Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help don't no whats wrong


  • This topic is locked This topic is locked
2 replies to this topic

#1 munchkin18_2008

munchkin18_2008

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 30 October 2009 - 06:34 AM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Harriet at 10:46:53.27 on 30/10/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.893.70 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\V0350Mon.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Harriet\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NPSStartup]
mRun: [V0350Mon.exe] c:\windows\V0350Mon.exe
mRun: [SigmatelSysTrayApp] sttray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: microsoft.com
Trusted Zone: windowsupdate.com
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/nottinghamtrent/support/plugins/ebraryRdr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-30 09:04:38 144624 -c--a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-30 08:45:54 0 dc----w- c:\programdata\SITEguard
2009-10-30 08:41:11 0 dc----w- c:\program files\STOPzilla!
2009-10-30 08:41:08 0 dc----w- c:\program files\common files\iS3
2009-10-30 08:41:05 0 dc----w- c:\programdata\STOPzilla!
2009-10-27 23:23:00 310784 -c--a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:22:56 8147456 -c--a-w- c:\windows\system32\wmploc.DLL
2009-10-27 11:08:16 545424 -c--a-r- c:\windows\system32\SZComp5.dll
2009-10-27 11:08:14 402064 -c--a-r- c:\windows\system32\SZBase5.dll
2009-10-27 10:59:38 17408 -c--a-r- c:\windows\system32\SZIO5.dll
2009-10-20 14:40:34 126976 -c--a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 14:40:24 393216 -c--a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 14:38:16 385024 -c--a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 14:37:58 61440 -c--a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 14:37:40 23040 -c--a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 14:35:40 225280 -c--a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 14:35:18 94208 -c--a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 14:35:04 90112 -c--a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 14:31:52 729088 -c--a-r- c:\windows\system32\IS3Base5.dll
2009-10-16 03:08:21 60928 -c--a-w- c:\windows\system32\msasn1.dll
2009-10-16 03:08:12 218624 -c--a-w- c:\windows\system32\msv1_0.dll
2009-10-16 03:08:02 3600456 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 03:08:02 3548216 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 16:02:53 0 dc----w- c:\program files\BBC iPlayer Desktop
2009-10-05 14:46:18 195440 -c----w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-09-21 12:22:12 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-21 12:22:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-21 12:22:12 143360 ----a-w- c:\windows\inf\infstor.dat
2009-09-21 12:10:56 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-21 12:06:21 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-21 09:59:36 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-14 09:29:50 144896 -c--a-w- c:\windows\system32\drivers\srv2.sys
2009-08-29 00:27:49 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 -c--a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 -c--a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 -c--a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 -c--a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 -c--a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 -c--a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 -c--a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 -c--a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 -c--a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 -c--a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 -c--a-w- c:\windows\system32\netiohlp.dll
2009-08-04 18:52:22 1193832 -c--a-w- c:\windows\system32\FM20.DLL
2009-08-03 14:07:42 403816 -c--a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07:42 322928 -c--a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07:42 230768 -c--a-w- c:\windows\system32\OGAEXEC.exe
2008-09-11 21:28:23 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 -c--a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 -c--a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 -c--a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 -c--a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-12 11:07:39 88 -csh--r- c:\windows\system32\45F851636F.sys
2008-02-12 11:07:41 2828 -csha-w- c:\windows\system32\KGyGaAvL.sys
2007-04-12 10:46:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:56:24.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 06 November 2009 - 02:39 AM

Hello

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Ask.com Search Assistant 1.0.1

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Reboot your computer.


View Hidden Files & Folders Windows Vista
To view Hidden Files & Folders do the following:
Click Start
Open Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

c:\windows\system32\drivers\kgpcpy.cfg


Let's do scan with Mbam:

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Please post Mbam results and a fresh DDS logs back here :(
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 13 November 2009 - 02:53 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users