Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

overclick.cn redirects google, etc.


  • This topic is locked This topic is locked
2 replies to this topic

#1 netnurse

netnurse

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 24 June 2009 - 09:41 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Lois at 21:32:22.23 on Wed 06/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1368 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\System32\igfxpers.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lois\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\WinTV\WinTV2K.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Lois\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lois\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\lois\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\sony handheld\HOTSYNC.EXE
StartupFolder: c:\docume~1\lois\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228603150687
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228614153234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - - No File
LSA: Notification Packages = scecli c:\windows\system32\wofiyiri.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-30 201320]
R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2009-1-1 10240]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-11-13 439616]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-30 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-5-30 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-30 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-30 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-30 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-30 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-30 40488]
R3 NuVision;Hauppauge WinTV USB Pro (NTSC);c:\windows\system32\drivers\Nuvision.sys [2008-12-6 260144]

=============== Created Last 30 ================

2009-06-24 21:06 <DIR> --d----- C:\Backup
2009-06-24 18:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 18:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 18:26 <DIR> --d----- c:\program files\Promosoft Corporation
2009-06-24 18:04 <DIR> --d----- c:\program files\CCleaner
2009-06-23 19:04 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\RegCure
2009-06-22 11:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\95188426
2009-06-22 11:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\15178434
2009-06-20 23:51 <DIR> --d----- c:\program files\Bonjour
2009-06-13 08:21 170,456 a------- c:\windows\hpqins00.dat
2009-06-10 18:09 <DIR> --d----- c:\program files\T-Mobile Shadow User Manual
2009-05-30 08:33 12,177 a------- c:\windows\system32\Config.MPF
2009-05-30 08:32 143,360 a------- c:\windows\system32\dunzip32.dll
2009-05-30 08:24 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-30 08:24 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-30 08:24 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-30 08:24 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-30 08:24 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-30 08:24 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-30 08:24 <DIR> --d----- c:\program files\McAfee.com
2009-05-30 08:23 <DIR> --d----- c:\program files\McAfee
2009-05-30 06:55 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-30 06:54 <DIR> --d----- c:\program files\AdwareAlert
2009-05-30 06:54 <DIR> --d----- c:\docume~1\lois\applic~1\AdwareAlert
2009-05-29 23:28 <DIR> -cd----- c:\docume~1\alluse~1.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-29 23:28 <DIR> --d----- c:\program files\Lavasoft
2009-05-29 22:34 <DIR> --d----- c:\docume~1\lois\applic~1\Malwarebytes
2009-05-29 22:33 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-29 22:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 21:59 <DIR> --d----- c:\windows\system32\lowsec
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 17:35 170,890 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2006-11-20 19:54 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 21:36:06.29 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:45 PM

Posted 28 June 2009 - 09:00 PM

Hello netnurse,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:45 PM

Posted 06 July 2009 - 06:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users