Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im not sure what is wrong


  • This topic is locked This topic is locked
2 replies to this topic

#1 kcarpe

kcarpe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 29 December 2009 - 02:41 AM

I was not able to get onto the internet then tried to run a virus scan to find that nothing on my desktop would open. Then I tried to run in safe mode but was unable to do that also, thinking I would have to reformat I got out my disks to start only to find that I could not open either the dvd or the dvd rw...so went to trend micro tools clicked the restart in safe mode and it worked. Opened the trend micro in safe mode and ran a scan...had I would say about 30 trojans ...deleted all of them but the computer is still acting strange so ran hijack this and thats how I got here. I know I'm not much help but I'm hoping someone can help. I know nothing about what these reports say so I need some help please....

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by kim at 0:30:40.93 on Tue 12/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1581 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2008 6:53:58 AM
System Uptime: 12/28/2009 11:36:48 PM (1 hours ago)

Motherboard: Dell Inc. | | 0FJ030
Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 147.075 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

==== System Restore Points ===================

RP96: 10/10/2009 4:30:22 PM - Installed iTunes
RP97: 10/17/2009 3:00:22 AM - Software Distribution Service 3.0
RP98: 10/19/2009 9:30:47 AM - Software Distribution Service 3.0
RP99: 11/4/2009 2:15:16 PM - Software Distribution Service 3.0
RP100: 11/11/2009 3:00:18 AM - Software Distribution Service 3.0
RP101: 11/23/2009 12:36:56 AM - System Checkpoint
RP102: 11/25/2009 3:17:19 AM - System Checkpoint
RP103: 11/26/2009 3:00:18 AM - Software Distribution Service 3.0
RP104: 11/28/2009 6:59:05 AM - System Checkpoint
RP105: 12/9/2009 3:00:28 AM - Software Distribution Service 3.0
RP106: 12/15/2009 4:00:42 PM - Installed HiJackThis
RP107: 12/23/2009 3:53:29 PM - System Checkpoint
RP108: 12/23/2009 6:44:36 PM - Restore Operation
RP109: 12/24/2009 10:09:16 PM - Restore Operation
RP110: 12/24/2009 10:36:40 PM - Restore Operation
RP111: 12/26/2009 4:13:43 PM - System Checkpoint
RP112: 12/27/2009 6:30:38 PM - System Checkpoint

==== Installed Programs ======================

23 Instant Alert
ABBYY FineReader 5.0 Sprint Plus
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CardRd81
CCScore
CDDRV_Installer
Comcast Universal Caller ID
Conexant D850 56K V.9x DFVc Modem
CoolChaser Layout Auto Insert
Coupon Printer for Windows
CR2
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Resource CD
erLT
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Gamevance
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
InstallMgr
Intel® PRO Network Connections Drivers
iTunes
Java™ 6 Update 15
Java™ 6 Update 7
KhalInstallWrapper
Kodak EasyShare software
KSU
Lexmark X6100 Series
LimeWire 4.18.8
Logitech SetPoint
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpace Toolbar
MySpaceIM
Notifier
NVIDIA Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG Secure Module 4.5.01
OTtBP
OTtBPSDK
Otto
PDF Manual NW-E000 Series
Print to Fax
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SHASTA
SigmaTel Audio
SKIN0001
SKINXSDK
Sonic Update Manager
Trend Micro Internet Security
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Word Whomp( TM) Underground
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/29/2009 12:09:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/28/2009 9:49:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:49:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2009 9:47:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/28/2009 9:47:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/28/2009 11:38:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi
12/28/2009 10:09:09 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/24/2009 6:39:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/24/2009 6:36:37 PM, error: Dhcp [1002] - The IP address lease 98.213.244.215 for the Network Card with network address 00137224CCCA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kim.KIM-9A0DFFB3471\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
{0ed403e8-470a-4a8a-85a4-d7688cfe39a3}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.56.0_1\MySpaceToolbar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Freecause Toolbar BHO: {fc78e410-0efa-4bec-b283-d1db1922f420} - c:\program files\coolchaser layout auto insert\Toolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.56.0_1\MySpaceToolbar.dll
TB: CoolChaser Layout Auto Insert: {b0208007-27c1-4bcd-93ef-eff5db61fc22} - c:\program files\coolchaser layout auto insert\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [03a82e4e.exe] c:\windows\system32\03a82e4e.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\kim~4.kim\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe
StartupFolder: c:\docume~1\kim~4.kim\startm~1\programs\startup\univer~1.lnk - c:\program files\universalcallerid\UniversalCallerID.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\23inst~1.lnk - c:\program files\common files\23 instant alert\TrueWeather.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm398YAUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-4-7 335376]
S2 gupdate1c9ec80b573914e;Google Update Service (gupdate1c9ec80b573914e);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-4-7 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-7 497008]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-4-7 36368]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-7 677128]

=============== Created Last 30 ================

2009-12-29 03:42:34 0 d-----w- c:\documents and settings\kim.kim-9a0dffb3471\log
2009-12-28 10:59:13 14929 ----a-w- c:\windows\443a9zea52989.dll
2009-12-26 06:13:27 5039 ----a-w- c:\windows\2725spy9are8z2.exe
2009-12-25 13:08:45 8260 ----a-w- c:\windows\system32\1869add9z5e325.ocx
2009-12-25 04:32:01 0 d-----w- c:\docume~1\alluse~1.win\applic~1\McAfee Security Scan
2009-12-23 15:46:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-21 23:04:28 6800 ----a-w- c:\windows\38f99hzeat11152.ocx
2009-12-21 00:40:54 18333 ----a-w- c:\windows\system32\50z559py1cc.ocx
2009-12-20 17:49:08 3595 ----a-w- c:\windows\system32\19741spyz05.exe
2009-12-18 08:25:27 6328 ----a-w- c:\windows\119zsteal16745.dll
2009-12-18 05:33:36 5056 ----a-w- c:\windows\7293tz95f953.ocx
2009-12-17 18:13:51 17894 ----a-w- c:\windows\system32\z62fthie5593.dll
2009-12-16 14:38:09 15582 ----a-w- c:\windows\20518za5kt9ol2b5.dll
2009-12-15 22:00:44 0 d-----w- c:\program files\TrendMicro
2009-12-14 19:06:29 8108 ----a-w- c:\windows\1595zspambot5d9.cpl
2009-12-14 10:55:57 15595 ----a-w- c:\windows\39577not-a5viruz31.dll
2009-12-14 05:21:40 15389 ----a-w- c:\windows\system32\62409ackdoo5z30.ocx
2009-12-13 05:20:35 3216 ----a-w- c:\windows\system32\21f9thiefz151.ocx
2009-12-11 14:47:14 17576 ----a-w- c:\windows\system32\214995orz15f.ocx
2009-12-07 10:13:00 8780 ----a-w- c:\windows\z39a9ir1955.dll
2009-12-07 07:54:57 9183 ----a-w- c:\windows\system32\13599zroj5f3.exe
2009-12-05 14:56:45 12523 ----a-w- c:\windows\system32\5692v5rzs218.dll
2009-12-04 23:29:23 8902 ----a-w- c:\windows\system32\7165ba9kdoor29z9.exe
2009-12-04 08:38:26 14815 ----a-w- c:\windows\z2e5s9eal3255.ocx
2009-12-03 03:04:58 3185 ----a-w- c:\windows\19768not-a-vzrus859.bin
2009-12-02 13:11:16 17180 ----a-w- c:\windows\25153vizus79e.dll
2009-12-01 10:16:55 15788 ----a-w- c:\windows\system32\719zd9wnlo5der771.ocx

==================== Find3M ====================

2009-11-23 20:15:23 16837 ----a-w- c:\windows\system32\97z94hackto5l694.dll
2009-11-20 22:22:01 13666 ----a-w- c:\windows\system32\11592zpambot728.exe
2009-11-18 01:43:23 18222 ----a-w- c:\windows\1ez5sp5ware1893.bin
2009-11-14 18:29:32 11282 ----a-w- c:\windows\39z1back9oor6875.dll
2009-11-13 15:57:29 15347 ----a-w- c:\windows\system32\14995no9-a-5iruszb2.exe
2009-11-12 13:53:02 17054 ----a-w- c:\windows\system32\5z45spy3e9.dll
2009-11-12 02:21:49 17070 ----a-w- c:\windows\system32\5e5zspywar92610.exe
2009-11-08 13:33:15 13470 ----a-w- c:\windows\system32\583cs9arsz1498.exe
2009-11-08 07:43:19 10123 ----a-w- c:\windows\system32\3359z5r736.exe
2009-11-08 04:48:43 12971 ----a-w- c:\windows\system32\5d6threat1z595.dll
2009-11-08 04:08:27 9627 ----a-w- c:\windows\22913w5rm258z.exe
2009-11-04 15:33:47 9877 ----a-w- c:\windows\69c3downloader56z3.dll
2009-11-04 14:54:55 11196 ----a-w- c:\windows\system32\20957spy5z1.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 20:45:45 18036 -c--a-w- c:\windows\system32\31232szy5d19.dll
2009-10-23 21:43:48 12471 -c--a-w- c:\windows\system32\14009not-a-virzs59a.exe
2009-10-22 02:33:05 22052 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-19 21:14:04 16061 -c--a-w- c:\windows\system32\6f5as9ywarz2727.exe
2009-10-18 03:13:25 4681 -c--a-w- c:\windows\system32\2cdbdzwnl9ad5r147.exe
2009-10-13 12:37:15 13321 -c--a-w- c:\windows\system32\6548thre5t9z23.exe
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 21:17:04 15951 -c--a-w- c:\windows\11295p9mbotd4z.bin
2009-10-10 22:31:24 14732 -c--a-w- c:\windows\5749spyware3z645.bin
2009-10-06 23:41:30 14504 -c--a-w- c:\windows\system32\53a5v9z880.bin
2009-10-02 15:27:50 2934 -c--a-w- c:\windows\6a24d9wnlozder251.exe
2008-06-20 07:42:17 4447744 -csha-w- c:\program files\ehthumbs.db
2008-06-20 07:42:15 1191936 -csha-w- c:\program files\common files\ehthumbs.db
2009-01-27 13:56:25 32768 -csha-w- c:\windows\temp\cookies\index.dat
2009-01-27 13:56:25 32768 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2009-01-27 13:56:25 49152 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:30:58.01 ===============

Attached Files

  • Attached File  ark.txt   1.79KB   6 downloads
  • Attached File  DDS.txt   13.31KB   4 downloads


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:21 PM

Posted 08 January 2010 - 05:02 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:21 PM

Posted 13 January 2010 - 03:45 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users