Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log!


  • This topic is locked This topic is locked
18 replies to this topic

#1 boy indian

boy indian

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 28 June 2009 - 05:42 AM

unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\IStray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
C:\Program Files\IObit\IObit Security 360\ISsrv.exe
C:\Program Files\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciBrowser.exe
C:\Program Files\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciBrowser.exe
C:\Program Files\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciBrowser.exe
C:\Program Files\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciBrowser.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Alice ti aiuta\bin\mad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEHelperStub - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AcroIEHelperStub - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IStray.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
O9 - Extra button: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ISservice - Unknown - C:\Program Files\IObit\IObit Security 360\ISsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown - C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe

BC AdBot (Login to Remove)

 


m

#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 AM

Posted 02 July 2009 - 04:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 boy indian

boy indian
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 02 July 2009 - 07:14 AM

i attach the DDS log tnx for the help!!

Attached Files



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:44 PM

Posted 02 July 2009 - 10:53 PM

Hello boy indian,

I have merged your latest topic to your previously existing topic to avoid confusion. Please keep all posts concerning this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics causes confusion for everyone and delays the assistance you receive.

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 boy indian

boy indian
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 03 July 2009 - 12:48 PM

sorry orange blossom for the confusion. Next time I will be more carefull..thank you!!

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 05 July 2009 - 04:53 AM

Hello Boy Indian, please post all DDS logs here. You have already posted Attach.txt, post log.txt too :thumbup2:
Posted Image

#7 boy indian

boy indian
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 06 July 2009 - 11:42 AM

DDS (Ver_09-06-26.01) - FAT32x86
Run by cjjr at 14.02.35,35 on 02/07/2009
Internet Explorer: 6.0.2600.0000 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [AliceRE_McciTrayApp] c:\progra~1\alicet~1\vendors\alicere\content\template\driven~1\syncer\MCCITR~1.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IStray.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso4.cab
DPF: Win32 Classes
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cjjr\applic~1\mozilla\firefox\profiles\rb8ucgzq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\documents and settings\cjjr\application data\mozilla\firefox\profiles\rb8ucgzq.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-01 20:14 <DIR> --dsh--- C:\FOUND.003
2009-06-28 11:44 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-27 16:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-19 18:13 <DIR> --dsh--- C:\FOUND.002
2009-06-14 23:53 <DIR> --d----- c:\program files\ESET
2009-06-14 19:39 <DIR> --dsh--- C:\FOUND.001
2009-06-14 19:21 <DIR> --dsh--- C:\FOUND.000
2009-06-11 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit

==================== Find3M ====================

2009-06-30 21:37 1,632 a------- c:\windows\system32\d3d8caps.dat
2009-04-25 01:47 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-22 13:46 271 ---sh--- c:\program files\desktop.ini
2009-03-22 13:46 23,357 ----h--- c:\program files\folder.htt
2001-07-22 18:04 25 a------- c:\docume~1\alluse~1\applic~1\sneopts.dat

============= FINISH: 14.08.39,48 ===============
Sorry but really I have no idea if this is what your asking...

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 06 July 2009 - 10:12 PM

That was correct log.

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Post Mbam results and a fresh DDS log back here :thumbup2:
Posted Image

#9 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 12 July 2009 - 11:15 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 14 July 2009 - 10:19 PM

Topic is reopened.
Posted Image

#11 boy indian

boy indian
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 15 July 2009 - 12:59 AM

DDS (Ver_09-06-26.01) - NTFSx86
Run by cjjr at 23:00:44.54 on Tue 07/14/2009
Internet Explorer: 6.0.2600.0000 BrowserJavaVersion: 1.6.0_14

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\ypager.exe" -quiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cjjr~1.cjj\applic~1\mozilla\firefox\profiles\87aagc8h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\documents and settings\cjjr.cjjr-sgtgfsxevd\application data\mozilla\firefox\profiles\87aagc8h.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - plugin: c:\documents and settings\cjjr.cjjr-sgtgfsxevd\application data\mozilla\firefox\profiles\87aagc8h.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-14 21:58 0 a---h--- C:\GDELTEMP
2009-07-14 17:36 <DIR> --d----- c:\docume~1\cjjr~1.cjj\applic~1\PCToolsFirewallPlus
2009-07-14 17:24 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-07-14 17:24 93,952 a------- c:\windows\system32\drivers\pctfw.sys
2009-07-14 17:23 58,136 a------- c:\windows\system32\drivers\FWAuthdriver.sys
2009-07-13 20:23 182,880 ac------ c:\windows\system32\dllcache\iuengine.dll
2009-07-13 20:23 182,880 a------- c:\windows\system32\iuengine.dll
2009-07-13 20:21 24,832 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-07-13 20:21 24,832 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-13 19:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-13 19:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-13 17:51 135,040 ac------ c:\windows\system32\dllcache\portcls.sys
2009-07-13 17:51 42,752 ac------ c:\windows\system32\dllcache\stream.sys
2009-07-13 17:51 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-07-13 17:51 135,040 a------- c:\windows\system32\drivers\portcls.sys
2009-07-13 17:51 42,752 a------- c:\windows\system32\drivers\stream.sys
2009-07-13 17:51 4,096 a------- c:\windows\system32\ksuser.dll
2009-07-13 17:51 134,144 ac------ c:\windows\system32\dllcache\ks.sys
2009-07-13 17:51 117,248 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-07-13 17:51 134,144 a------- c:\windows\system32\drivers\ks.sys
2009-07-13 17:51 117,248 a------- c:\windows\system32\ksproxy.ax
2009-07-13 17:51 57,344 ac------ c:\windows\system32\dllcache\drmk.sys
2009-07-13 17:51 57,344 a------- c:\windows\system32\drivers\drmk.sys
2009-07-13 17:48 32 a------- c:\windows\0
2009-07-12 14:25 <DIR> --d----- c:\docume~1\cjjr~1.cjj\applic~1\Malwarebytes
2009-07-12 14:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 14:25 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-12 14:25 18,456 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 14:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 04:30 <DIR> --dsh--- c:\windows\Installer
2009-07-12 04:29 <DIR> --d----- c:\documents and settings\cjjr.CJJR-SGTGFSXEVD
2009-07-12 04:25 150,016 ac------ c:\windows\system32\dllcache\winzm.ime
2009-07-12 04:25 150,016 ac------ c:\windows\system32\dllcache\winsp.ime
2009-07-12 04:25 150,016 ac------ c:\windows\system32\dllcache\winpy.ime
2009-07-12 04:25 62,464 ac------ c:\windows\system32\dllcache\winime.ime
2009-07-12 04:25 75,776 ac------ c:\windows\system32\dllcache\winar30.ime
2009-07-12 04:25 69,120 ac------ c:\windows\system32\dllcache\wingb.ime
2009-07-12 04:23 205,824 ac------ c:\windows\system32\dllcache\EXCH_seo.dll
2009-07-12 04:22 53,248 ac------ c:\windows\system32\dllcache\nextlink.dll
2009-07-12 04:21 20,992 ac------ c:\windows\system32\dllcache\lpdsvc.dll
2009-07-12 04:20 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-07-12 04:19 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-07-12 04:18 218,112 ac------ c:\windows\system32\dllcache\c_g18030.dll
2009-07-12 04:17 70,144 ac------ c:\windows\system32\dllcache\logui.ocx
2009-07-12 04:15 2,577 a------- c:\windows\system32\CONFIG.NT
2009-07-12 04:15 0 a------- c:\windows\control.ini
2009-07-12 04:15 25,065 a------- c:\windows\system32\wmpscheme.xml
2009-07-12 04:15 23,392 a------- c:\windows\system32\nscompat.tlb
2009-07-12 04:15 16,832 a------- c:\windows\system32\amcompat.tlb
2009-07-12 04:15 299,552 a------- c:\windows\WMSysPrx.prx
2009-07-12 04:11 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-07-12 04:10 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-07-12 04:10 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-07-12 04:10 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-12 04:10 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-07-12 04:09 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-12 04:09 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-07-12 04:09 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-07-12 04:09 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-07-12 04:09 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-07-12 04:09 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-07-12 04:08 794,686 ac------ c:\windows\system32\dllcache\srchui.dll
2009-07-12 04:08 106,562 ac------ c:\windows\system32\dllcache\srchctls.dll
2009-07-12 04:08 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-07-12 04:08 3,346,432 ac------ c:\windows\system32\dllcache\msgr3en.dll
2009-07-12 04:08 <DIR> --d----- c:\windows\srchasst
2009-07-12 04:08 <DIR> --d----- c:\windows\system32\DirectX
2009-07-12 04:08 405,504 ac------ c:\windows\system32\dllcache\swflash.ocx
2009-07-11 20:49 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-07-11 20:37 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-07-11 20:37 <DIR> --d----- c:\program files\Avira
2009-07-11 20:24 <DIR> --d----- c:\docume~1\cjjr~1.cjj\applic~1\GlarySoft
2009-07-11 20:13 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-07-11 20:12 <DIR> --d----- c:\program files\AskSearch
2009-07-11 20:12 <DIR> --d----- c:\program files\AskBarDis
2009-07-11 20:11 <DIR> --d----- c:\program files\Glary Utilities
2009-07-11 19:54 <DIR> --ds---- c:\documents and settings\cjjr.cjjr-sgtgfsxevd\UserData
2009-07-11 00:33 <DIR> --d----- c:\program files\Uniblue
2009-06-27 18:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-15 01:53 <DIR> --d----- c:\program files\ESET

==================== Find3M ====================

2009-07-12 11:42 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-12 04:04 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-22 15:46 23,357 a---h--- c:\program files\folder.htt
2009-03-22 15:46 271 ---sh--- c:\program files\desktop.ini

============= FINISH: 23:08:28.70 ===============

Attached Files



#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 15 July 2009 - 08:16 AM

Do you have Mbam results?
Posted Image

#13 boy indian

boy indian
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 15 July 2009 - 11:19 AM

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600

7/14/2009 9:41:08 PM
mbam-log-2009-07-14 (21-41-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102857
Time elapsed: 3 hour(s), 52 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
thank you!!Baabiouz

#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 15 July 2009 - 02:01 PM

Hello

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Ask Toolbar

Reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

c:\program files\askbardis

Please post a fresh DDS log back here.
How's your pc working now?
Posted Image

#15 boy indian

boy indian
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:04:44 AM

Posted 15 July 2009 - 05:45 PM

yep! my pc is much better now! thank you for all the help baabbiouz..err by the way in your personal point of view or to all moderators. Are my chosen anti virus, spy ware and fire wall are good enough to secure my pc?( and it is all freeware) thank you again and more power to all...(maybe tommorow I may post again my dds) :thumbup2: :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users