Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several spyware/malware problems


  • This topic is locked This topic is locked
4 replies to this topic

#1 Maelstrom7

Maelstrom7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 06 April 2009 - 12:47 PM

Hello everyone, I am new here. :thumbup2:

For a while now my computer has been plagued by several problems. I have tried Symantec AntiVirus, SpyBot S&D and Ad-Aware to no avail. I now turn to you as a friend of mine has recommended this site.

Here's a description of the problems I'm encountering:
-Every time I restart my computer the proxy settings in Firefox are changed, sometimes making it impossible to connect to the Internet. I can fix this manually but I have to do so after each reboot and the problem returns eventually.
-Search-sites such as Google etc. send me to bogus sites when I click on search results.
-I get Internet Explorer pop-ups regularly even though I only use Firefox.
-I get a dll32 error upon start-up.
-Sometimes the desktop will stop responding altogether.

I don't know if this is of any help, but Symantec keeps notifying me about these 4 infected files, which it can't seem to do anything about:
C:\WINDOWS\SYSTEM32\winghy32.dll
C:\WINDOWS\mstre15.exe
C:\WINDOWS\pp06.exe
C:\Program Files\websrvx\websrvx.exe

Finally, here is a copy of my DDS log. Any help would be highly appreciated, thank you very much in advance!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 13:19:28.70 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.97 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\windows\pp06.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\websrvx\websrvx.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/puccini/start
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: D: {4c4e7366-9d8d-3a38-bfcf-9c5385832285} - c:\windows\system32\dq93524.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: jimmyhelp.CBrowserHelper: {7d25ddd3-51f5-45e9-b6bd-a60e3d2e6ada} - c:\windows\gicvoyxqv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoreResults: {5ec7b858-e542-47ee-acfd-64d5808a6cce} - c:\program files\moreresults\MoreResults.dll
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SmileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [nfra] c:\windows\nfra.exe
uRun: [dll] rundll32 dll32,sm
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
mRun: [DDCM] "c:\program files\wildtangent\ddc\ddcmanager\DDCMan.exe" -Background
mRun: [DDCActiveMenu] "c:\program files\wildtangent\ddc\activemenu\DDCActiveMenu.exe" -boot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [S3apphk] S3apphk.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [checktime] c:\program files\hpselect\frontend\ct.exe
mRun: [ButtonMonitor] S200
mRun: [D-Link Air Utility] c:\program files\d-link\air utility\AirCFG.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [MoreResults] c:\program files\moreresults\MoreResults.exe
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [pp] c:\windows\pp06.exe
mRun: [sysldtray] c:\windows\ld02.exe
mRun: [sysmstray] c:\windows\mstre15.exe
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pow!.lnk - c:\program files\analogx\pow\pow.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,75/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
Notify: winghy32 - winghy32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\wrj96b4y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\wrj96b4y.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-11-2 114749]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe [2009-3-4 9728]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090403.004\NAVENG.sys [2009-4-3 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090403.004\NAVEX15.sys [2009-4-3 876144]
S2 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart --> c:\program files\newdotnet\nnrun.exe [?]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\drivers\PRISMNDS.sys [2004-1-9 652288]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2002-3-21 144860]

=============== Created Last 30 ================

2009-04-06 13:05 <DIR> --d----- c:\program files\Trend Micro
2009-04-02 06:13 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-02 06:13 11,776 -------- c:\windows\pp06.exe
2009-04-01 12:06 2 ----h--- c:\windows\t55ft2784f44.dat
2009-03-26 16:31 2 ----h--- c:\windows\t55ft2809f44.dat
2009-03-26 07:16 1 a------- c:\windows\9g234sdff3d23dfgjf23
2009-03-24 10:25 1 a------- c:\windows\9g234sdfdfgjf23
2009-03-24 10:25 1 ----h--- c:\windows\f23567.dat
2009-03-24 10:25 1 ----h--- c:\windows\msmark2.dat
2009-03-24 10:25 24,576 -------- c:\windows\mstre15.exe
2009-03-24 10:25 2 ----h--- c:\windows\t55ft2810f44.dat
2009-03-24 10:25 2 ----h--- c:\windows\t55ft2792f44.dat
2009-03-24 10:25 2 ----h--- c:\windows\t55ft2808f44.dat
2009-03-24 10:24 196,608 a------- c:\windows\system32\dq93524.dll
2009-03-24 05:27 1,409 a------- c:\windows\QTFont.for
2009-03-24 05:27 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-13 03:03 206 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-03-04 12:37 176,128 a------- c:\windows\system32\hq48036.dll
2009-03-04 12:37 182,784 a------- c:\program files\KB30266.exe
2009-03-04 10:37 176,128 a------- c:\windows\system32\hq10437.dll
2009-02-28 13:52 176,128 a------- c:\windows\system32\hq86081.dll
2009-02-19 01:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-16 19:20 575 a---h--- C:\os455975.bin
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 19:49 39,424 -------- c:\windows\system32\winghy32.dll
2004-06-08 17:44 171,715 a------- c:\docume~1\owner\applic~1\tvmknwrd.dll
2001-04-03 12:54 36,864 a------- c:\windows\inf\Option.exe
2008-08-16 14:15 104 ---shr-- c:\windows\system32\A2B53FBA91.sys
2008-08-16 14:16 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-11 03:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat

============= FINISH: 13:20:44.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:05 PM

Posted 06 April 2009 - 04:42 PM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In case you lost internet access after performing above instructions:

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Maelstrom7

Maelstrom7
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 11 April 2009 - 10:03 PM

Thank you for your fast response!

I have performed the steps you suggested and Anti-Malware seems to have removed the problems. :thumbup2:
Just in case, here is the MBAM log as well as a new DDS log:



Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

4/6/2009 3:04:06 PM
mbam-log-2009-04-06 (15-04-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 180413
Time elapsed: 1 hour(s), 8 minute(s), 43 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
C:\Program Files\websrvx\websrvx.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\winghy32.dll (Dialer) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winghy32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c4e7366-9d8d-3a38-bfcf-9c5385832285} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c4e7366-9d8d-3a38-bfcf-9c5385832285} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Trojan.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfra (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\websrvx\websrvx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Program Files\websrvx\upx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2784f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2792f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2808f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2809f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2810f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft3223f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft3518f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\pp06.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\winghy32.dll (Dialer) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB30266.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pp1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dq93524.dll (Trojan.BHO) -> Delete on reboot.



Attached File  Attach.txt   9.52KB   15 downloads

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 22:57:18.54 on Sat 04/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.123 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/puccini/start
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: jimmyhelp.CBrowserHelper: {7d25ddd3-51f5-45e9-b6bd-a60e3d2e6ada} - c:\windows\gicvoyxqv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoreResults: {5ec7b858-e542-47ee-acfd-64d5808a6cce} - c:\program files\moreresults\MoreResults.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SmileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [S3apphk] S3apphk.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [checktime] c:\program files\hpselect\frontend\ct.exe
mRun: [ButtonMonitor] S200
mRun: [D-Link Air Utility] c:\program files\d-link\air utility\AirCFG.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pow!.lnk - c:\program files\analogx\pow\pow.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,75/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\wrj96b4y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\wrj96b4y.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-11-2 114749]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\NAVENG.sys [2009-4-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\NAVEX15.sys [2009-4-10 876144]
S2 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart --> c:\program files\newdotnet\nnrun.exe [?]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\drivers\PRISMNDS.sys [2004-1-9 652288]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2002-3-21 144860]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2009-04-06 13:52 743,621 a------- c:\windows\system32\RPUpdates.zip
2009-04-06 13:52 45 a------- c:\windows\system32\RPVersion.ini
2009-04-06 13:52 86,016 a------- c:\windows\unvise32.exe
2009-04-06 13:51 <DIR> --d----- c:\program files\RegistryPatrol3.0
2009-04-06 13:44 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-06 13:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-06 13:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-06 13:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 13:05 <DIR> --d----- c:\program files\Trend Micro
2009-04-02 06:13 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-03-26 07:16 1 a------- c:\windows\9g234sdff3d23dfgjf23
2009-03-24 10:25 1 a------- c:\windows\9g234sdfdfgjf23
2009-03-24 10:25 1 ----h--- c:\windows\f23567.dat
2009-03-24 05:27 1,409 a------- c:\windows\QTFont.for
2009-03-24 05:27 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-13 03:03 206 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-03-04 12:37 176,128 a------- c:\windows\system32\hq48036.dll
2009-03-04 10:37 176,128 a------- c:\windows\system32\hq10437.dll
2009-02-28 13:52 176,128 a------- c:\windows\system32\hq86081.dll
2009-02-19 01:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-16 19:20 575 a---h--- C:\os455975.bin
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2001-04-03 12:54 36,864 a------- c:\windows\inf\Option.exe
2008-08-16 14:15 104 ---shr-- c:\windows\system32\A2B53FBA91.sys
2008-08-16 14:16 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-11 03:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat

============= FINISH: 22:58:46.78 ===============

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:05 PM

Posted 12 April 2009 - 05:07 AM

Hello,

* Download Trend Micro Hijack This™
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:05 PM

Posted 26 April 2009 - 09:27 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users