Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Microsoft Office 2016 Updated on Windows Desktop With New Features for Insiders

Featured Deal: Get 98% off The Ultimate IT Certification Training Bundle Deal

Photo

Beyond several missing files, am I still infected?

Started by CajunBadger , Apr 06 2009 04:44 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 CajunBadger

CajunBadger

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:09:23 AM

Posted 06 April 2009 - 04:44 PM

I cleaned off a bunch of malware from a friend's computer using several virus packages, Spyware Doctor, Webroot, and MalwareBytes' MBAM. I think I'm clean, but need to see if anything stands out. I know I've got some registry entries that are pointing to old files that were cleaned off (ie. smrtshpr.dll and alot.dll). Also IE still shows the bad BHO's listed though they were cleaned off (apparently not completely - or are they just "placeholders" for what was there before?). In running the log against one of the auto analyzers, ctfmon.exe gets marked as possibly being a coolwebsearch parasite variant. It is version 5.1.2600.5512 and sized at 15,360 bytes which fits but there were too many possible checksums to match against (unless I'm missunderstanding what I should be doing!).

And some of what got cleaned out was SmartShopper, Freeze.com toolbar, Seekeen, Zumie Search, and Relevant Knowledge...yes, it got way overloaded!

Does anything stand out in the logs? I plan on rerunning the scanners one more time - just ran Comodo's Antivirus and it detected something called installhelper.exe located in C:\Program Files\Common Files\Motive as having being infected with an unclassified malware. Sending it to VirusTotal.com, only two engines detect anything (Comodo - unclassified and DrWeb - DLoader.Trojan) so am thinking it's a false positive. Haven't been able to figure out exactly what it's for beyond something to do with communications (wireless, ...) but not sure it's needed. May stop the process that's running (McciCMService.exe) but guess that's for another topic *grin*. Otherwise was all clean, but a few more packages to run through again... Thanks in advance!

Here's my DDS.log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by martha at 16:32:18.31 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.406 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated)
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\HiJackThis v2.0.2\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\martha\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: SmartShopper: {2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [<NO NAME>]
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Piracy] "c:\program files\malwarebytes' anti-malware\mbam.exe" /piracy
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
uExplorerRun: [ir6anYTRGr] c:\documents and settings\all users\application data\bcjalolo\pmtkdudi.exe
mExplorerRun: [ir6anYTRGr] c:\documents and settings\all users\application data\bcjalolo\pmtkdudi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF}
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0}
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: AplMsg - {1807CA87-9E0B-A5AE-27A0-07D40EECA5ED} - c:\program files\fvzvohf\AplMsg.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-6 110992]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-6 700152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]

=============== Created Last 30 ================

2009-04-06 16:28 <DIR> --d----- c:\program files\winMd5Sum
2009-04-06 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-06 15:45 155,384 a------- c:\windows\system32\guard32.dll
2009-04-06 15:45 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-06 15:45 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-06 15:45 <DIR> --d----- c:\program files\COMODO
2009-04-06 15:30 <DIR> --d----- c:\program files\CCleaner
2009-04-06 15:08 <DIR> --d----- c:\documents and settings\martha\Incomplete
2009-04-06 15:08 <DIR> --d----- c:\docume~1\martha\applic~1\LimeWire Music
2009-04-06 06:57 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-05 22:01 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-05 21:59 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-05 21:59 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-05 21:59 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-05 21:59 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-05 21:59 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-05 21:59 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-05 21:59 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-05 21:50 <DIR> --d----- C:\Backups
2009-04-05 21:45 <DIR> --d----- c:\program files\Innovative Solutions
2009-04-05 21:18 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-04-05 21:18 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-04-05 21:18 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-04-05 21:18 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-04-05 21:18 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-04-05 21:18 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-04-05 21:18 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-04-05 21:18 221,184 a------- c:\windows\system32\dllcache\wmpns.dll
2009-04-05 21:18 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-04-05 21:16 19,016 a------- c:\windows\system32\dllcache\w926nd.sys
2009-04-05 21:15 794,399 a------- c:\windows\system32\dllcache\usr1806v.sys
2009-04-05 21:14 211,968 a------- c:\windows\system32\dllcache\um54scan.dll
2009-04-05 21:13 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys
2009-04-05 21:12 3,968 a------- c:\windows\system32\dllcache\swusbflt.sys
2009-04-05 21:11 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-04-05 21:10 33,792 a------- c:\windows\system32\dllcache\smb0w.dll
2009-04-05 21:09 161,568 a------- c:\windows\system32\dllcache\sgsmusb.sys
2009-04-05 21:08 75,392 a------- c:\windows\system32\dllcache\s3savmxm.sys
2009-04-05 21:07 30,720 a------- c:\windows\system32\dllcache\rthwcls.sys
2009-04-05 21:06 159,232 a------- c:\windows\system32\dllcache\ptpusd.dll
2009-04-05 21:05 86,016 a------- c:\windows\system32\dllcache\pctspk.exe
2009-04-05 21:04 25,088 a------- c:\windows\system32\dllcache\ovca.sys
2009-04-05 21:03 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-04-05 21:02 19,968 a------- c:\windows\system32\dllcache\mxnic.sys
2009-04-05 21:01 6,528 a------- c:\windows\system32\dllcache\miniqic.sys
2009-04-05 21:00 22,016 a------- c:\windows\system32\dllcache\logscrpt.dll
2009-04-05 20:59 18,432 a------- c:\windows\system32\dllcache\jupiw.dll
2009-04-05 20:58 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-04-05 20:57 9,759 a------- c:\windows\system32\dllcache\hsf_inst.dll
2009-04-05 20:56 2,688 a------- c:\windows\system32\dllcache\hidswvd.sys
2009-04-05 20:55 43,520 a------- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-04-05 20:54 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-04-05 20:53 26,698 a------- c:\windows\system32\dllcache\dlh5xnd5.sys
2009-04-05 20:52 27,648 a------- c:\windows\system32\dllcache\cyyports.dll
2009-04-05 20:51 164,923 a------- c:\windows\system32\dllcache\diapi2.sys
2009-04-05 20:50 26,624 a------- c:\windows\system32\dllcache\ativxbar.sys
2009-04-05 20:48 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-04-05 20:48 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-04-05 20:48 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-04-05 20:48 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-04-05 20:48 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-04-05 20:48 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-04-05 20:48 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-04-05 20:48 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-05 20:48 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-04-05 19:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 19:05 <DIR> --d----- c:\docume~1\martha\applic~1\Malwarebytes
2009-04-05 19:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-05 19:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 19:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 19:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-04 10:15 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-04 10:15 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-04-04 10:14 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-04 10:14 21,504 a------- c:\windows\system32\dllcache\hidserv.dll

==================== Find3M ====================

2009-03-26 19:22 5,642 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 00:20 88,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-11 20:06 88 ---shr-- c:\windows\system32\9010A9547F.sys

============= FINISH: 16:33:16.89 ===============

Attached Files


Edited by CajunBadger, 06 April 2009 - 06:00 PM.

BC AdBot (Login to Remove)

 

#2 CajunBadger

CajunBadger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:09:23 AM

Posted 06 April 2009 - 04:47 PM

And in case needed, here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:04 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
E:\HiJackThis v2.0.2\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Piracy] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /piracy
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKLM\..\Policies\Explorer\Run: [ir6anYTRGr] C:\Documents and Settings\All Users\Application Data\bcjalolo\pmtkdudi.exe
O4 - HKCU\..\Policies\Explorer\Run: [ir6anYTRGr] C:\Documents and Settings\All Users\Application Data\bcjalolo\pmtkdudi.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O21 - SSODL: AplMsg - {1807CA87-9E0B-A5AE-27A0-07D40EECA5ED} - C:\Program Files\fvzvohf\AplMsg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13943 bytes

#3 CajunBadger

CajunBadger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:09:23 AM

Posted 07 April 2009 - 02:55 PM

I rescanned with Housecall, Comodo, MBAM, and Ad-Aware SE and all was clean.

Per recommendations when looking at the results from auto analyzers, I fixed the "empty file/missing file" listings:
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
O21 - SSODL: AplMsg - {1807CA87-9E0B-A5AE-27A0-07D40EECA5ED} - C:\Program Files\fvzvohf\AplMsg.dll (file missing)

I also fixed the line O4 - HKCU\..\Policies\Explorer\Run: [ir6anYTRGr] C:\Documents and Settings\All Users\Application Data\bcjalolo\pmtkdudi.exe as it referenced a missing executable (folder bcjalolo was empty and couldn't find pmtkdudi.exe).

Finally, ctfmon.exe still was giving me a warning that it might be a coolwebsearch parasite variant, but I just don't believe this to be the case, unless you all think there is a possibility. In which case I'll follow what instruction necessary to make sure it's clean.

Again thank you for any information on whether I've resolved all that had been on the system (and had forgotten, Internet Antivirus was had to be cleaned off).


This leaves me with the latest DDS logfile:


DDS (Ver_09-03-16.01) - NTFSx86
Run by martha at 14:38:48.04 on Tue 04/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.431 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated)
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\martha\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [<NO NAME>]
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
uExplorerRun: [ir6anYTRGr] c:\documents and settings\all users\application data\bcjalolo\pmtkdudi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-7 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-6 110992]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-6 700152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]

=============== Created Last 30 ================

2009-04-07 14:01 7,680 a--sh--- c:\windows\Thumbs.db
2009-04-07 12:35 74,703 a------- c:\windows\system32\mfc45.dll
2009-04-07 12:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-04-07 09:44 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-07 07:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-07 07:27 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-07 07:26 <DIR> --d----- c:\program files\Lavasoft
2009-04-06 18:36 <DIR> --d----- c:\documents and settings\martha\.housecall6.6
2009-04-06 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-06 15:45 155,384 a------- c:\windows\system32\guard32.dll
2009-04-06 15:45 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-06 15:45 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-06 15:45 <DIR> --d----- c:\program files\COMODO
2009-04-06 15:30 <DIR> --d----- c:\program files\CCleaner
2009-04-06 15:08 <DIR> --d----- c:\documents and settings\martha\Incomplete
2009-04-06 15:08 <DIR> --d----- c:\docume~1\martha\applic~1\LimeWire Music
2009-04-06 06:57 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-05 22:01 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-05 21:59 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-05 21:59 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-05 21:59 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-05 21:59 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-05 21:59 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-05 21:59 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-05 21:59 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-05 21:50 <DIR> --d----- C:\Backups
2009-04-05 21:18 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-04-05 21:18 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-04-05 21:18 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-04-05 21:18 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-04-05 21:18 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-04-05 21:18 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-04-05 21:18 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-04-05 21:18 221,184 a------- c:\windows\system32\dllcache\wmpns.dll
2009-04-05 21:18 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-04-05 21:16 19,016 a------- c:\windows\system32\dllcache\w926nd.sys
2009-04-05 21:15 794,399 a------- c:\windows\system32\dllcache\usr1806v.sys
2009-04-05 21:14 211,968 a------- c:\windows\system32\dllcache\um54scan.dll
2009-04-05 21:13 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys
2009-04-05 21:12 3,968 a------- c:\windows\system32\dllcache\swusbflt.sys
2009-04-05 21:11 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-04-05 21:10 33,792 a------- c:\windows\system32\dllcache\smb0w.dll
2009-04-05 21:09 161,568 a------- c:\windows\system32\dllcache\sgsmusb.sys
2009-04-05 21:08 75,392 a------- c:\windows\system32\dllcache\s3savmxm.sys
2009-04-05 21:07 30,720 a------- c:\windows\system32\dllcache\rthwcls.sys
2009-04-05 21:06 159,232 a------- c:\windows\system32\dllcache\ptpusd.dll
2009-04-05 21:05 86,016 a------- c:\windows\system32\dllcache\pctspk.exe
2009-04-05 21:04 25,088 a------- c:\windows\system32\dllcache\ovca.sys
2009-04-05 21:03 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-04-05 21:02 19,968 a------- c:\windows\system32\dllcache\mxnic.sys
2009-04-05 21:01 6,528 a------- c:\windows\system32\dllcache\miniqic.sys
2009-04-05 21:00 22,016 a------- c:\windows\system32\dllcache\logscrpt.dll
2009-04-05 20:59 18,432 a------- c:\windows\system32\dllcache\jupiw.dll
2009-04-05 20:58 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-04-05 20:57 9,759 a------- c:\windows\system32\dllcache\hsf_inst.dll
2009-04-05 20:56 2,688 a------- c:\windows\system32\dllcache\hidswvd.sys
2009-04-05 20:55 43,520 a------- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-04-05 20:54 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-04-05 20:53 26,698 a------- c:\windows\system32\dllcache\dlh5xnd5.sys
2009-04-05 20:52 27,648 a------- c:\windows\system32\dllcache\cyyports.dll
2009-04-05 20:51 164,923 a------- c:\windows\system32\dllcache\diapi2.sys
2009-04-05 20:50 26,624 a------- c:\windows\system32\dllcache\ativxbar.sys
2009-04-05 20:48 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-04-05 20:48 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-04-05 20:48 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-04-05 20:48 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-04-05 20:48 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-04-05 20:48 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-04-05 20:48 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-04-05 20:48 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-05 20:48 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-04-05 19:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 19:05 <DIR> --d----- c:\docume~1\martha\applic~1\Malwarebytes
2009-04-05 19:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 19:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-04 10:15 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-04 10:15 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-04-04 10:14 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-04 10:14 21,504 a------- c:\windows\system32\dllcache\hidserv.dll

==================== Find3M ====================

2009-03-26 19:22 5,642 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 00:20 88,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-11 20:06 88 ---shr-- c:\windows\system32\9010A9547F.sys

============= FINISH: 14:39:41.98 ===============

Attached Files


#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:23 AM

Posted 18 April 2009 - 12:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 CajunBadger

CajunBadger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:09:23 AM

Posted 19 April 2009 - 09:19 AM

Thanks and I understand how busy things can be! You can close this out - I returned the laptop. After cleaning it up, I re-ran it through a set of scanners and checked out the HijackThis log with the auto analyzers (I know not as good as having an expert view it, but...) and it appears clean. Again thanks!

#6 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:23 AM

Posted 19 April 2009 - 11:46 AM

Thanks for informing us what you have done.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·