Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with .Vundo or Virtumonde virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 nlakhia

nlakhia

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 20 June 2009 - 06:25 PM

My computer has been running slow and my Symantec virus scan has removed the viruses numerous times, only to have the computer run slow again. The DDS file is as follows:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Neelay Comp at 19:02:06.78 on Sat 06/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.315 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\DOCUME~1\NEELAY~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Documents and Settings\Neelay Comp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neelay Comp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6EE5FFA6-37D6-49C2-9C57-433CEB2523B4} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AWMON] "c:\progra~1\lavasoft\ad-awa~1\Ad-Watch.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6028\SiteAdv.exe
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D74E66F8-7782-4ECF-9C06-5BB05AAC3ABE} = 66.174.95.44 66.174.92.14
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: efcYSMfg - efcYSMfg.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neelay~1\applic~1\mozilla\firefox\profiles\cbeawmha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=634471&p=
FF - component: c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\DealioToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\neelay comp\application data\mozilla\firefox\profiles\cbeawmha.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\neelay comp\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {55B8579D-606B-4880-ADF6-A72284FCF63A} - c:\documents and settings\neelay comp\local settings\application data\{55b8579d-606b-4880-adf6-a72284fcf63a}\

---- FIREFOX POLICIES ----
user_pref('network.proxy.ftp', ''); user_pref('network.proxy.ftp_port', 80); user_pref('network.proxy.gopher', ''); user_pref('network.proxy.gopher_port', 80); user_pref('network.proxy.http', ''); user_pref('network.proxy.http_port', 80); user_pref('network.proxy.socks', ''); user_pref('network.proxy.socks_port', 80); user_pref('network.proxy.ssl', ''); user_pref('network.proxy.ssl_port', 80);
============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-4-9 40840]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-6-30 15172]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-7-29 4224]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-29 10760]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-4-9 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-4-9 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-7-29 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-7-29 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-7-29 4960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2007-5-29 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2009-6-4 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2009-6-4 122368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-9 356920]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-3 24652]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-17 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090616.004\naveng.sys [2009-6-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090616.004\navex15.sys [2009-6-17 876144]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-7-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-7-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-7-18 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-7-18 59520]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-7-29 821856]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-7-29 27776]
S1 fdcc;fdcc;c:\windows\system32\drivers\fdcc.sys --> c:\windows\system32\drivers\fdcc.sys [?]
S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-7-29 418816]
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2009-3-4 225375]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-3-4 245760]
S3 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2009-3-4 106496]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2009-3-4 23296]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-6-6 116928]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-9 1079176]

=============== Created Last 30 ================

2009-06-18 12:47 <DIR> --d----- C:\VundoFix Backups
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\scripting
2009-06-17 18:51 <DIR> --d----- c:\windows\l2schemas
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\en
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\bits
2009-06-17 18:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-17 18:34 <DIR> --d----- c:\windows\network diagnostic
2009-06-17 17:47 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-06-17 17:47 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-06-17 17:47 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-06-17 17:47 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-06-17 17:47 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-06-17 17:47 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-17 17:47 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-17 17:47 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-17 17:47 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-06-17 17:47 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-06-17 17:38 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-17 17:38 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-17 17:38 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 01:09 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-16 19:53 40 a------- c:\windows\system32\profile.dat
2009-06-16 19:47 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 19:47 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-16 19:47 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 19:47 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 19:43 <DIR> --d----- c:\program files\Symantec
2009-06-16 19:41 <DIR> --d----- c:\program files\Symantec Client Security
2009-06-16 19:41 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-16 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-16 19:37 170,160 a------- c:\windows\system32\Cliutils.exe
2009-06-16 19:37 28,176 a------- c:\windows\system32\ismif32.exe
2009-06-16 19:37 12,128 a------- c:\windows\ismif32.dll
2009-06-16 19:37 <DIR> --d----- c:\program files\current profile updates
2009-06-16 19:37 <DIR> --d----- C:\FIDELITY
2009-06-05 19:27 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Search Settings
2009-06-05 19:24 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Dealio
2009-06-05 17:53 0 a---h--- c:\windows\SwSys2.bmp
2009-06-05 17:53 0 a---h--- c:\windows\SwSys1.bmp
2009-06-05 17:53 <DIR> --d----- c:\program files\Search Settings
2009-06-05 17:53 <DIR> --d----- c:\program files\Dealio Toolbar
2009-06-05 17:52 <DIR> --d----- c:\program files\Blubster
2009-05-28 18:12 <DIR> --d----- c:\program files\iPod 2 iPod
2009-05-28 17:48 <DIR> --d----- c:\program files\Pod to PC
2009-05-28 17:45 <DIR> --d----- c:\program files\iPod Copier 1.0
2009-05-28 17:39 <DIR> --d----- c:\program files\Daniusoft
2009-05-28 17:18 <DIR> --d----- c:\docume~1\neelay~1\applic~1\iCloner
2009-05-28 17:18 <DIR> --d----- c:\docume~1\neelay~1\applic~1\CopyTrans
2009-05-28 17:16 <DIR> --d----- c:\program files\WindSolutions
2009-05-28 17:16 <DIR> --d----- c:\docume~1\neelay~1\applic~1\WindSolutions
2009-05-28 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WindSolutions

==================== Find3M ====================

2009-06-17 19:08 89,787 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-27 22:21 313,663 a------- c:\windows\system32\rn.tmp
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2008-05-29 21:37 256 a------- c:\documents and settings\neelay comp\pool.bin

============= FINISH: 19:03:37.21 ===============











also attached is the other log file generated by the program. Thanks for any help on this.

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 26 June 2009 - 02:52 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 nlakhia

nlakhia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 26 June 2009 - 02:14 PM

Here is the DDS log (just ran the scan):


DDS (Ver_09-05-14.01) - NTFSx86
Run by Neelay Comp at 15:09:00.90 on Fri 06/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.292 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\NEELAY~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Documents and Settings\Neelay Comp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\Blubster\BGCheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neelay Comp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 163.17.171.2:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6EE5FFA6-37D6-49C2-9C57-433CEB2523B4} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AWMON] "c:\progra~1\lavasoft\ad-awa~1\Ad-Watch.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6028\SiteAdv.exe
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: efcYSMfg - efcYSMfg.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neelay~1\applic~1\mozilla\firefox\profiles\cbeawmha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=634471&p=
FF - component: c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\DealioToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\neelay comp\application

data\mozilla\firefox\profiles\cbeawmha.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\neelay comp\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {55B8579D-606B-4880-ADF6-A72284FCF63A} - c:\documents and settings\neelay comp\local settings\application

data\{55b8579d-606b-4880-adf6-a72284fcf63a}\

---- FIREFOX POLICIES ----
user_pref('network.proxy.ftp', ''); user_pref('network.proxy.ftp_port', 80); user_pref('network.proxy.gopher', ''); user_pref('network.proxy.gopher_port',

80); user_pref('network.proxy.http', ''); user_pref('network.proxy.http_port', 80); user_pref('network.proxy.socks', ''); user_pref('network.proxy.socks_port',

80); user_pref('network.proxy.ssl', ''); user_pref('network.proxy.ssl_port', 80);
============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-4-9 40840]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-6-30 15172]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-7-29 4224]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-29 10760]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-4-9 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-4-9 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-7-29 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-7-29 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-7-29 4960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2007-5-29 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2009-6-4 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2009-6-4 122368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-9 356920]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-3 24652]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-17 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\naveng.sys [2009-6-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\navex15.sys [2009-6-23 876144]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-7-29 821856]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-7-29 27776]
S1 fdcc;fdcc;c:\windows\system32\drivers\fdcc.sys --> c:\windows\system32\drivers\fdcc.sys [?]
S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-7-29 418816]
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2009-3-4 225375]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-3-4 245760]
S3 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2009-3-4 106496]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2009-3-4 23296]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-7-18 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-7-18 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-7-18 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-7-18 59520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-6-6 116928]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-9 1079176]

=============== Created Last 30 ================

2009-06-25 22:48 67,884 a---h--- c:\windows\system32\mlfcache.dat
2009-06-18 12:47 <DIR> --d----- C:\VundoFix Backups
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\scripting
2009-06-17 18:51 <DIR> --d----- c:\windows\l2schemas
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\en
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\bits
2009-06-17 18:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-17 18:34 <DIR> --d----- c:\windows\network diagnostic
2009-06-17 17:47 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-06-17 17:47 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-06-17 17:47 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-06-17 17:47 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-06-17 17:47 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-06-17 17:47 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-17 17:47 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-17 17:47 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-17 17:47 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-06-17 17:47 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-06-17 17:38 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-17 17:38 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-17 17:38 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 01:09 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-16 19:53 40 a------- c:\windows\system32\profile.dat
2009-06-16 19:47 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 19:47 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-16 19:47 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 19:47 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 19:43 <DIR> --d----- c:\program files\Symantec
2009-06-16 19:41 <DIR> --d----- c:\program files\Symantec Client Security
2009-06-16 19:41 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-16 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-16 19:37 170,160 a------- c:\windows\system32\Cliutils.exe
2009-06-16 19:37 28,176 a------- c:\windows\system32\ismif32.exe
2009-06-16 19:37 12,128 a------- c:\windows\ismif32.dll
2009-06-16 19:37 <DIR> --d----- c:\program files\current profile updates
2009-06-16 19:37 <DIR> --d----- C:\FIDELITY
2009-06-05 19:27 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Search Settings
2009-06-05 19:24 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Dealio
2009-06-05 17:53 0 a---h--- c:\windows\SwSys2.bmp
2009-06-05 17:53 0 a---h--- c:\windows\SwSys1.bmp
2009-06-05 17:53 <DIR> --d----- c:\program files\Search Settings
2009-06-05 17:53 <DIR> --d----- c:\program files\Dealio Toolbar
2009-06-05 17:52 <DIR> --d----- c:\program files\Blubster
2009-05-28 18:12 <DIR> --d----- c:\program files\iPod 2 iPod
2009-05-28 17:48 <DIR> --d----- c:\program files\Pod to PC
2009-05-28 17:45 <DIR> --d----- c:\program files\iPod Copier 1.0
2009-05-28 17:39 <DIR> --d----- c:\program files\Daniusoft
2009-05-28 17:18 <DIR> --d----- c:\docume~1\neelay~1\applic~1\iCloner
2009-05-28 17:18 <DIR> --d----- c:\docume~1\neelay~1\applic~1\CopyTrans
2009-05-28 17:16 <DIR> --d----- c:\program files\WindSolutions
2009-05-28 17:16 <DIR> --d----- c:\docume~1\neelay~1\applic~1\WindSolutions
2009-05-28 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WindSolutions

==================== Find3M ====================

2009-06-17 19:08 89,787 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-27 22:21 313,663 a------- c:\windows\system32\rn.tmp
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-05-29 21:37 256 a------- c:\documents and settings\neelay comp\pool.bin

============= FINISH: 15:11:11.46 ===============



Attached is the other notepad.

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 27 June 2009 - 12:54 PM

Hello.

You have way too many anti-virus softwares installed.

Multiple Anti-Virus/Firewall programs installed.

I see that you are running more than one antivirus program. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.

Please uninstall them until you are only running one antivirus using Add/Remove Programs.

AVG 7.5.557
McAfee VirusScan
Symantec AntiVirus Corporate Edition


^^Uninstall two of those above. I suggest you uninstall AVG since it's outdated.

Symantec Client Firewall
COMODO Firewall Pro


^^Uninstall one firewall above.

Then, run malwarebytes.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Take a new DDs run afterwards and post back with the log.

Thanks.

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 nlakhia

nlakhia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 27 June 2009 - 03:59 PM

Thank you for your advice/quick reply.

First, the MBAM log:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

6/27/2009 4:54:43 PM
mbam-log-2009-06-27 (16-54-43).txt

Scan type: Quick Scan
Objects scanned: 62360
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









Next, the updated DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Neelay Comp at 16:55:15.23 on Sat 06/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.235 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\DOCUME~1\NEELAY~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Neelay Comp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neelay Comp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 163.17.171.2:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6EE5FFA6-37D6-49C2-9C57-433CEB2523B4} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AWMON] "c:\progra~1\lavasoft\ad-awa~1\Ad-Watch.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6028\SiteAdv.exe
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: efcYSMfg - efcYSMfg.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neelay~1\applic~1\mozilla\firefox\profiles\cbeawmha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=634471&p=
FF - component: c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\DealioToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\neelay comp\application

data\mozilla\firefox\profiles\cbeawmha.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\neelay comp\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {55B8579D-606B-4880-ADF6-A72284FCF63A} - c:\documents and settings\neelay comp\local settings\application

data\{55b8579d-606b-4880-adf6-a72284fcf63a}\

---- FIREFOX POLICIES ----
user_pref('network.proxy.ftp', ''); user_pref('network.proxy.ftp_port', 80); user_pref('network.proxy.gopher', ''); user_pref('network.proxy.gopher_port',

80); user_pref('network.proxy.http', ''); user_pref('network.proxy.http_port', 80); user_pref('network.proxy.socks', ''); user_pref('network.proxy.socks_port',

80); user_pref('network.proxy.ssl', ''); user_pref('network.proxy.ssl_port', 80);
============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-4-9 40840]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-6-30 15172]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-4-9 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-4-9 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2007-5-29 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2009-6-4 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2009-6-4 122368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-9 356920]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-3 24652]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-17 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\naveng.sys [2009-6-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\navex15.sys [2009-6-23 876144]
S1 fdcc;fdcc;c:\windows\system32\drivers\fdcc.sys --> c:\windows\system32\drivers\fdcc.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-3-4 245760]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-7-18 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-7-18 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-7-18 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-7-18 59520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-6-6 116928]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-9 1079176]

=============== Created Last 30 ================

2009-06-25 22:48 67,884 a---h--- c:\windows\system32\mlfcache.dat
2009-06-18 12:47 <DIR> --d----- C:\VundoFix Backups
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\scripting
2009-06-17 18:51 <DIR> --d----- c:\windows\l2schemas
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\en
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\bits
2009-06-17 18:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-17 18:34 <DIR> --d----- c:\windows\network diagnostic
2009-06-17 17:47 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-06-17 17:47 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-06-17 17:47 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-06-17 17:47 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-06-17 17:47 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-06-17 17:47 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-17 17:47 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-17 17:47 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-17 17:47 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-06-17 17:47 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-06-17 17:38 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-17 17:38 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-17 17:38 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 01:09 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-16 19:53 40 a------- c:\windows\system32\profile.dat
2009-06-16 19:47 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 19:47 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-16 19:47 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 19:47 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 19:43 <DIR> --d----- c:\program files\Symantec
2009-06-16 19:41 <DIR> --d----- c:\program files\Symantec Client Security
2009-06-16 19:41 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-16 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-16 19:37 170,160 a------- c:\windows\system32\Cliutils.exe
2009-06-16 19:37 28,176 a------- c:\windows\system32\ismif32.exe
2009-06-16 19:37 12,128 a------- c:\windows\ismif32.dll
2009-06-16 19:37 <DIR> --d----- c:\program files\current profile updates
2009-06-16 19:37 <DIR> --d----- C:\FIDELITY
2009-06-05 19:27 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Search Settings
2009-06-05 19:24 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Dealio
2009-06-05 17:53 0 a---h--- c:\windows\SwSys2.bmp
2009-06-05 17:53 0 a---h--- c:\windows\SwSys1.bmp
2009-06-05 17:53 <DIR> --d----- c:\program files\Search Settings
2009-06-05 17:53 <DIR> --d----- c:\program files\Dealio Toolbar
2009-06-05 17:52 <DIR> --d----- c:\program files\Blubster
2009-05-28 18:12 <DIR> --d----- c:\program files\iPod 2 iPod
2009-05-28 17:48 <DIR> --d----- c:\program files\Pod to PC
2009-05-28 17:45 <DIR> --d----- c:\program files\iPod Copier 1.0
2009-05-28 17:39 <DIR> --d----- c:\program files\Daniusoft
2009-05-28 17:18 <DIR> --d----- c:\docume~1\neelay~1\applic~1\iCloner
2009-05-28 17:18 <DIR> --d----- c:\docume~1\neelay~1\applic~1\CopyTrans
2009-05-28 17:16 <DIR> --d----- c:\program files\WindSolutions
2009-05-28 17:16 <DIR> --d----- c:\docume~1\neelay~1\applic~1\WindSolutions
2009-05-28 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WindSolutions

==================== Find3M ====================

2009-06-17 19:08 89,787 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-27 22:21 313,663 a------- c:\windows\system32\rn.tmp
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-05-29 21:37 256 a------- c:\documents and settings\neelay comp\pool.bin

============= FINISH: 16:56:40.87 ===============



Finally, the Attach notepad is attached. Please advice further when you can. Thanks again.

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 27 June 2009 - 07:04 PM

Hello.

I see McAfee still installed in the uninstalled list. Please uninstall the program. Also, I see this in the uninstall list:

RP432: 6/27/2009 3:59:06 PM - Removed AVG 7.5
RP433: 6/27/2009 4:00:19 PM - Installed AVG 7.5

It looks like you removed AVG, but then you installed it again. Please uninstall it if it's installed.

Then, please run Goored and Combofix.

Download and Run GooredFix
  • Please download Goored.exe to your desktop.
  • Double click Goored.exe to run the program. If you are using Windows Vista, right click the icon and select "Run as Administrator".
  • Type 2 followed by Enter.
  • It will begin to fix.
  • A logfile will open shortly. Post back with it in your next reply.
Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 nlakhia

nlakhia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 27 June 2009 - 09:35 PM

I uninstalled AVG so I'm not sure why it is showing up. I just deleted Mcafee Security Center, which was left even though I had deleted Mcafee Virus Scan. Here is the Goored log:



GooredFix v1.92 by jpshortstuff
Log created at 21:48 on 27/06/2009 running Option #2 (Neelay Comp)
Firefox version 3.0.6 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{55B8579D-606B-4880-ADF6-A72284FCF63A}"="C:\Documents and Settings\Neelay Comp\Local Settings\Application Data\{55B8579D-606B-4880-ADF6-A72284FCF63A}\"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Neelay Comp\Local Settings\Application Data\{55B8579D-606B-4880-ADF6-A72284FCF63A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"



And here is the ComboFix log:

ComboFix 09-06-26.02 - Neelay Comp 06/27/2009 22:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.332 [GMT -4:00]
Running from: c:\documents and settings\Neelay Comp\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\DIV55
c:\windows\kb913800.exe
c:\windows\system32\AbayGfhk.ini
c:\windows\system32\bin
c:\windows\system32\dv
c:\windows\system32\ki3
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\system32\YyFPAcfe.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 01:44 . 2009-06-28 01:44 -------- d-----w- c:\windows\LastGood
2009-06-27 20:00 . 2009-06-27 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-26 02:48 . 2009-06-26 02:48 67884 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-25 19:46 . 2009-06-25 19:46 -------- d-----w- c:\program files\Safari
2009-06-18 16:47 . 2009-06-18 16:47 -------- d-----w- C:\VundoFix Backups
2009-06-17 22:51 . 2009-06-17 22:51 -------- d-----w- c:\windows\system32\scripting
2009-06-17 22:51 . 2009-06-17 22:51 -------- d-----w- c:\windows\l2schemas
2009-06-17 22:51 . 2009-06-17 22:51 -------- d-----w- c:\windows\system32\en
2009-06-17 22:51 . 2009-06-17 22:51 -------- d-----w- c:\windows\system32\bits
2009-06-17 22:40 . 2009-06-17 22:53 -------- d-----w- c:\windows\ServicePackFiles
2009-06-17 21:47 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-06-17 21:47 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-06-17 21:47 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-06-17 21:47 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-17 21:47 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-06-17 21:47 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-17 21:47 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-17 21:47 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-17 21:47 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-06-17 21:47 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-06-17 21:38 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-17 21:38 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-17 05:09 . 2009-06-17 05:09 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-17 00:02 . 2009-06-17 00:02 -------- d-----w- c:\documents and settings\Neelay Comp\Local Settings\Application Data\Symantec
2009-06-16 23:53 . 2009-06-16 23:53 40 ----a-w- c:\windows\system32\profile.dat
2009-06-16 23:47 . 2009-06-16 23:49 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-16 23:47 . 2009-06-16 23:49 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 23:43 . 2009-06-16 23:49 -------- d-----w- c:\program files\Symantec
2009-06-16 23:41 . 2009-06-23 23:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-16 23:41 . 2009-06-16 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-16 23:41 . 2009-06-16 23:41 -------- d-----w- c:\program files\Symantec Client Security
2009-06-16 23:37 . 1999-02-18 02:32 170160 ----a-w- c:\windows\system32\Cliutils.exe
2009-06-16 23:37 . 2009-06-16 23:37 -------- d-----w- c:\program files\current profile updates
2009-06-16 23:37 . 2000-04-15 09:00 12128 ----a-w- c:\windows\ismif32.dll
2009-06-16 23:37 . 1998-02-25 01:12 28176 ----a-w- c:\windows\system32\ismif32.exe
2009-06-16 23:37 . 2009-06-16 23:37 -------- d-----w- C:\FIDELITY
2009-06-08 19:12 . 2009-06-08 19:12 69632 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-05 23:27 . 2009-06-05 23:27 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\Search Settings
2009-06-05 23:24 . 2009-06-05 23:24 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\Dealio
2009-06-05 21:53 . 2009-06-05 21:53 -------- d-----w- c:\program files\Search Settings
2009-06-05 21:53 . 2009-06-05 21:53 -------- d-----w- c:\program files\Dealio Toolbar
2009-06-05 21:52 . 2009-06-27 20:11 -------- d-----w- c:\program files\Blubster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 02:09 . 2007-07-29 04:14 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\SiteAdvisor
2009-06-28 01:36 . 2007-01-08 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-06-25 19:47 . 2009-02-26 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-25 19:47 . 2009-04-21 01:18 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\Apple Computer
2009-06-19 17:56 . 2007-01-08 22:16 90360 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 20:43 . 2008-07-18 16:39 -------- d-----w- c:\program files\Verizon Wireless
2009-06-17 23:08 . 2005-08-16 10:41 89787 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-16 23:49 . 2009-06-16 23:47 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 23:49 . 2009-06-16 23:47 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 02:10 . 2007-01-15 18:31 -------- d-----w- c:\program files\Dl_cats
2009-06-06 00:08 . 2007-01-08 22:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 21:36 . 2009-04-10 00:11 -------- d-----w- c:\program files\Spyware Doctor
2009-05-30 16:03 . 2009-02-22 03:11 -------- d-----w- c:\program files\Registry Easy
2009-05-28 22:31 . 2009-05-28 21:45 -------- d-----w- c:\program files\iPod Copier 1.0
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\iPod 2 iPod
2009-05-28 21:49 . 2009-05-28 21:48 -------- d-----w- c:\program files\Pod to PC
2009-05-28 21:39 . 2009-05-28 21:39 -------- d-----w- c:\program files\Daniusoft
2009-05-28 21:18 . 2009-05-28 21:18 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\iCloner
2009-05-28 21:18 . 2009-05-28 21:18 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\CopyTrans
2009-05-28 21:16 . 2009-05-28 21:16 -------- d-----w- c:\program files\WindSolutions
2009-05-28 21:16 . 2009-05-28 21:16 -------- d-----w- c:\documents and settings\Neelay Comp\Application Data\WindSolutions
2009-05-28 21:16 . 2009-05-28 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-05-20 02:08 . 2007-01-12 04:53 -------- d-----w- c:\program files\AIM6
2009-05-20 02:02 . 2007-01-08 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-20 02:02 . 2009-05-20 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-20 02:02 . 2007-01-08 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-20 02:01 . 2007-01-12 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 02:21 . 2009-04-28 02:21 313663 ----a-w- c:\windows\system32\rn.tmp
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 08:50 . 2009-04-10 00:11 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-04-10 08:50 . 2009-04-10 00:11 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-04-10 08:50 . 2009-04-10 00:11 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-10 00:09 688128 ----a-w- c:\program files\Dealio Toolbar\DealioToolbarIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [BU]
"SiteAdvisor"="c:\program files\SiteAdvisor\6028\SiteAdv.exe" [BU]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-8 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/30/2008 9:39 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/9/2009 8:11 PM 356920]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/3/2007 1:37 AM 24652]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/17/2009 1:02 AM 101936]
S1 fdcc;fdcc;c:\windows\system32\drivers\fdcc.sys --> c:\windows\system32\drivers\fdcc.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [7/18/2008 12:40 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [7/18/2008 12:40 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [7/18/2008 12:40 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [7/18/2008 12:40 PM 59520]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [6/6/2007 3:24 PM 116928]
.
Contents of the 'Scheduled Tasks' folder

2009-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-816647037-3897237588-2528941949-1006.job
- c:\documents and settings\Neelay Comp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-30 02:40]

2009-05-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-02-22 00:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6EE5FFA6-37D6-49C2-9C57-433CEB2523B4} - (no file)
Notify-efcYSMfg - efcYSMfg.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 163.17.171.2:80
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Neelay Comp\Application Data\Mozilla\Firefox\Profiles\cbeawmha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=634471&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\Neelay Comp\Application Data\Mozilla\Firefox\Profiles\cbeawmha.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Neelay Comp\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.40115.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
user_pref('network.proxy.ftp', ''); user_pref('network.proxy.ftp_port', 80); user_pref('network.proxy.gopher', ''); user_pref('network.proxy.gopher_port', 80); user_pref('network.proxy.http', ''); user_pref('network.proxy.http_port', 80); user_pref('network.proxy.socks', ''); user_pref('network.proxy.socks_port', 80); user_pref('network.proxy.ssl', ''); user_pref('network.proxy.ssl_port', 80); .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 22:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-28 22:29
ComboFix-quarantined-files.txt 2009-06-28 02:29
ComboFix2.txt 2008-12-03 21:28
ComboFix3.txt 2008-11-29 18:51

Pre-Run: 17,822,248,960 bytes free
Post-Run: 17,798,762,496 bytes free

242 --- E O F --- 2009-06-23 23:12

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 28 June 2009 - 10:20 AM

Hello.

Please run a new scan with Malwarebytes using the quickscan option.

Then, please post back with a new DDS log and let me know how your computer is running now? Any more redirects?

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 nlakhia

nlakhia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 28 June 2009 - 07:42 PM

I ran the Malwarebyes scan again as well as the DDS scan. Here are the DDS results (with the one notepad attached):


DDS (Ver_09-05-14.01) - NTFSx86
Run by Neelay Comp at 19:56:15.60 on Sun 06/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.250 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Documents and Settings\Neelay Comp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Neelay Comp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070108
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 163.17.171.2:80
uInternet Settings,ProxyOverride = *.local
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6EE5FFA6-37D6-49C2-9C57-433CEB2523B4} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AWMON] "c:\progra~1\lavasoft\ad-awa~1\Ad-Watch.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6028\SiteAdv.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neelay~1\applic~1\mozilla\firefox\profiles\cbeawmha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=634471&p=
FF - component: c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\DealioToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\neelay comp\application data\mozilla\firefox\profiles\cbeawmha.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\neelay comp\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
user_pref('network.proxy.ftp', ''); user_pref('network.proxy.ftp_port', 80); user_pref('network.proxy.gopher', ''); user_pref('network.proxy.gopher_port', 80); user_pref('network.proxy.http', ''); user_pref('network.proxy.http_port', 80); user_pref('network.proxy.socks', ''); user_pref('network.proxy.socks_port', 80); user_pref('network.proxy.ssl', ''); user_pref('network.proxy.ssl_port', 80);
============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-4-9 40840]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-6-30 15172]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-4-9 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-4-9 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2007-5-29 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-17 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\naveng.sys [2009-6-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\navex15.sys [2009-6-23 876144]
S1 fdcc;fdcc;c:\windows\system32\drivers\fdcc.sys --> c:\windows\system32\drivers\fdcc.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-7-18 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-7-18 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-7-18 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-7-18 59520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-06-27 22:27 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-27 22:16 155,136 a------- c:\windows\PEV.exe
2009-06-27 22:05 0 a------- c:\windows\VPC32.INI
2009-06-25 22:48 67,884 a---h--- c:\windows\system32\mlfcache.dat
2009-06-18 12:47 <DIR> --d----- C:\VundoFix Backups
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\scripting
2009-06-17 18:51 <DIR> --d----- c:\windows\l2schemas
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\en
2009-06-17 18:51 <DIR> --d----- c:\windows\system32\bits
2009-06-17 18:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-17 18:34 <DIR> --d----- c:\windows\network diagnostic
2009-06-17 17:47 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-06-17 17:47 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-06-17 17:47 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-06-17 17:47 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-06-17 17:47 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-06-17 17:47 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-17 17:47 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-17 17:47 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-17 17:47 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-06-17 17:47 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-06-17 17:38 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-17 17:38 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-17 17:38 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 01:09 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-16 19:53 40 a------- c:\windows\system32\profile.dat
2009-06-16 19:47 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 19:47 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-16 19:47 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 19:47 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 19:43 <DIR> --d----- c:\program files\Symantec
2009-06-16 19:41 <DIR> --d----- c:\program files\Symantec Client Security
2009-06-16 19:41 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-16 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-16 19:37 170,160 a------- c:\windows\system32\Cliutils.exe
2009-06-16 19:37 28,176 a------- c:\windows\system32\ismif32.exe
2009-06-16 19:37 12,128 a------- c:\windows\ismif32.dll
2009-06-16 19:37 <DIR> --d----- c:\program files\current profile updates
2009-06-16 19:37 <DIR> --d----- C:\FIDELITY
2009-06-05 19:27 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Search Settings
2009-06-05 19:24 <DIR> --d----- c:\docume~1\neelay~1\applic~1\Dealio
2009-06-05 17:53 0 a---h--- c:\windows\SwSys2.bmp
2009-06-05 17:53 0 a---h--- c:\windows\SwSys1.bmp
2009-06-05 17:53 <DIR> --d----- c:\program files\Search Settings
2009-06-05 17:53 <DIR> --d----- c:\program files\Dealio Toolbar
2009-06-05 17:52 <DIR> --d----- c:\program files\Blubster

==================== Find3M ====================

2009-06-17 19:08 89,787 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-27 22:21 313,663 a------- c:\windows\system32\rn.tmp
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-05-29 21:37 256 a------- c:\documents and settings\neelay comp\pool.bin

============= FINISH: 20:03:42.11 ===============



Malawarebytes did not find anything, but I am still having the same problem. I will be on my browser or working with another program, such as iTunes, and I am keeping track of the CPU usage via Windows Task Manager. All of a sudden at some point, the CPU usage will jump to 100% and stay there. If I hibernate and turn the computer back on, the CPU usage will be low again, and will repeat the same cycle. This leads me to believe there is still something malicious using up the CPU and not an issue with my computer specs. The computer is a Dell Inspiron MXC061 purchased December 2006. Intel CPU (Centrino Duo) with 1.60Ghz processor, 1.0GB RAM.

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 29 June 2009 - 09:47 AM

Hello.

Let's do the following and see if it helps at all. Next time, when you get your CPU usage to 100%, see which process uses the most memory/usage.

Please continue with the folllowing.

Download and Run OTM
  • Please download OTM by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTM3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EE5FFA6-37D6-49C2-9C57-433CEB2523B4}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
    "{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{F8AD5AA5-D966-4667-9DAF-2561D68B2012}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{BA52B914-B692-46c4-B683-905236F6F655}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    :files
    C:\VundoFix Backups
    :commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Update Java to Version 6 Update 14
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Post back with a new DDS log afterwards.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 02 July 2009 - 10:10 AM

Bump
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 nlakhia

nlakhia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 02 July 2009 - 01:16 PM

Sorry for the delay. I have not been able to run the last set of instructions. I will complete this today and post back.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 02 July 2009 - 04:52 PM

Thanks for letting me know :thumbup2:

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 04 July 2009 - 10:53 AM

Is everything okay?

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 08 July 2009 - 01:12 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users