:47 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-17 19:46 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-17 19:36 <DIR> --d----- C:\f98caf4dbc9c8b02e780
2009-03-17 19:35 <DIR> --d----- C:\1a6ccd3db3c0fe738c2de8

==================== Find3M ====================

2009-03-18 23:08 23,316 ac------ c:\windows\system32\emptyregdb.dat
2007-09-05 14:33 4,786,901 ac------ c:\documents and settings\all users\Documents.zip
2007-08-14 20:32 69,352 ac------ c:\docume~1\debbip~1\applic~1\GDIPFONTCACHEV1.DAT
2004-05-06 20:49 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2003-12-04 23:20 10,135,688 ac------ c:\program files\MPSetupXP.exe
2003-11-06 21:43 243,351,552 ac------ c:\program files\col3927.exe
2003-11-06 21:22 124,416 ac------ c:\program files\COL4425en.exe
2003-11-06 20:49 88,064 ac------ c:\program files\col4549.exe
2003-11-06 20:47 189,440 ac------ c:\program files\sj801mu.exe
2003-11-06 20:02 8,714,203 ac------ c:\program files\STUFFITS.EXE
2003-02-18 21:42 2,680,665 ac------ c:\program files\pdc640ins2e.exe

============= FINISH: 14:26:27.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:51 AM

Posted 15 April 2009 - 12:19 AM

Hello Mergatroyd,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Mergatroyd

Mergatroyd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 15 April 2009 - 07:19 PM

Thanks tea.

Here's the Hijack This log. Things are working much faster and better now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:45 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Debbi Peck\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Wavexpress BHO - {C1D458F1-B97C-11D5-B3DF-00B0D0A5B433} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BCMSMMSG] BCMSMMSG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelprocessing.com/SafeComm...s/WalletCab.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5815 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:51 AM

Posted 15 April 2009 - 07:38 PM

Hello there,

Things are working much faster and better now.

Did you do something to make it better? Please let me know what you did so I don't accidentally duplicate it. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Mergatroyd

Mergatroyd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 15 April 2009 - 08:48 PM

Well, someone had me use combofix, spybot, etc. and I also figured out how to delete a bunch of email from my Outlook Express Delete folder (I had about 2,500 messages stuck in the Delete folder)

Also, I had too many programs opening at Start Up, so that was really slow, but now I pared that down, and start up is much faster.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:51 AM

Posted 15 April 2009 - 08:56 PM

Hello,

Someone? Here on the forum....or.....?? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Mergatroyd

Mergatroyd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 15 April 2009 - 09:00 PM

Here, did you see my message?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:51 AM

Posted 15 April 2009 - 09:29 PM

I haven't seen anything other than what you posted in this thread. Could you please tell me who told you to use ComboFix? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:51 AM

Posted 08 May 2009 - 01:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users