Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

couponmountain.com hijack


  • Please log in to reply
1 reply to this topic

#1 powdernate

powdernate

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 14 July 2009 - 12:50 AM

hi i have this couponmountain.com page that pops up every time i navigate away from Google i ran a dds and this is what i got.


DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 23:23:00.54 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.270 [GMT -6:00]

AV: Norton AntiVirus 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k drv
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\windows\ld12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\hp_administrator\local settings\application data\cyberdefender\cdmyidd.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {6B8B235E-410E-0E91-1355-88855596DC5A} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\hp_administrator\local settings\application data\cyberdefender\cdmyidd.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\hp_administrator\local settings\application data\cyberdefender\cdmyidd.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [AdVantage] "c:\program files\advantage\AdVantage.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [LowRiskFileTypes] c:\windows\sysguard.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [sysldtray] c:\windows\ld12.exe
mRun: [sysfbtray] c:\windows\freddy49.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google desktop search\GoogleDesktop.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\sony handheld\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sac-de~1.lnk - c:\program files\steepandcheap\desktop alert\SAC-Desktop-Alert.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: trymedia.com
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.phgenit.com/plugin/awarewebplayer/download/smart/cab/awswaxf.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200800486203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\38t2t6t7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\38t2t6t7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R?2 drv;drv;c:\windows\system32\svchost.exe -k drv [2004-8-9 14336]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [2008-1-12 17408]
R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [2009-7-2 9344]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-2-8 3712]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-9-23 139888]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-25 1174152]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-2-7 102712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070214.020\NAVENG.Sys [2007-2-15 80472]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070214.020\NavEx15.Sys [2007-2-15 852600]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-8-26 334984]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-12-2 468768]
S3 ACCSKMD;Canon Camera Storage Device;c:\windows\system32\drivers\accskmd.sys [2003-5-13 32640]
S3 SAVScan;Symantec AVScan;c:\program files\norton antivirus\SAVScan.exe [2005-8-26 198368]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-07-13 22:07 2 a------- c:\windows\0535251103110107106.lio
2009-07-03 16:42 <DIR> --dsh--- c:\windows\system32\lowsec
2009-07-03 16:12 15,360 ----h--- c:\windows\pp10.exe
2009-07-03 16:12 1 a------- c:\windows\934fdfg34fgjf23
2009-07-03 16:11 2 a------- c:\windows\0101120101464849.dat
2009-07-03 00:01 69 a------- c:\windows\st_affiliate.ini
2009-07-02 23:40 1 ----h--- c:\windows\jmmark2.dat
2009-07-02 23:40 2 a------- c:\windows\0101120101465749.dat
2009-07-02 23:40 65,536 a------- c:\windows\freddy49.exe
2009-07-02 23:40 1 ----h--- c:\windows\bf23567.dat
2009-07-02 22:50 12,544 -------- c:\windows\system32\IEHelper.dll_tobedeleted
2009-07-02 22:40 <DIR> --d----- c:\program files\drv
2009-07-02 22:40 2 a------- c:\windows\010112010146118114.dat
2009-07-02 22:39 28,672 a------- c:\windows\ld12.exe
2009-06-27 10:31 214 a------- c:\windows\HP_48BitScanUpdatePatch.ini
2009-06-27 10:16 160,783 a------- c:\windows\hpqins00.dat
2009-06-27 10:13 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinBatch
2009-06-27 10:12 <DIR> --d----- C:\temp
2009-06-27 10:11 234 a------- c:\windows\PrnHlpLogConfig.ini
2009-06-27 10:10 214 a------- c:\windows\HP_InstantSHareJPG.ini
2009-06-14 13:15 <DIR> --d----- c:\program files\iPod
2009-06-14 13:15 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-06-23 21:43 139,264 a------- c:\windows\system32\hpzjrd01.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 09:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 22:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 22:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 22:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 22:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-28 22:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-28 22:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 22:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 22:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 22:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 03:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 03:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 23:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 23:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 06:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 08:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2006-04-24 16:57 251 a------- c:\program files\wt3d.ini
2006-02-16 01:04 22 a--sh--- c:\windows\sminst\HPCD.sys
2009-03-16 17:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031620090317\index.dat

============= FINISH: 23:24:32.39 ===============


i also have ran spybot and ad-aware but have not got anything. if you could help me that would be very helpful.

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:06 AM

Posted 14 July 2009 - 10:24 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users