Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here's my hjt log, please help!


  • This topic is locked This topic is locked
55 replies to this topic

#1 sappel

sappel

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 07 August 2009 - 08:54 AM

I have been reading many posts and understand that this is the way to go. Please help, my children are being exposed to so much smut, I am refusing to let them on the computer anymore. The popups vary from adultfriendfinder.com to IQ tests, and even a Walmart Ad. There is one that comes up with explicit porn ads on it.
I have used Adaware to no avail. Thank you and God Bless you.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:24 AM, on 8/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6D63F73D-3688-3000-9C0F-00A0C90F29FC} (DCube Class) - https://209.34.245.244/app/dcube3.cab
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/downlo...-ship-WD.V1.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://65.5.111.18/activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7327 bytes

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 17 August 2009 - 10:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 17 August 2009 - 12:56 PM

I hope I followed the instructions correctly. Thanks for any help you can give.



DDS (Ver_09-07-30.01) - NTFSx86
Run by Sue Ann at 13:48:48.67 on Mon 08/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.416 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sue Ann\Local Settings\Temporary Internet Files\Content.IE5\OMTLB6NB\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\2.0.0.2440\NPIEAddOn.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {00F5B5BA-E3C2-4B70-BF51-42A557914FAD} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6D63F73D-3688-3000-9C0F-00A0C90F29FC} - hxxps://209.34.245.244/app/dcube3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.5.111.18/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sueann~1\applic~1\mozilla\firefox\profiles\1m7kar0f.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=d82lkOJEmKYdJfif8txmng&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\program files\internet saving optimizer\2.0.0.2440\ff\components\NPFFAddOn.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-9 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-25 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]

=============== Created Last 30 ================

2009-08-13 11:46 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-11 15:02 38,888 a------- c:\windows\system32\Tt0388m_.ttf
2009-08-11 15:02 39,796 a------- c:\windows\system32\Tt0390m_.ttf
2009-08-11 15:02 39,336 a------- c:\windows\system32\Tt0391m_.ttf
2009-08-11 15:02 61,352 a------- c:\windows\system32\Tt0209m_.ttf
2009-08-11 15:02 31,344 a------- c:\windows\system32\Herald.ttf
2009-08-11 15:01 40,792 a------- c:\windows\system32\Heather.ttf
2009-08-11 15:01 58,984 a------- c:\windows\system32\Tt0108m_.ttf
2009-08-11 15:01 67,988 a------- c:\windows\system32\Tt0107m_.ttf
2009-08-11 15:01 61,204 a------- c:\windows\system32\Tt0110m_.ttf
2009-08-11 15:01 63,156 a------- c:\windows\system32\Tt0109m_.ttf
2009-08-11 15:01 39,944 a------- c:\windows\system32\Tt0307m_.ttf
2009-08-11 15:01 38,812 a------- c:\windows\system32\Tt0306m_.ttf
2009-08-11 15:01 39,800 a------- c:\windows\system32\Tt0312m_.ttf
2009-08-11 15:00 37,804 a------- c:\windows\system32\Tt1126m_.ttf
2009-08-11 15:00 36,920 a------- c:\windows\system32\Tt1129m_.ttf
2009-08-11 15:00 37,620 a------- c:\windows\system32\Tt1127m_.ttf
2009-08-11 15:00 39,620 a------- c:\windows\system32\Tt1128m_.ttf
2009-08-11 15:00 39,960 a------- c:\windows\system32\Gaslight.ttf
2009-08-11 15:00 60,256 a------- c:\windows\system32\Tt1001m_.ttf
2009-08-11 15:00 38,712 a------- c:\windows\system32\Francisc.ttf
2009-08-11 15:00 48,336 a------- c:\windows\system32\Fitzgera.ttf
2009-08-11 14:59 41,048 a------- c:\windows\system32\Fillmore.ttf
2009-08-11 14:59 54,904 a------- c:\windows\system32\Fifthave.ttf
2009-08-11 14:59 34,940 a------- c:\windows\system32\Tt0628m_.ttf
2009-08-11 14:59 52,944 a------- c:\windows\system32\Executiv.ttf
2009-08-11 14:59 81,708 a------- c:\windows\system32\Emeri___.ttf
2009-08-11 14:59 58,064 a------- c:\windows\system32\Tt0769m_.ttf
2009-08-11 14:59 50,068 a------- c:\windows\system32\Diploma.ttf
2009-08-11 14:59 71,444 a------- c:\windows\system32\Diner___.ttf
2009-08-11 14:58 33,524 a------- c:\windows\system32\Denmark.ttf
2009-08-11 14:58 31,008 a------- c:\windows\system32\Cuckoo.ttf
2009-08-11 14:58 63,540 a------- c:\windows\system32\Crate___.ttf
2009-08-11 14:58 55,824 a------- c:\windows\system32\Cotillio.ttf
2009-08-11 14:58 34,176 a------- c:\windows\system32\Cornerst.ttf
2009-08-11 14:58 44,980 a------- c:\windows\system32\Tt0423m_.ttf
2009-08-11 14:58 47,152 a------- c:\windows\system32\Tt0421m_.ttf
2009-08-11 14:58 56,708 a------- c:\windows\system32\Tt0576m_.ttf
2009-08-11 14:58 57,932 a------- c:\windows\system32\Tt0575m_.ttf
2009-08-11 14:57 56,780 a------- c:\windows\system32\Tt0580m_.ttf
2009-08-11 14:57 58,272 a------- c:\windows\system32\Tt0579m_.ttf
2009-08-11 14:57 62,500 a------- c:\windows\system32\Tt0630m_.ttf
2009-08-11 14:57 46,584 a------- c:\windows\system32\Contm___.ttf
2009-08-11 14:57 56,676 a------- c:\windows\system32\Contl___.ttf
2009-08-11 14:57 45,908 a------- c:\windows\system32\Contb___.ttf
2009-08-11 14:57 53,008 a------- c:\windows\system32\Tt0757m_.ttf
2009-08-11 14:57 56,552 a------- c:\windows\system32\Christie.ttf
2009-08-11 14:57 51,060 a------- c:\windows\system32\Tt0621m_.ttf
2009-08-11 14:56 51,416 a------- c:\windows\system32\Tt0620m_.ttf
2009-08-11 14:56 51,804 a------- c:\windows\system32\Tt0623m_.ttf
2009-08-11 14:56 51,972 a------- c:\windows\system32\Tt0622m_.ttf
2009-08-11 14:56 53,340 a------- c:\windows\system32\Chaucer.ttf
2009-08-11 14:56 38,944 a------- c:\windows\system32\Cezanne.ttf
2009-08-11 14:56 48,152 a------- c:\windows\system32\Tt0084m_.ttf
2009-08-11 14:56 48,556 a------- c:\windows\system32\Tt0083m_.ttf
2009-08-11 14:56 49,844 a------- c:\windows\system32\Tt0086m_.ttf
2009-08-11 14:56 51,380 a------- c:\windows\system32\Tt0085m_.ttf
2009-08-11 14:56 55,660 a------- c:\windows\system32\Tt0281m_.ttf
2009-08-11 14:55 50,772 a------- c:\windows\system32\Tt0342m_.ttf
2009-08-11 14:55 55,696 a------- c:\windows\system32\Tt0280m_.ttf
2009-08-11 14:55 40,120 a------- c:\windows\system32\Calligra.ttf
2009-08-11 14:55 55,100 a------- c:\windows\system32\Caesar.ttf
2009-08-11 14:55 44,960 a------- c:\windows\system32\Tt0131m_.ttf
2009-08-11 14:55 42,900 a------- c:\windows\system32\Broadvie.ttf
2009-08-11 14:55 32,032 a------- c:\windows\system32\Boulder.ttf
2009-08-11 14:55 43,368 a------- c:\windows\system32\Block___.ttf
2009-08-11 14:55 54,876 a------- c:\windows\system32\Tt0837m_.ttf
2009-08-11 14:55 58,612 a------- c:\windows\system32\Tt0607m_.ttf
2009-08-11 14:55 55,608 a------- c:\windows\system32\Tt0839m_.ttf
2009-08-11 14:55 57,576 a------- c:\windows\system32\Tt0838m_.ttf
2009-08-11 14:54 36,372 a------- c:\windows\system32\Tt0359m_.ttf
2009-08-11 14:54 37,132 a------- c:\windows\system32\Tt0360m_.ttf
2009-08-11 14:54 37,160 a------- c:\windows\system32\Tt0361m_.ttf
2009-08-11 14:54 46,064 a------- c:\windows\system32\Bazooka.ttf
2009-08-11 14:54 43,096 a------- c:\windows\system32\Bavand.ttf
2009-08-11 14:54 53,416 a------- c:\windows\system32\Tt0329m_.ttf
2009-08-11 14:54 53,000 a------- c:\windows\system32\Tt0328m_.ttf
2009-08-11 14:54 50,588 a------- c:\windows\system32\Tt0331m_.ttf
2009-08-11 14:54 53,528 a------- c:\windows\system32\Tt0330m_.ttf
2009-08-11 14:54 37,652 a------- c:\windows\system32\Tt1027m_.ttf
2009-08-11 14:54 172,408 a------- c:\windows\system32\Antique_.ttf
2009-08-11 14:54 49,192 a------- c:\windows\system32\Tt0499m_.ttf
2009-08-11 14:53 53,160 a------- c:\windows\system32\Tt0498m_.ttf
2009-08-11 14:53 49,908 a------- c:\windows\system32\Tt0500m_.ttf
2009-08-11 14:53 64,488 a------- c:\windows\system32\Tt1040m_.ttf
2009-08-11 14:53 815,616 a------- c:\windows\system32\GEAR32SD.DLL
2009-08-11 14:53 <DIR> --d----- C:\The Print Shop Products
2009-08-09 14:52 <DIR> --d----- c:\program files\ABBYY FineReader 5.0 Sprint
2009-08-09 14:51 <DIR> --d----- c:\program files\FaxTools
2009-08-09 14:51 436 a------- c:\windows\DELLSTAT.INI
2009-08-09 14:46 298,496 a------- c:\windows\uninst.exe
2009-08-09 14:39 <DIR> --d----- c:\documents and settings\sue ann\WINDOWS
2009-08-09 14:25 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-08-09 14:25 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-08-09 14:25 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-08-09 14:25 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-09 14:24 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-08-09 14:24 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-08-09 14:22 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-08-09 14:22 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-08-09 11:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-09 11:08 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 11:08 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 11:08 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 11:08 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-09 11:08 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-09 11:08 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 11:08 <DIR> --d----- C:\948923d83badc84632c8a7e2fa
2009-08-09 11:08 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-09 11:05 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-07 09:35 <DIR> --d----- c:\program files\Trend Micro
2009-08-05 20:12 4,096 a------- c:\windows\d3dx.dat
2009-08-05 20:11 <DIR> --d----- c:\program files\Sallys Spa
2009-08-05 20:11 <DIR> --d----- c:\program files\ReflexiveArcade
2009-08-02 19:50 <DIR> --d----- c:\program files\Axis Communications

==================== Find3M ====================

2009-08-11 16:27 66,248 a------- c:\docume~1\sueann~1\applic~1\GDIPFONTCACHEV1.DAT
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 13:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-09 13:43 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 14:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 14:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 14:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 14:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 14:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 14:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 14:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 14:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 14:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 14:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 14:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 07:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 03:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-01-07 14:46 286 a------- c:\docume~1\sueann~1\applic~1\wklnhst.dat

============= FINISH: 13:49:26.64 ===============

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 17 August 2009 - 05:09 PM

Hello sappel,
  • Welcome to Bleeping Computer.
  • Sorry for delayed response. Forums have been really busy.
  • My name is fireman4it and I will be helping you with your Malware problem.
  • As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.
Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions after it is approved.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 18 August 2009 - 06:10 PM

Hello sappel,

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Now please Empty Teatimer Cache. Your can do this by doing the following:
Download ResetTeaTimer.exe to your desktop.
Doubleclick ResetTeaTimer.exe and let it run.

2.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3.
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

4.
I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Avira Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
5.
Please do a full system scan with whatever Anti-Virus you decide on. then please post the log.


Things to include in your next reply:
MBAM log
Your Anti-virus log
A new DDS.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 18 August 2009 - 09:52 PM

I don't have that spybot program listed. When I do a search I come up with advcheck.dll and SDhelper.dll. I don't
know what to do now. I tried to delete them but the computer won't allow me to.

Edited by sappel, 19 August 2009 - 07:56 AM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 19 August 2009 - 04:29 PM

Hello sappel,

We need to do a little work so that we can proceed.





Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


Then close all windows except HijackThis and click Fix Checked.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Use Windows Explorer to find and delete these

And these folders:
C:\Program Files\Spybot - Search & Destroy

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Now reboot onto normal mode and proceed with the steps in my previous post from Step2

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 20 August 2009 - 09:09 AM

I made it through to #2. I cannot find any "windows defender" anywhere.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 20 August 2009 - 12:47 PM

Hello sappel,

I made it through to #2. I cannot find any "windows defender" anywhere.


Click Start then Programs or All Programs Windows Defender should be there click it then proceed with the steps for disabling it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 21 August 2009 - 11:44 AM

I lost internet explorer after this...I will send dds.text and the antivirus log next.

Malwarebytes' Anti-Malware 1.40
Database version: 2670
Windows 5.1.2600 Service Pack 2

8/21/2009 12:19:42 PM
mbam-log-2009-08-21 (12-19-42).txt

Scan type: Quick Scan
Objects scanned: 242250
Time elapsed: 1 hour(s), 55 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 26
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 107

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Lindsay\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lindsay\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lindsay\Application Data\FunWebProducts\Data\Lindsay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\FunWebProducts\Data\Mike (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\Lindsay\Application Data\FunWebProducts\Data\Lindsay\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lindsay\Application Data\FunWebProducts\Data\Lindsay\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lindsay\Application Data\FunWebProducts\Data\Lindsay\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\FunWebProducts\Data\Mike\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\FunWebProducts\Data\Mike\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\FunWebProducts\Data\Mike\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2154df11395ea0249c4c54961007ff8a.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\4b6752554c03dd13115a0078de71aa4d.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading_bg.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading_logo.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

#11 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 21 August 2009 - 12:00 PM

1. I can't seem to figure out what the dds.text is or how to run the antivirus program
2. Do you know what happened to IE? How do I get it back?
3. when do I put windows defender back the way it was?

Yes, I am computer illiterate, but at this moment I am not getting any of those nasty pop ups, so I think we are very close to solving this problem.
Just bare with me a little longer :thumbup2:

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 21 August 2009 - 03:53 PM

Hello sappel,

Here are the directions for DDS

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log and Attach.txt.

2. Do you know what happened to IE? How do I get it back?


What do you mean IE? Is the Shortcut gone or the Icon. DO you click on it and it wont work? Is it totally gone from the machine?

3. when do I put windows defender back the way it was?

Not till we make sure your machine is all clean! :thumbup2:

What Antivirus did you install?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 22 August 2009 - 09:28 AM

IE, Internet explorer, would not open. After I restarted, it worked.
I tried downloading AVAST. I will keep working at it. If and when I get a log I will send it. Should I delete it all (tell me how to make sure I do that correctly) and try the other one?
Here is DDS...


DDS (Ver_09-07-30.01) - NTFSx86
Run by Sue Ann at 10:14:28.07 on Sat 08/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.438 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sue Ann\Local Settings\Temporary Internet Files\Content.IE5\OMTLB6NB\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {00F5B5BA-E3C2-4B70-BF51-42A557914FAD} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6D63F73D-3688-3000-9C0F-00A0C90F29FC} - hxxps://209.34.245.244/app/dcube3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.5.111.18/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sueann~1\applic~1\mozilla\firefox\profiles\1m7kar0f.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=d82lkOJEmKYdJfif8txmng&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-9 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-25 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]

=============== Created Last 30 ================

2009-08-21 10:18 <DIR> --d----- c:\docume~1\sueann~1\applic~1\Malwarebytes
2009-08-21 10:18 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 10:18 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-21 10:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-21 10:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 10:14 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-13 11:46 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-11 15:02 38,888 a------- c:\windows\system32\Tt0388m_.ttf
2009-08-11 15:02 39,796 a------- c:\windows\system32\Tt0390m_.ttf
2009-08-11 15:02 39,336 a------- c:\windows\system32\Tt0391m_.ttf
2009-08-11 15:02 61,352 a------- c:\windows\system32\Tt0209m_.ttf
2009-08-11 15:02 31,344 a------- c:\windows\system32\Herald.ttf
2009-08-11 15:01 40,792 a------- c:\windows\system32\Heather.ttf
2009-08-11 15:01 58,984 a------- c:\windows\system32\Tt0108m_.ttf
2009-08-11 15:01 67,988 a------- c:\windows\system32\Tt0107m_.ttf
2009-08-11 15:01 61,204 a------- c:\windows\system32\Tt0110m_.ttf
2009-08-11 15:01 63,156 a------- c:\windows\system32\Tt0109m_.ttf
2009-08-11 15:01 39,944 a------- c:\windows\system32\Tt0307m_.ttf
2009-08-11 15:01 38,812 a------- c:\windows\system32\Tt0306m_.ttf
2009-08-11 15:01 39,800 a------- c:\windows\system32\Tt0312m_.ttf
2009-08-11 15:00 37,804 a------- c:\windows\system32\Tt1126m_.ttf
2009-08-11 15:00 36,920 a------- c:\windows\system32\Tt1129m_.ttf
2009-08-11 15:00 37,620 a------- c:\windows\system32\Tt1127m_.ttf
2009-08-11 15:00 39,620 a------- c:\windows\system32\Tt1128m_.ttf
2009-08-11 15:00 39,960 a------- c:\windows\system32\Gaslight.ttf
2009-08-11 15:00 60,256 a------- c:\windows\system32\Tt1001m_.ttf
2009-08-11 15:00 38,712 a------- c:\windows\system32\Francisc.ttf
2009-08-11 15:00 48,336 a------- c:\windows\system32\Fitzgera.ttf
2009-08-11 14:59 41,048 a------- c:\windows\system32\Fillmore.ttf
2009-08-11 14:59 54,904 a------- c:\windows\system32\Fifthave.ttf
2009-08-11 14:59 34,940 a------- c:\windows\system32\Tt0628m_.ttf
2009-08-11 14:59 52,944 a------- c:\windows\system32\Executiv.ttf
2009-08-11 14:59 81,708 a------- c:\windows\system32\Emeri___.ttf
2009-08-11 14:59 58,064 a------- c:\windows\system32\Tt0769m_.ttf
2009-08-11 14:59 50,068 a------- c:\windows\system32\Diploma.ttf
2009-08-11 14:59 71,444 a------- c:\windows\system32\Diner___.ttf
2009-08-11 14:58 33,524 a------- c:\windows\system32\Denmark.ttf
2009-08-11 14:58 31,008 a------- c:\windows\system32\Cuckoo.ttf
2009-08-11 14:58 63,540 a------- c:\windows\system32\Crate___.ttf
2009-08-11 14:58 55,824 a------- c:\windows\system32\Cotillio.ttf
2009-08-11 14:58 34,176 a------- c:\windows\system32\Cornerst.ttf
2009-08-11 14:58 44,980 a------- c:\windows\system32\Tt0423m_.ttf
2009-08-11 14:58 47,152 a------- c:\windows\system32\Tt0421m_.ttf
2009-08-11 14:58 56,708 a------- c:\windows\system32\Tt0576m_.ttf
2009-08-11 14:58 57,932 a------- c:\windows\system32\Tt0575m_.ttf
2009-08-11 14:57 56,780 a------- c:\windows\system32\Tt0580m_.ttf
2009-08-11 14:57 58,272 a------- c:\windows\system32\Tt0579m_.ttf
2009-08-11 14:57 62,500 a------- c:\windows\system32\Tt0630m_.ttf
2009-08-11 14:57 46,584 a------- c:\windows\system32\Contm___.ttf
2009-08-11 14:57 56,676 a------- c:\windows\system32\Contl___.ttf
2009-08-11 14:57 45,908 a------- c:\windows\system32\Contb___.ttf
2009-08-11 14:57 53,008 a------- c:\windows\system32\Tt0757m_.ttf
2009-08-11 14:57 56,552 a------- c:\windows\system32\Christie.ttf
2009-08-11 14:57 51,060 a------- c:\windows\system32\Tt0621m_.ttf
2009-08-11 14:56 51,416 a------- c:\windows\system32\Tt0620m_.ttf
2009-08-11 14:56 51,804 a------- c:\windows\system32\Tt0623m_.ttf
2009-08-11 14:56 51,972 a------- c:\windows\system32\Tt0622m_.ttf
2009-08-11 14:56 53,340 a------- c:\windows\system32\Chaucer.ttf
2009-08-11 14:56 38,944 a------- c:\windows\system32\Cezanne.ttf
2009-08-11 14:56 48,152 a------- c:\windows\system32\Tt0084m_.ttf
2009-08-11 14:56 48,556 a------- c:\windows\system32\Tt0083m_.ttf
2009-08-11 14:56 49,844 a------- c:\windows\system32\Tt0086m_.ttf
2009-08-11 14:56 51,380 a------- c:\windows\system32\Tt0085m_.ttf
2009-08-11 14:56 55,660 a------- c:\windows\system32\Tt0281m_.ttf
2009-08-11 14:55 50,772 a------- c:\windows\system32\Tt0342m_.ttf
2009-08-11 14:55 55,696 a------- c:\windows\system32\Tt0280m_.ttf
2009-08-11 14:55 40,120 a------- c:\windows\system32\Calligra.ttf
2009-08-11 14:55 55,100 a------- c:\windows\system32\Caesar.ttf
2009-08-11 14:55 44,960 a------- c:\windows\system32\Tt0131m_.ttf
2009-08-11 14:55 42,900 a------- c:\windows\system32\Broadvie.ttf
2009-08-11 14:55 32,032 a------- c:\windows\system32\Boulder.ttf
2009-08-11 14:55 43,368 a------- c:\windows\system32\Block___.ttf
2009-08-11 14:55 54,876 a------- c:\windows\system32\Tt0837m_.ttf
2009-08-11 14:55 58,612 a------- c:\windows\system32\Tt0607m_.ttf
2009-08-11 14:55 55,608 a------- c:\windows\system32\Tt0839m_.ttf
2009-08-11 14:55 57,576 a------- c:\windows\system32\Tt0838m_.ttf
2009-08-11 14:54 36,372 a------- c:\windows\system32\Tt0359m_.ttf
2009-08-11 14:54 37,132 a------- c:\windows\system32\Tt0360m_.ttf
2009-08-11 14:54 37,160 a------- c:\windows\system32\Tt0361m_.ttf
2009-08-11 14:54 46,064 a------- c:\windows\system32\Bazooka.ttf
2009-08-11 14:54 43,096 a------- c:\windows\system32\Bavand.ttf
2009-08-11 14:54 53,416 a------- c:\windows\system32\Tt0329m_.ttf
2009-08-11 14:54 53,000 a------- c:\windows\system32\Tt0328m_.ttf
2009-08-11 14:54 50,588 a------- c:\windows\system32\Tt0331m_.ttf
2009-08-11 14:54 53,528 a------- c:\windows\system32\Tt0330m_.ttf
2009-08-11 14:54 37,652 a------- c:\windows\system32\Tt1027m_.ttf
2009-08-11 14:54 172,408 a------- c:\windows\system32\Antique_.ttf
2009-08-11 14:54 49,192 a------- c:\windows\system32\Tt0499m_.ttf
2009-08-11 14:53 53,160 a------- c:\windows\system32\Tt0498m_.ttf
2009-08-11 14:53 49,908 a------- c:\windows\system32\Tt0500m_.ttf
2009-08-11 14:53 64,488 a------- c:\windows\system32\Tt1040m_.ttf
2009-08-11 14:53 815,616 a------- c:\windows\system32\GEAR32SD.DLL
2009-08-11 14:53 <DIR> --d----- C:\The Print Shop Products
2009-08-09 14:52 <DIR> --d----- c:\program files\ABBYY FineReader 5.0 Sprint
2009-08-09 14:51 <DIR> --d----- c:\program files\FaxTools
2009-08-09 14:51 436 a------- c:\windows\DELLSTAT.INI
2009-08-09 14:46 298,496 a------- c:\windows\uninst.exe
2009-08-09 14:39 <DIR> --d----- c:\documents and settings\sue ann\WINDOWS
2009-08-09 14:25 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-08-09 14:25 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-08-09 14:25 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-08-09 14:25 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-09 14:24 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-08-09 14:24 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-08-09 14:22 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-08-09 14:22 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-08-09 11:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-09 11:08 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 11:08 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 11:08 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 11:08 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-09 11:08 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-09 11:08 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 11:08 <DIR> --d----- C:\948923d83badc84632c8a7e2fa
2009-08-09 11:08 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-09 11:05 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-07 09:35 <DIR> --d----- c:\program files\Trend Micro
2009-08-05 20:12 4,096 a------- c:\windows\d3dx.dat
2009-08-05 20:11 <DIR> --d----- c:\program files\Sallys Spa
2009-08-05 20:11 <DIR> --d----- c:\program files\ReflexiveArcade
2009-08-02 19:50 <DIR> --d----- c:\program files\Axis Communications

==================== Find3M ====================

2009-08-11 16:27 66,248 a------- c:\docume~1\sueann~1\applic~1\GDIPFONTCACHEV1.DAT
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 13:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-09 13:43 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 14:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 14:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 14:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 14:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 14:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 14:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 14:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 14:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 14:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 14:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 14:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 03:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-01-07 14:46 286 a------- c:\docume~1\sueann~1\applic~1\wklnhst.dat

============= FINISH: 10:15:06.92 ===============

Attached Files



#14 sappel

sappel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 22 August 2009 - 11:47 AM

Ok, the avast program is downloaded. When I first started it, it took hours to do only 2%. I stopped it. What kind of scan should I do and what areas should be scanned? Should it take so long?

By the way...I can't thank you enough for eliminating those pop ups...you have no idea the good work you are doing. God Bless. Sue

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:55 AM

Posted 23 August 2009 - 09:33 AM

Hello sappel


Ok, the avast program is downloaded. When I first started it, it took hours to do only 2%. I stopped it. What kind of scan should I do and what areas should be scanned? Should it take so long?

By the way...I can't thank you enough for eliminating those pop ups...you have no idea the good work you are doing. God Bless. Sue



The type of scan you should do is a Normal scan. You should scan Local Hard drives.This scan may take awhile depending on how much data is on the computer.

Things to include in your next reply:
Your Avast scan log
A new DDS log

Edited by fireman4it, 23 August 2009 - 09:35 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users