Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help - Possible Virus/Malware Whazit - Browser Hijacker


  • This topic is locked This topic is locked
9 replies to this topic

#1 roro308

roro308

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 27 April 2009 - 07:35 PM

Hi,

I recently had a Trojan Vundo virus on my mom's computer which AVG found and got rid of. The computer was very slow and freezing up. I installed and ran Spybot & Malwarebytes which found many things and removed them. Computer was still slow, so I installed and ran SpyHunter which shows Whazit. I don't want to give personal information on this computer to purchase SpyHunter to get rid of this ( and am not quite sure it will do the trick). I recently ran into another problem where the Java won't load. My mom is addicted to Pogo and Yahoo games and can't get into any of them. It says Java not installed. When I run the Java test, it says Java is up to date and working properly. I've tried uninstalling and reinstalling Java with no luck. A screen appears to add the plug in, but it never does anything and then disappears. Any help you can give me would be greatly appreciated. I need to get my mom's computer working and let her get back to her games. It's the only thing that really occupies her day. She's lost without it. I've posted the DDS files below.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Rosemarie Labriola at 20:20:16.35 on Mon 04/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.172 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\1102085037\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rosemarie Labriola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
BHO: SOFTWARE - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1102085037\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: { - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\rosemarie labriola\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - c:\program files\pokernow\PokerNow.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rosema~1\applic~1\mozilla\firefox\profiles\6uyycucy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-26 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-26 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-26 298264]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2007-3-15 96256]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-04-26 20:19 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-26 10:14 <DIR> --d----- c:\program files\Walmart MP3 Music Downloads
2009-04-25 14:52 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-25 14:52 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-25 14:52 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-25 14:52 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 14:52 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-25 14:52 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-25 14:52 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-25 14:52 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-25 14:52 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-22 20:11 <DIR> --d----- c:\program files\Trend Micro
2009-04-18 20:17 250 a------- c:\windows\gmer.ini
2009-04-18 20:01 3,062 a------- c:\windows\system32\tmp.reg
2009-04-15 19:10 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 19:10 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-04 17:50 <DIR> --dsh--- c:\documents and settings\rosemarie labriola\IECompatCache
2009-04-03 20:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-03 20:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-03 20:44 <DIR> --dsh--- c:\documents and settings\rosemarie labriola\PrivacIE
2009-04-03 20:23 <DIR> --dsh--- c:\documents and settings\rosemarie labriola\IETldCache
2009-04-03 20:16 <DIR> --d----- c:\windows\ie8updates
2009-04-03 20:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-03 20:07 105,984 -------- c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2009-04-26 20:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-03 14:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-03 14:10 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-03 14:10 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:44 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 723,456 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:20 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:20 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 06:20 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 06:20 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 06:20 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 13:22 2,136,064 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 13:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 13:14 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 12:49 2,015,744 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 12:39 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 16:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll
2007-07-18 17:37 44,896 a------- c:\docume~1\rosema~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 20:21:11.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:34 PM

Posted 10 May 2009 - 12:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 roro308

roro308
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 10 May 2009 - 04:28 PM

Hi,

Thanks for getting back to me. I'm still having problems with malware, but have solved the java problem. I originally had a Vundo virus and have since run AVG, malwarebytes and spybot. Last night I ran scans and the malwarebytes found a virus. Unfortunately, I can't remember the name. The one before this one was Whazit. I've posted the new logs below.

Thanks

DDS (Ver_09-03-16.01) - NTFSx86
Run by Rosemarie Labriola at 17:17:17.64 on Sun 05/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.270 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\1102085037\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rosemarie Labriola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
BHO: SOFTWARE - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1102085037\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: { - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\rosemarie labriola\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - c:\program files\pokernow\PokerNow.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rosema~1\applic~1\mozilla\firefox\profiles\6uyycucy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-26 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-26 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-2 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-26 298776]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2007-3-15 96256]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-05-02 21:44 1,022,976 a------- c:\windows\system32\dllcache\browseui.dll
2009-05-02 21:43 413,696 a------- c:\windows\system32\dllcache\vbscript.dll
2009-05-01 17:20 <DIR> --d----- c:\docume~1\rosema~1\applic~1\WeatherBug
2009-05-01 17:20 <DIR> --d----- c:\docume~1\rosema~1\applic~1\Titanium Gears
2009-05-01 17:15 <DIR> --d----- c:\program files\Winferno
2009-05-01 17:15 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-04-26 20:19 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-26 10:14 <DIR> --d----- c:\program files\Walmart MP3 Music Downloads
2009-04-25 14:52 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-25 14:52 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-25 14:52 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-25 14:52 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 14:52 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-25 14:52 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-25 14:52 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-25 14:52 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-25 14:52 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-22 20:11 <DIR> --d----- c:\program files\Trend Micro
2009-04-18 20:17 250 a------- c:\windows\gmer.ini
2009-04-18 20:01 3,062 a------- c:\windows\system32\tmp.reg
2009-04-15 19:10 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb

==================== Find3M ====================

2009-05-02 18:16 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-02 18:16 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 18:15 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-26 20:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-21 10:18 986,112 -------- c:\windows\system32\_002602_.tmp.dll
2009-03-06 10:44 283,648 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:55 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2007-07-18 17:37 44,896 a------- c:\docume~1\rosema~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:17:36.35 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:34 PM

Posted 10 May 2009 - 09:49 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Run Malwarebytes' Anti-Malware and go to the logs tab and open the log for the date and time that you removed the last virus, and post the log here.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 roro308

roro308
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 11 May 2009 - 06:47 PM

I have not done anything with the computer since my last post. Here is the log file you asked for.

Malwarebytes' Anti-Malware 1.36
Database version: 2102
Windows 5.1.2600 Service Pack 2

5/9/2009 8:19:43 PM
mbam-log-2009-05-09 (20-19-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222473
Time elapsed: 1 hour(s), 42 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:34 PM

Posted 11 May 2009 - 08:40 PM

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

After this test out the computer and see if any of the problems have changed. Let me know the results.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 roro308

roro308
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 12 May 2009 - 09:02 AM

I went to install ccleaner, but the version you said to download is not available. The only version is 2.19.901. Should I install that one?

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:34 PM

Posted 12 May 2009 - 10:44 AM

The version number that I mentioned is just the version that started adding the yahoo toolbar. Install the latest version. If you click on the link IM my previous post it will take you to the download link.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 roro308

roro308
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 May 2009 - 01:52 PM

The computer seems to be running OK. You can close the thread, and if I have any additional problems, I'll start a new log. Thanks for the help.

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:34 PM

Posted 15 May 2009 - 11:04 PM

You are welcome.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users