Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware.IEPlugin, plus various others


  • This topic is locked This topic is locked
4 replies to this topic

#1 FiliusJohannis

FiliusJohannis

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 01 January 2010 - 02:41 PM

About a week and a half ago I had the Internet Security 2010 virus. I got it from (foolishly) downloading several freeware audio applications. I assumed my antivirus software plus Windows Defender would protect me from any problems. Bad assumption.

Anyway I got rid of that virus with help from an article on your site, using rkill.exe and MalwareBytes.

Since then I have been scanning my computer with various anti-spyware programs, and each time the software finds different threats. For example I ran SpyBot, which supposedly did a full scan and got rid of all threats found, but then I ran SpyBot again and it found still more threats. After running SpyBot and cleaning up all threats, I ran Spyware Doctor and it found still more.

I'm not having any noticeable problems with the way my computer runs, I'm just concerned that my software keeps detecting more and more threats, even after previously scanning and getting rid of all threats found.

I'm sorry to burden you with too much detail, but on the other hand the instructions say that we should provide a lot of detail so you are better able to help. So here are the results of some of the scans I have been running lately:

Ran Spyware Doctor on 12/29/09 and it found the following:

Adware.IEPlugin (13 infections) - Threat level: High

It also found various other things but they were "Low" threat level so I won't list them all.

Since I don't own the "full version" of Spyware Doctor I could not use it to eliminate the threats, so I ran a full scan with SpyBot. It found a bunch of threats (over 100) and supposedly removed them all. But when I ran Spyware Doctor again it found the same Adware.IEPlugin threats.

On 1/1/10 I ran the Spyware Doctor Start Edition (from Google) and it found the following, which were all rated "High" threat level:

Trackware.MegaSearch (1 infection)
Trojan.Generic (7 infections)
RogueAntiSpyware.InternetSecurity2010 (4 infections)

Since this was the free Starter Edition from Google I was able to use it to eliminate these threats.

I then ran another full scan with Spyware Doctor (the non-free trial edition) and it again found the "Adware.IEPlugin (13 infections) - Threat level: High". I don't understand why the free Starter Edition and the trial edition keep finding different threats.

Anyway, here are the contents of the DDS.txt file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mark at 10:53:40.87 on Fri 01/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1042 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark.AUGUSTINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark.AUGUSTINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark.AUGUSTINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark.AUGUSTINE\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SystemTray] SysTray.Exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\DeviceDetect.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\Timer Wizard.lnk.disabled
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: zazzle.com\www
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.11/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.44/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-1 207792]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-4-1 73720]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-12-29 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-12-29 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-12-29 739696]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-12-29 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-12-29 161008]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-1 112592]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-12-29 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-12-29 128240]
R2 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [2009-1-6 100728]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-1 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-1 1141712]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-4-1 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-6-15 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-4-1 207352]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-12-29 292080]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-4-1 205304]
R3 tbHD;Philips PSC705 WDM Driver;c:\windows\system32\drivers\TBirdHD.sys [2007-11-10 336066]
R3 TBhdgame;Philips PSC705 GamePort;c:\windows\system32\drivers\tbhdgame.sys [2007-11-10 11491]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-12-29 133520]
S2 cypherixservice;Cypherix service;cypherixsrv.exe --> cypherixsrv.exe [?]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\DSSUSBF.sys [2009-3-23 25381]

=============== Created Last 30 ================

2010-01-01 17:30:55 883 ----a-w- c:\windows\RegSDImport.xml
2010-01-01 17:30:55 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-01 17:30:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-01 17:30:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-01 17:30:55 131 ----a-w- c:\windows\IDB.zip
2010-01-01 17:30:55 1152444 ----a-w- c:\windows\UDB.zip
2010-01-01 17:30:54 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-01 17:30:54 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-01 17:19:19 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-01 17:19:19 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-01 17:19:08 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-01 17:19:08 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-01 17:19:08 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-01 17:19:08 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-01 17:19:01 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-01 17:19:01 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-01 17:18:51 0 d-----w- c:\program files\Spyware Doctor
2010-01-01 17:18:51 0 d-----w- c:\program files\common files\PC Tools
2010-01-01 17:18:51 0 d-----w- c:\docume~1\mark~1.aug\applic~1\PC Tools
2010-01-01 17:18:51 0 d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools
2009-12-31 05:36:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 05:36:14 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-12-30 07:14:12 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-12-30 07:14:12 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-12-30 07:14:12 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-12-30 07:14:12 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-12-30 07:14:11 99568 ----a-w- c:\windows\system32\isafeif.dll
2009-12-30 07:14:11 83256 ----a-w- c:\windows\system32\vetredir.dll
2009-12-30 07:14:11 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-12-30 07:14:11 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-12-30 07:14:11 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-12-30 07:14:04 17626 ----a-w- c:\windows\system32\entitlement.xml
2009-12-30 07:13:58 6552 ----a-w- c:\windows\system32\wbem\canvprov.mof
2009-12-30 07:13:58 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2009-12-30 05:14:02 0 d-----w- c:\program files\Second Backup
2009-12-21 05:24:04 6614 ----a-w- c:\windows\DNAPrinters.ini
2009-12-20 09:43:43 954988 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2009-12-19 17:06:47 7 ----a-w- c:\windows\system32\mkghj.dll
2009-12-19 16:41:20 0 d-----w- c:\windows\rnapxs
2009-12-17 14:15:45 0 d-----w- c:\docume~1\mark~1.aug\applic~1\Malwarebytes
2009-12-16 06:49:23 147456 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-12-16 06:25:47 2855 ----a-w- c:\windows\system32\41.PIF
2009-12-16 06:25:29 0 d--h--w- c:\windows\PIF
2009-12-16 05:54:38 0 ----a-w- c:\windows\system32\18467.exe
2009-12-16 05:02:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-14 05:02:38 119296 ----a-w- c:\windows\system32\ctl3d3232.dll
2009-12-10 05:13:23 0 d-----w- c:\program files\The GodFather
2009-12-10 05:04:13 0 d-----w- c:\program files\MusiFind Pro
2009-12-10 05:04:13 0 d-----w- c:\docume~1\alluse~1.win\applic~1\MusiFind Pro
2009-12-09 06:08:59 6752 ----a-w- c:\windows\system32\PfModNT.sys
2009-12-09 06:08:59 0 d-----w- c:\program files\Creative
2009-12-08 05:36:16 0 d-----w- c:\program files\MediaMonkey
2009-12-08 04:47:33 0 d-----w- c:\docume~1\mark~1.aug\applic~1\COWON
2009-12-07 05:30:46 0 d-----w- c:\program files\Library Manager
2009-12-07 05:28:43 0 d-----w- c:\program files\Illustrate
2009-12-07 04:34:30 0 d-----w- c:\program files\Media Catalog Studio
2009-12-07 04:20:33 98304 ----a-w- c:\windows\system32\unzip.dll
2009-12-07 04:20:33 94208 ----a-w- c:\windows\system32\vbpng.dll
2009-12-07 04:20:33 72192 ----a-w- c:\windows\system32\zlib.dll
2009-12-07 04:20:33 454656 ----a-w- c:\windows\system32\PaintX.dll
2009-12-07 04:20:33 157696 ----a-w- c:\windows\system32\unrar.dll
2009-12-07 04:20:33 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-12-07 04:20:31 232640 ----a-w- c:\windows\system32\MSDATLST.OCX
2009-12-07 04:20:31 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2009-12-05 06:52:34 285 ----a-w- c:\windows\MP3Org.ini
2009-12-05 06:47:50 8 --sh--r- c:\windows\system32\99A6F97A1B.dll
2009-12-05 06:47:50 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Protexis

==================== Find3M ====================

2009-12-07 05:30:37 720896 ----a-w- c:\windows\iun6002.exe
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 03:51:13 19558 ----a-w- c:\windows\hpoins01.dat
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2006-08-18 03:05:57 49153 ----a-w- c:\program files\popcalc2.htm
2003-08-27 21:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2009-07-02 04:37:37 71 --sha-w- c:\windows\system32\SYSDRV0WB.SYS

============= FINISH: 10:54:58.82 ===============


I downloaded RootRepeal but it would not run. A window pops up saying that it's initializing but then it just gets stuck and does nothing. The hard drive indicator lights up constantly. The only way to get it to stop is by restarting the computer. Any tips on solving that problem?

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:42 AM

Posted 10 January 2010 - 11:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 FiliusJohannis

FiliusJohannis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 10 January 2010 - 11:56 PM

Thanks for getting back to me. Since it was taking so long to get a response -- not complaining, I know you guys are volunteers and I appreciate it -- I felt I needed to do something, so I uninstalled CA Antivirus and installed Microsoft Security Essentials. MSE found several "threats" and deleted them, including win32/tracur.A and win32/tracur.B, win32/windupdates.A, JS/Agent (Trojan downloader), and win32/NewDotNet, all of which they classified as High or Severe threats.

I then ran SpyBot and MalwareBytes and they found nothing but tracking cookies. But then I ran Spyware Doctor (trial edition) and it found Adware.IEPlugin once again, 13 instances. Strange that no other program finds that particular threat. I also ran the Panda Security online scanner and it did not find it either.

Anyway, here is my new DDS report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mark at 20:45:04.15 on Sun 01/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1199 [GMT -8:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\acoustic.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark.AUGUSTINE\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SystemTray] SysTray.Exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TBTray] acoustic.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\DeviceDetect.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\Timer Wizard.lnk.disabled
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: zazzle.com\www
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.11/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.44/uploader2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-1-10 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-10 207792]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-10 112592]
R2 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [2009-1-6 100728]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-10 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-10 1141712]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 tbHD;Philips PSC705 WDM Driver;c:\windows\system32\drivers\TBirdHD.sys [2004-3-19 336066]
R3 TBhdgame;Philips PSC705 GamePort;c:\windows\system32\drivers\tbhdgame.sys [2004-3-19 11491]
S2 cypherixservice;Cypherix service;cypherixsrv.exe --> cypherixsrv.exe [?]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\DSSUSBF.sys [2009-3-23 25381]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2010-01-11 04:34:14 0 d-----w- c:\docume~1\mark~1.aug\applic~1\avidemux
2010-01-11 04:33:50 0 d-----w- c:\program files\Avidemux 2.5
2010-01-11 04:15:35 405504 ----a-w- c:\windows\system32\DVDTool.exe
2010-01-11 04:15:35 233472 ----a-w- c:\windows\system32\DVDTools.dll
2010-01-11 04:15:35 102384 ----a-w- c:\windows\system32\drivers\meiudf.sys
2010-01-11 04:15:33 155648 ----a-w- c:\windows\system32\RAMASST.exe
2010-01-11 04:15:31 135168 ----a-w- c:\windows\system32\DVDMenu.dll
2010-01-11 04:15:31 110592 ----a-w- c:\windows\system32\DVDRAMSV.exe
2010-01-11 04:15:07 0 d-----w- c:\program files\Panasonic DVD-RAM
2010-01-11 03:22:44 69 ----a-w- c:\windows\NeroDigital.ini
2010-01-11 02:18:43 883 ----a-w- c:\windows\RegSDImport.xml
2010-01-11 02:18:43 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-11 02:18:43 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-11 02:18:42 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-11 02:18:42 131 ----a-w- c:\windows\IDB.zip
2010-01-11 02:18:42 1152444 ----a-w- c:\windows\UDB.zip
2010-01-11 02:18:41 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-11 02:18:41 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-11 02:15:45 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-11 02:15:45 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-11 02:15:18 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-11 02:15:18 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-11 02:15:18 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-11 02:15:18 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-11 02:15:02 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-11 02:15:02 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-11 02:13:43 0 d-----w- c:\program files\Spyware Doctor
2010-01-11 02:13:43 0 d-----w- c:\program files\common files\PC Tools
2010-01-11 02:13:43 0 d-----w- c:\docume~1\mark~1.aug\applic~1\PC Tools
2010-01-11 02:13:43 0 d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools
2010-01-10 20:18:20 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-10 20:18:19 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-10 20:18:19 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-01-10 08:27:49 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-10 08:27:31 0 d-----w- c:\program files\Panda Security
2010-01-10 06:17:44 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-08 05:16:24 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-07 04:15:39 0 d-----w- c:\docume~1\alluse~1.win\applic~1\LightScribe
2010-01-06 06:05:40 0 d-----w- c:\program files\SAMSUNG
2010-01-06 05:54:53 0 d-----w- c:\program files\Nero
2010-01-06 05:54:53 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Nero
2009-12-31 05:36:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 05:36:14 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-12-30 07:14:04 17626 ----a-w- c:\windows\system32\entitlement.xml
2009-12-30 05:14:02 0 d-----w- c:\program files\Second Backup
2009-12-21 05:24:04 6614 ----a-w- c:\windows\DNAPrinters.ini
2009-12-20 09:43:43 954988 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2009-12-19 17:06:47 7 ----a-w- c:\windows\system32\mkghj.dll
2009-12-19 16:41:20 0 d-----w- c:\windows\rnapxs
2009-12-17 14:15:45 0 d-----w- c:\docume~1\mark~1.aug\applic~1\Malwarebytes
2009-12-16 06:49:23 147456 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-12-16 06:25:47 2855 ----a-w- c:\windows\system32\41.PIF
2009-12-16 06:25:29 0 d--h--w- c:\windows\PIF
2009-12-16 05:54:38 0 ----a-w- c:\windows\system32\18467.exe
2009-12-16 05:02:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 05:30:37 720896 ----a-w- c:\windows\iun6002.exe
2009-11-23 03:51:13 19558 ----a-w- c:\windows\hpoins01.dat
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2006-08-18 03:05:57 49153 ----a-w- c:\program files\popcalc2.htm
2003-08-27 21:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2009-07-02 04:37:37 71 --sha-w- c:\windows\system32\SYSDRV0WB.SYS

============= FINISH: 20:46:28.64 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:42 PM

Posted 20 January 2010 - 12:39 PM

Hello, FiliusJohannis
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:42 PM

Posted 25 January 2010 - 12:28 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users