Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit


  • This topic is locked This topic is locked
2 replies to this topic

#1 jh1193

jh1193

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 July 2009 - 07:19 PM

Ok, well my friend said i have a rootkit, and to come here. I have IE8, and everytime i go to a search engine and search for something, when i click on the link it says internet explorer has encountered a problem and must close. Also, i am getting popups, some of them are to win free things like laptops, some are like dating sites, and some are pornography. Since my internet started just closing, my computer is also very slow. I previously had a DNS changing trojan, but i used malewarebytes and it got rid of it, i think. Thats about it. Its just really frustrating.

Heres my DDS log.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Jeremy Helstrom at 18:07:47.71 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.867 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\JEREMY~1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

6.0\reader\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access

startup\1.3.0.790\HPIEAddOn.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving

optimizer\3.3.0.4160\NPIEAddOn.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web

accelerator\GoogleWebAccToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search

dispatcher\1.2.0.750\ssd.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web

accelerator\GoogleWebAccToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer

720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop

messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web

accelerator\GoogleWebAccWarden.exe
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows

defender\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-5-18 43792]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-7 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-28 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-28 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-7 185089]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-28 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-7 55640]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28

156968]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-5-18 73392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-6-28 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-6-28 600944]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-2-17 14095]
S3 SNDP610;Dual Mode Camera;c:\windows\system32\drivers\sndp610.sys [2006-5-21 220032]
S3 ZD1211U(Hisense);Hi-link UW210g Wireless Adapter Driver(Hisense);c:\windows\system32\drivers\ZD1211U.sys [2005-12-28

247296]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-10 13:14 3,682 a------- c:\windows\system32\tmp.reg
2009-07-10 01:21 <DIR> --d----- c:\program files\uTorrent
2009-07-07 23:02 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 23:02 <DIR> --d----- c:\program files\Avira
2009-07-07 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-07 22:41 <DIR> --d----- c:\program files\Exterminate It!
2009-07-06 12:46 <DIR> --d----- c:\program files\iPod
2009-07-06 12:46 <DIR> --d----- c:\program files\iTunes
2009-06-28 23:35 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-06-28 12:17 <DIR> --dsh--- c:\documents and settings\jeremy helstrom\IECompatCache
2009-06-28 12:16 <DIR> --dsh--- c:\documents and settings\jeremy helstrom\PrivacIE
2009-06-28 12:10 <DIR> --dsh--- c:\documents and settings\jeremy helstrom\IETldCache
2009-06-28 11:52 <DIR> --d----- C:\ef1a83f372c49b5c46b10b6389e5e139
2009-06-28 11:52 <DIR> --d----- c:\windows\SxsCaPendDel
2009-06-28 11:48 127 a------- c:\windows\system32\MRT.INI
2009-06-28 11:45 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-28 11:45 <DIR> --d----- c:\windows\ie8updates
2009-06-28 11:45 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-28 11:45 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-28 11:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-28 10:47 <DIR> --d----- c:\docume~1\jeremy~1\applic~1\Malwarebytes
2009-06-28 08:59 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-28 01:29 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-28 01:29 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-28 01:29 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 01:29 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-28 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-28 01:26 <DIR> --d----- c:\program files\CCleaner
2009-06-28 01:26 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 01:26 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-28 01:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 01:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-28 00:59 8,627 a------- c:\windows\system32\PAV_FOG.OPC
2009-06-28 00:36 148 a------- c:\windows\AvDetected.ini
2009-06-28 00:18 <DIR> --d----- c:\program files\Panda Security
2009-06-28 00:05 271 a------- c:\windows\SysMech.INI
2009-06-27 23:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-27 23:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-27 16:43 2 a------- c:\windows\msoffice.ini
2009-06-27 16:28 <DIR> --d----- c:\docume~1\jeremy~1\applic~1\Error Fix
2009-06-27 15:33 <DIR> --d----- c:\program files\AVG
2009-06-27 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-15 13:26 <DIR> --d----- c:\docume~1\jeremy~1\applic~1\IObit
2009-06-11 22:24 <DIR> --d----- c:\program files\Media Access Startup
2009-06-11 22:23 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-06-11 22:23 <DIR> --d----- c:\program files\System Search Dispatcher
2009-06-11 22:22 <DIR> --d----- c:\program files\DoubleD

==================== Find3M ====================

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-29 15:54 940,896 a------- c:\windows\system32\Incinerator.dll
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 23:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 23:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 09:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 15:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 15:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 15:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 15:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 15:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 05:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 22:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 22:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-28 22:55 78,336 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-28 03:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 06:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 08:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-07-07 22:39 0 ac------ c:\documents and settings\jeremy helstrom\jagex_runescape_preferences.dat
2006-02-27 20:37 8 ac------ c:\docume~1\jeremy~1\applic~1\usb.dat.bin
2008-08-22 20:43 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008082220080823\index.dat

============= FINISH: 18:08:13.57 ===============



I attatched my Attach file from DDS also. I really appreciate all you guys, and i really hope you can help me. I just want to say thanks ahead of time.

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:55 AM

Posted 20 July 2009 - 04:31 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:55 AM

Posted 24 July 2009 - 06:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users