Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

url.rtbk pop up infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 Roxydogg28

Roxydogg28

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 06 October 2009 - 03:34 AM

Hello,

I have been having pop-ups and browser hijacks on my machine.

Sometimes the pop-up goes to a blank page and the url shown is url.rtbk and some other stuff.

I read the topic on what to do before posting.....I got dds to run with no issues but I've tried for days to get rootrepeal to work to no avail....I keep getting an error "Could not read our index block".

I've tried re-downloading it, rerunning it, etc. I click ok when that error pop's up and the program closes.

I had run an antivirus software and it removed something I believe a couple of trojans but now I have a few runtime dll errors at startup, I'll get to posting those here in a bit.

Regardless here are my dds attachments. Thanks in advance for any and all help.

-----------Attach.txt Start-----------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/22/2007 5:22:17 AM
System Uptime: 10/3/2009 4:57:06 AM (66 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 41.207 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.037 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP574: 9/28/2009 2:23:29 AM - Scheduled Checkpoint
RP575: 9/29/2009 1:09:13 AM - Scheduled Checkpoint
RP576: 9/30/2009 12:00:02 AM - Scheduled Checkpoint
RP577: 9/30/2009 11:30:52 PM - Scheduled Checkpoint
RP578: 10/2/2009 12:55:39 AM - Scheduled Checkpoint
RP579: 10/3/2009 12:48:00 PM - Scheduled Checkpoint
RP580: 10/5/2009 12:46:32 AM - Scheduled Checkpoint

==== Installed Programs ======================

7-Zip 4.62
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
AIM 6
AOL Install
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bayden SlickRun (remove only)
Bonjour
CDBurnerXP
Conexant D850 PCI V.92 Modem
Consumer Complete Care Services Agreement
ConTEXT
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
DHTML Editing Component
Dia (remove only)
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Download Updater (AOL LLC)
EarthLink Setup Files
FFTW 3.1.2 Library for scilab-5.0.3
FileZilla Client 3.2.2.1
Games, Music, & Photos Launcher
Glary Utilities 2.10.0.622
Google Chrome
Google Desktop
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Service Offers Launcher
iTunes
Java™ SE Runtime Environment 6
LG USB Modem driver
Linksys WMP110 RangePlus Wireless PCI Adapter Driver - WMP110
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetWaiting
Nortel Networks Contivity VPN Client
OGA Notifier 2.0.0048.0
OpenOffice.org 2.2
Pdf995
PhotoShow Deluxe 3
Qualxserve Service Agreement
QuickTime
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Savings Bond Wizard
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
SigmaTel Audio
Slideroll Gallery AV 0.7b
Snood 4
Snood Poppers 1.0
Sonic Activation Module
TextPad 5
The Digital Arts and Crafts Studio
Turbo Lister 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
V CAST Music with Rhapsody
WampServer 2.0
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Wireless PCI Card Configuration Utility

==== Event Viewer Messages From Past Week ========

9/30/2009 9:09:15 AM, Error: EventLog [6008] - The previous system shutdown at 9:06:30 AM on 9/30/2009 was unexpected.
9/28/2009 8:50:25 AM, Error: EventLog [6008] - The previous system shutdown at 8:47:52 AM on 9/28/2009 was unexpected.
9/28/2009 2:23:28 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
10/3/2009 12:11:34 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
10/3/2009 12:11:15 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

==== End Of File ===========================


-----------Attach.txt End-----------



-----------DDS.txt Start-----------

DDS (Ver_09-09-29.01) - NTFSx86
Run by Matthew at 22:11:28.95 on Mon 10/05/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1489 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090926-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1335 [VPS 090926-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Nortel Networks\NvcRpcSvr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SlickRun\sr.exe
C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matthew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SetupWizard] E:\SetupWizard.exe reboot
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SlickRun] "c:\program files\slickrun\sr.exe"
uRun: [Google Update] "c:\users\matthew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [rigifeloj] Rundll32.exe "c:\progra~2\momejigo\momejigo.dll",a
uRun: [loloyekuzi] Rundll32.exe "c:\programdata\rehosaki\rehosaki.dll",s
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SiteAdvisor] "c:\program files\siteadvisor\6261\SiteAdv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: Web-Based Email Tools - hxxp://email01.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\finetg9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\matthew\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-17 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-17 51792]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-9-20 31784]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-9-20 148232]

=============== Created Last 30 ================

2009-09-30 22:43 <DIR> --d----- c:\program files\Trend Micro
2009-09-30 19:52 <DIR> --d----- c:\programdata\zibuweti
2009-09-30 19:52 <DIR> --d----- c:\programdata\rehosaki
2009-09-30 19:52 <DIR> --d----- c:\programdata\nabigeki
2009-09-30 19:52 <DIR> --d----- c:\progra~2\zibuweti
2009-09-30 19:52 <DIR> --d----- c:\progra~2\rehosaki
2009-09-30 19:52 <DIR> --d----- c:\progra~2\nabigeki
2009-09-30 19:52 <DIR> --d----- c:\programdata\tipulaya
2009-09-30 19:52 <DIR> --d----- c:\programdata\puhelero
2009-09-30 19:52 <DIR> --d----- c:\programdata\momejigo
2009-09-30 19:52 <DIR> --d----- c:\programdata\hopalusa
2009-09-30 19:52 <DIR> --d----- c:\progra~2\tipulaya
2009-09-30 19:52 <DIR> --d----- c:\progra~2\puhelero
2009-09-30 19:52 <DIR> --d----- c:\progra~2\momejigo
2009-09-30 19:52 <DIR> --d----- c:\progra~2\hopalusa
2009-09-30 18:52 <DIR> --d----- c:\programdata\zodezaru
2009-09-30 18:52 <DIR> --d----- c:\programdata\zazanezo
2009-09-30 18:52 <DIR> --d----- c:\programdata\lojafuyu
2009-09-30 18:52 <DIR> --d----- c:\programdata\feyadote
2009-09-30 18:52 <DIR> --d----- c:\progra~2\zodezaru
2009-09-30 18:52 <DIR> --d----- c:\progra~2\zazanezo
2009-09-30 18:52 <DIR> --d----- c:\progra~2\lojafuyu
2009-09-30 18:52 <DIR> --d----- c:\progra~2\feyadote
2009-09-30 04:41 <DIR> --d----- c:\programdata\wihuzomi
2009-09-30 04:41 <DIR> --d----- c:\programdata\pogogiso
2009-09-30 04:41 <DIR> --d----- c:\programdata\javojosu
2009-09-30 04:41 <DIR> --d----- c:\progra~2\wihuzomi
2009-09-30 04:41 <DIR> --d----- c:\progra~2\pogogiso
2009-09-30 04:41 <DIR> --d----- c:\progra~2\javojosu
2009-09-30 04:41 <DIR> --d----- c:\programdata\zizesabo
2009-09-30 04:41 <DIR> --d----- c:\programdata\nuyakete
2009-09-30 04:41 <DIR> --d----- c:\programdata\juviyame
2009-09-30 04:41 <DIR> --d----- c:\programdata\jemukuwo
2009-09-30 04:41 <DIR> --d----- c:\progra~2\zizesabo
2009-09-30 04:41 <DIR> --d----- c:\progra~2\nuyakete
2009-09-30 04:41 <DIR> --d----- c:\progra~2\juviyame
2009-09-30 04:41 <DIR> --d----- c:\progra~2\jemukuwo
2009-09-27 21:31 <DIR> --d----- c:\programdata\yonozise
2009-09-27 21:31 <DIR> --d----- c:\programdata\nogayeda
2009-09-27 21:31 <DIR> --d----- c:\programdata\jiwofehu
2009-09-27 21:31 <DIR> --d----- c:\progra~2\yonozise
2009-09-27 21:31 <DIR> --d----- c:\progra~2\nogayeda
2009-09-27 21:31 <DIR> --d----- c:\progra~2\jiwofehu
2009-09-27 15:40 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-27 15:40 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-27 15:39 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-27 15:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-27 15:36 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-27 13:49 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-27 09:31 <DIR> --d----- c:\programdata\yokagumo
2009-09-27 09:31 <DIR> --d----- c:\programdata\lewazasu
2009-09-27 09:31 <DIR> --d----- c:\programdata\hamewina
2009-09-27 09:31 <DIR> --d----- c:\progra~2\yokagumo
2009-09-27 09:31 <DIR> --d----- c:\progra~2\lewazasu
2009-09-27 09:31 <DIR> --d----- c:\progra~2\hamewina
2009-09-26 22:28 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-09-26 22:27 11,967,524 a------- c:\windows\system32\korwbrkr.lex
2009-09-26 19:51 481,792 a------- c:\windows\system32\cmdial32.dll
2009-09-26 19:50 247,808 a------- c:\windows\system32\drvstore.dll
2009-09-26 19:04 <DIR> --d----- c:\programdata\wowidezo
2009-09-26 19:04 <DIR> --d----- c:\programdata\pinafadi
2009-09-26 19:04 <DIR> --d----- c:\programdata\mufazuri
2009-09-26 19:04 <DIR> --d----- c:\progra~2\wowidezo
2009-09-26 19:04 <DIR> --d----- c:\progra~2\pinafadi
2009-09-26 19:04 <DIR> --d----- c:\progra~2\mufazuri
2009-09-26 12:53 <DIR> --d----- C:\PerfLogs
2009-09-26 07:03 <DIR> --d----- c:\programdata\yahiviti
2009-09-26 07:03 <DIR> --d----- c:\programdata\vunakifa
2009-09-26 07:03 <DIR> --d----- c:\programdata\feguzevi
2009-09-26 07:03 <DIR> --d----- c:\progra~2\yahiviti
2009-09-26 07:03 <DIR> --d----- c:\progra~2\vunakifa
2009-09-26 07:03 <DIR> --d----- c:\progra~2\feguzevi
2009-09-25 19:04 <DIR> --d----- c:\programdata\pukovubu
2009-09-25 19:04 <DIR> --d----- c:\programdata\poyutole
2009-09-25 19:04 <DIR> --d----- c:\programdata\pirotima
2009-09-25 19:04 <DIR> --d----- c:\progra~2\pukovubu
2009-09-25 19:04 <DIR> --d----- c:\progra~2\poyutole
2009-09-25 19:04 <DIR> --d----- c:\progra~2\pirotima
2009-09-25 19:03 <DIR> --d----- c:\programdata\yuvujefu
2009-09-25 19:03 <DIR> --d----- c:\programdata\rarohiwu
2009-09-25 19:03 <DIR> --d----- c:\programdata\nomirasu
2009-09-25 19:03 <DIR> --d----- c:\programdata\nohunolu
2009-09-25 19:03 <DIR> --d----- c:\progra~2\yuvujefu
2009-09-25 19:03 <DIR> --d----- c:\progra~2\rarohiwu
2009-09-25 19:03 <DIR> --d----- c:\progra~2\nomirasu
2009-09-25 19:03 <DIR> --d----- c:\progra~2\nohunolu
2009-09-25 07:03 <DIR> --d----- c:\programdata\paletigi
2009-09-25 07:03 <DIR> --d----- c:\programdata\lakotite
2009-09-25 07:03 <DIR> --d----- c:\progra~2\paletigi
2009-09-25 07:03 <DIR> --d----- c:\progra~2\lakotite
2009-09-24 23:09 2,048 a------- c:\windows\system32\tzres.dll
2009-09-24 22:25 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-09-24 22:25 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-09-24 22:25 52,625,408 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-09-24 22:15 41,984 a------- c:\windows\system32\netfxperf.dll
2009-09-24 17:57 <DIR> --d----- c:\programdata\mizezapo
2009-09-24 17:57 <DIR> --d----- c:\programdata\korumore
2009-09-24 17:57 <DIR> --d----- c:\programdata\hukodare
2009-09-24 17:57 <DIR> --d----- c:\progra~2\mizezapo
2009-09-24 17:57 <DIR> --d----- c:\progra~2\korumore
2009-09-24 17:57 <DIR> --d----- c:\progra~2\hukodare
2009-09-24 17:56 <DIR> --d----- c:\programdata\vukuleyi
2009-09-24 17:56 <DIR> --d----- c:\programdata\kemuzike
2009-09-24 17:56 <DIR> --d----- c:\programdata\fevusota
2009-09-24 17:56 <DIR> --d----- c:\programdata\famuruya
2009-09-24 17:56 <DIR> --d----- c:\progra~2\vukuleyi
2009-09-24 17:56 <DIR> --d----- c:\progra~2\kemuzike
2009-09-24 17:56 <DIR> --d----- c:\progra~2\fevusota
2009-09-24 17:56 <DIR> --d----- c:\progra~2\famuruya
2009-09-24 05:56 <DIR> --d----- c:\programdata\setemobi
2009-09-24 05:56 <DIR> --d----- c:\programdata\nasikunu
2009-09-24 05:56 <DIR> --d----- c:\programdata\fogasahi
2009-09-24 05:56 <DIR> --d----- c:\progra~2\setemobi
2009-09-24 05:56 <DIR> --d----- c:\progra~2\nasikunu
2009-09-24 05:56 <DIR> --d----- c:\progra~2\fogasahi
2009-09-24 04:56 <DIR> --d----- c:\programdata\zobejivo
2009-09-24 04:56 <DIR> --d----- c:\programdata\kemifave
2009-09-24 04:56 <DIR> --d----- c:\programdata\jufigonu
2009-09-24 04:56 <DIR> --d----- c:\progra~2\zobejivo
2009-09-24 04:56 <DIR> --d----- c:\progra~2\kemifave
2009-09-24 04:56 <DIR> --d----- c:\progra~2\jufigonu
2009-09-23 09:53 <DIR> --d----- c:\programdata\tulomuwa
2009-09-23 09:53 <DIR> --d----- c:\programdata\paretoje
2009-09-23 09:53 <DIR> --d----- c:\programdata\kozenodo
2009-09-23 09:53 <DIR> --d----- c:\progra~2\tulomuwa
2009-09-23 09:53 <DIR> --d----- c:\progra~2\paretoje
2009-09-23 09:53 <DIR> --d----- c:\progra~2\kozenodo
2009-09-23 09:53 <DIR> --d----- c:\programdata\viyozeji
2009-09-23 09:53 <DIR> --d----- c:\programdata\mubitiji
2009-09-23 09:53 <DIR> --d----- c:\programdata\megesayu
2009-09-23 09:53 <DIR> --d----- c:\programdata\gugepivi
2009-09-23 09:53 <DIR> --d----- c:\progra~2\viyozeji
2009-09-23 09:53 <DIR> --d----- c:\progra~2\mubitiji
2009-09-23 09:53 <DIR> --d----- c:\progra~2\megesayu
2009-09-23 09:53 <DIR> --d----- c:\progra~2\gugepivi
2009-09-22 21:52 <DIR> --d----- c:\programdata\pofetota
2009-09-22 21:52 <DIR> --d----- c:\programdata\loduvuzi
2009-09-22 21:52 <DIR> --d----- c:\progra~2\pofetota
2009-09-22 21:52 <DIR> --d----- c:\progra~2\loduvuzi
2009-09-22 09:52 <DIR> --d----- c:\programdata\reyifole
2009-09-22 09:52 <DIR> --d----- c:\programdata\gululajo
2009-09-22 09:52 <DIR> --d----- c:\progra~2\reyifole
2009-09-22 09:52 <DIR> --d----- c:\progra~2\gululajo
2009-09-21 21:52 <DIR> --d----- c:\programdata\tuwofari
2009-09-21 21:52 <DIR> --d----- c:\programdata\rupagile
2009-09-21 21:52 <DIR> --d----- c:\progra~2\tuwofari
2009-09-21 21:52 <DIR> --d----- c:\progra~2\rupagile
2009-09-21 09:52 <DIR> --d----- c:\programdata\zuyavizu
2009-09-21 09:52 <DIR> --d----- c:\programdata\yivojapi
2009-09-21 09:52 <DIR> --d----- c:\programdata\hewudado
2009-09-21 09:52 <DIR> --d----- c:\progra~2\zuyavizu
2009-09-21 09:52 <DIR> --d----- c:\progra~2\yivojapi
2009-09-21 09:52 <DIR> --d----- c:\progra~2\hewudado
2009-09-21 09:52 <DIR> --d----- c:\programdata\tukebivo
2009-09-21 09:52 <DIR> --d----- c:\programdata\suhuvoko
2009-09-21 09:52 <DIR> --d----- c:\programdata\hemedibu
2009-09-21 09:52 <DIR> --d----- c:\programdata\dufaweyi
2009-09-21 09:52 <DIR> --d----- c:\progra~2\tukebivo
2009-09-21 09:52 <DIR> --d----- c:\progra~2\suhuvoko
2009-09-21 09:52 <DIR> --d----- c:\progra~2\hemedibu
2009-09-21 09:52 <DIR> --d----- c:\progra~2\dufaweyi
2009-09-20 21:51 <DIR> --d----- c:\programdata\zivedomo
2009-09-20 21:51 <DIR> --d----- c:\programdata\vebufewo
2009-09-20 21:51 <DIR> --d----- c:\programdata\tolenova
2009-09-20 21:51 <DIR> --d----- c:\programdata\rumapuhu
2009-09-20 21:51 <DIR> --d----- c:\progra~2\zivedomo
2009-09-20 21:51 <DIR> --d----- c:\progra~2\vebufewo
2009-09-20 21:51 <DIR> --d----- c:\progra~2\tolenova
2009-09-20 21:51 <DIR> --d----- c:\progra~2\rumapuhu
2009-09-20 09:51 <DIR> --d----- c:\programdata\sigowoto
2009-09-20 09:51 <DIR> --d----- c:\programdata\linatopo
2009-09-20 09:51 <DIR> --d----- c:\programdata\fijafipa
2009-09-20 09:51 <DIR> --d----- c:\programdata\bewiseru
2009-09-20 09:51 <DIR> --d----- c:\progra~2\sigowoto
2009-09-20 09:51 <DIR> --d----- c:\progra~2\linatopo
2009-09-20 09:51 <DIR> --d----- c:\progra~2\fijafipa
2009-09-20 09:51 <DIR> --d----- c:\progra~2\bewiseru
2009-09-19 21:51 <DIR> --d----- c:\programdata\zidutufi
2009-09-19 21:51 <DIR> --d----- c:\programdata\yawevodu
2009-09-19 21:51 <DIR> --d----- c:\programdata\wobowedi
2009-09-19 21:51 <DIR> --d----- c:\programdata\jipanidi
2009-09-19 21:51 <DIR> --d----- c:\progra~2\zidutufi
2009-09-19 21:51 <DIR> --d----- c:\progra~2\yawevodu
2009-09-19 21:51 <DIR> --d----- c:\progra~2\wobowedi
2009-09-19 21:51 <DIR> --d----- c:\progra~2\jipanidi
2009-09-19 09:50 <DIR> --d----- c:\programdata\wayokuzo
2009-09-19 09:50 <DIR> --d----- c:\programdata\vunoyedi
2009-09-19 09:50 <DIR> --d----- c:\programdata\jeleraji
2009-09-19 09:50 <DIR> --d----- c:\progra~2\wayokuzo
2009-09-19 09:50 <DIR> --d----- c:\progra~2\vunoyedi
2009-09-19 09:50 <DIR> --d----- c:\progra~2\jeleraji
2009-09-18 21:50 <DIR> --d----- c:\programdata\repimeba
2009-09-18 21:50 <DIR> --d----- c:\programdata\nehokaki
2009-09-18 21:50 <DIR> --d----- c:\programdata\momiveyu
2009-09-18 21:50 <DIR> --d----- c:\progra~2\repimeba
2009-09-18 21:50 <DIR> --d----- c:\progra~2\nehokaki
2009-09-18 21:50 <DIR> --d----- c:\progra~2\momiveyu
2009-09-18 09:50 <DIR> --d----- c:\programdata\zakukugo
2009-09-18 09:50 <DIR> --d----- c:\programdata\viyetowu
2009-09-18 09:50 <DIR> --d----- c:\programdata\higudolo
2009-09-18 09:50 <DIR> --d----- c:\progra~2\zakukugo
2009-09-18 09:50 <DIR> --d----- c:\progra~2\viyetowu
2009-09-18 09:50 <DIR> --d----- c:\progra~2\higudolo
2009-09-17 21:50 <DIR> --d----- c:\programdata\zolujiwa
2009-09-17 21:50 <DIR> --d----- c:\programdata\rovokoko
2009-09-17 21:50 <DIR> --d----- c:\programdata\lukopijo
2009-09-17 21:50 <DIR> --d----- c:\progra~2\zolujiwa
2009-09-17 21:50 <DIR> --d----- c:\progra~2\rovokoko
2009-09-17 21:50 <DIR> --d----- c:\progra~2\lukopijo
2009-09-17 21:50 <DIR> --d----- c:\programdata\bebuviza
2009-09-17 21:50 <DIR> --d----- c:\progra~2\bebuviza
2009-09-17 21:50 <DIR> --d----- c:\programdata\pukotoyu
2009-09-17 21:50 <DIR> --d----- c:\programdata\jewadoni
2009-09-17 21:50 <DIR> --d----- c:\programdata\bafepugi
2009-09-17 21:50 <DIR> --d----- c:\progra~2\pukotoyu
2009-09-17 21:50 <DIR> --d----- c:\progra~2\jewadoni
2009-09-17 21:50 <DIR> --d----- c:\progra~2\bafepugi
2009-09-17 09:49 <DIR> --d----- c:\programdata\vakumene
2009-09-17 09:49 <DIR> --d----- c:\programdata\fomasopi
2009-09-17 09:49 <DIR> --d----- c:\programdata\dewukobe
2009-09-17 09:49 <DIR> --d----- c:\progra~2\vakumene
2009-09-17 09:49 <DIR> --d----- c:\progra~2\fomasopi
2009-09-17 09:49 <DIR> --d----- c:\progra~2\dewukobe
2009-09-17 09:42 <DIR> --d----- c:\programdata\walowofu
2009-09-17 09:42 <DIR> --d----- c:\programdata\rubafabu
2009-09-17 09:42 <DIR> --d----- c:\programdata\nowaziho
2009-09-17 09:42 <DIR> --d----- c:\progra~2\walowofu
2009-09-17 09:42 <DIR> --d----- c:\progra~2\rubafabu
2009-09-17 09:42 <DIR> --d----- c:\progra~2\nowaziho
2009-09-08 16:34 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 16:34 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 16:34 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-08 16:34 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 16:34 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 16:34 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 16:34 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 16:34 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 16:34 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 16:34 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 16:34 11,264 a------- c:\windows\system32\MRINFO.EXE

==================== Find3M ====================

2009-09-27 15:48 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-27 15:48 143,360 a------- c:\windows\inf\infstor.dat
2009-09-27 15:48 51,200 a------- c:\windows\inf\infpub.dat
2009-09-27 15:39 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-26 13:09 174 a--sh--- c:\program files\desktop.ini
2009-09-26 06:22 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-09-26 06:22 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2007-06-24 19:49 3,950 a------- c:\program files\femaless.html
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-05-06 20:29 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-05-06 20:29 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-05-06 20:29 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-02-22 14:17 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:13:46.45 ===============



-----------DDS.txt End-----------

BC AdBot (Login to Remove)

 


#2 Roxydogg28

Roxydogg28
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 06 October 2009 - 08:19 AM

I understand the high volume, and I'm more than happy to wait, just have a question.

Would it be helpful to post a hijackthis log?

Thanks,

Matt

#3 Roxydogg28

Roxydogg28
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 07 October 2009 - 07:31 PM

Don't know if this will help but here's my hijackthis.log




-----------hijackthis.log Start-----------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:23 PM, on 9/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SlickRun\sr.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\Explorer.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SetupWizard] E:\SetupWizard.exe reboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [rigifeloj] Rundll32.exe "c:\PROGRA~2\momejigo\momejigo.dll",a
O4 - HKCU\..\Run: [loloyekuzi] Rundll32.exe "C:\ProgramData\rehosaki\rehosaki.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: Web-Based Email Tools - http://email01.secureserver.net/Download.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Nortel CVC Service (NvcRpcServer) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\NvcRpcSvr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10115 bytes


-----------hijackthis.log Start-----------

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:04 AM

Posted 22 October 2009 - 06:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:04 AM

Posted 25 October 2009 - 07:28 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users