Jump to content

lgrand

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. lgrand
    Infected with a virus / malware (MB is blocking several sites almost continuously throughout the day (see attached protection log for details) & and loss of internet access Attached are the results of DDS and GMER recommended by the help instructions pinned on this forum section. The contents of 'DDS.txt' are posted below. And I've attached the following files: - Attach.zip containing Attach.txt (from DDS) Ark.txt (from GMER) - mbam-log.txt - protection-log.txt DSD.txt content DDS (Ver_10-03-17.01) - NTFSx86 Run by David at 19:34:04.14 on Wed 07/28/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1511 [GMT -5:00] AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\David\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uStart Page = hxxp://yahoo.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:1040 mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AutorunsDisabled - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [kyjkejnmllnd] c:\documents and settings\david\local settings\application data\dbsflwku\.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.cartoonnetwork.com/games/teentitans/battleblitz/index.html" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\java\j2re1.4.2_03\bin\jusched.exe" StartupFolder: c:\docume~1\david\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: turbotax.com DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238542569546 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-24 304464] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-24 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-30 135664] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\symcpcculaunchsvc.exe /s --> c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [?] S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [?] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?] S4 cpuz132;cpuz132;\??\c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys [?] S4 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?] =============== Created Last 30 ================ 2010-07-29 00:10:22 0 ----a-w- c:\documents and settings\david\defogger_reenable 2010-07-28 23:38:42 61555 ----a-w- c:\windows\system32\jpicpl32.cpl 2010-07-28 01:34:15 0 dc-h--w- c:\windows\ie8 ==================== Find3M ==================== 2010-05-26 14:56:17 103784 ----a-w- c:\documents and settings\david\GoToAssistDownloadHelper.exe 2010-05-16 14:57:27 201558 ------w- c:\windows\hpoins42.dat 2009-11-20 20:49:59 56 --sh--r- c:\windows\system32\61B885FB47.sys 2009-11-22 16:51:45 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-12-12 05:08:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121120081212\index.dat ============= FINISH: 19:35:39.35 =============== Protection-log-2010-07-28.txt 01:07:38 David IP-BLOCK 91.212.226.67 01:07:41 David IP-BLOCK 91.212.226.67 01:07:47 David IP-BLOCK 91.212.226.67 01:17:59 David IP-BLOCK 91.212.226.59 01:18:02 David IP-BLOCK 91.212.226.59 01:18:08 David IP-BLOCK 91.212.226.59 03:07:47 David IP-BLOCK 91.212.226.67 03:07:50 David IP-BLOCK 91.212.226.67 03:07:56 David IP-BLOCK 91.212.226.67 03:18:08 David IP-BLOCK 91.212.226.59 03:18:11 David IP-BLOCK 91.212.226.59 03:18:17 David IP-BLOCK 91.212.226.59 05:07:55 David IP-BLOCK 91.212.226.67 05:07:58 David IP-BLOCK 91.212.226.67 05:08:04 David IP-BLOCK 91.212.226.67 05:18:16 David IP-BLOCK 91.212.226.59 05:18:19 David IP-BLOCK 91.212.226.59 05:18:25 David IP-BLOCK 91.212.226.59 05:44:24 David IP-BLOCK 91.212.226.179 05:44:26 David IP-BLOCK 91.212.226.179 05:44:32 David IP-BLOCK 91.212.226.179 05:44:48 David IP-BLOCK 85.12.46.156 05:44:51 David IP-BLOCK 85.12.46.156 05:44:57 David IP-BLOCK 85.12.46.156 05:45:09 David IP-BLOCK 85.12.46.157 05:45:12 David IP-BLOCK 85.12.46.157 05:45:18 David IP-BLOCK 85.12.46.157 05:45:30 David IP-BLOCK 91.212.226.182 05:45:33 David IP-BLOCK 91.212.226.182 05:45:39 David IP-BLOCK 91.212.226.182 05:45:52 David IP-BLOCK 85.12.46.158 05:45:54 David IP-BLOCK 85.12.46.158 05:46:00 David IP-BLOCK 85.12.46.158 05:46:13 David IP-BLOCK 85.12.46.157 05:46:16 David IP-BLOCK 85.12.46.157 05:46:19 David IP-BLOCK 94.228.209.214 05:46:22 David IP-BLOCK 94.228.209.214 05:46:28 David IP-BLOCK 94.228.209.214 05:46:34 David IP-BLOCK 85.12.46.155 05:46:37 David IP-BLOCK 85.12.46.155 05:46:43 David IP-BLOCK 85.12.46.155 05:46:55 David IP-BLOCK 85.12.46.155 05:46:58 David IP-BLOCK 85.12.46.155 05:47:04 David IP-BLOCK 85.12.46.155 05:47:17 David IP-BLOCK 85.12.46.158 05:47:20 David IP-BLOCK 85.12.46.158 05:47:24 David MESSAGE IP Protection stopped 05:47:26 David MESSAGE IP Protection started successfully 05:47:28 David IP-BLOCK 85.12.46.158 05:47:31 David IP-BLOCK 85.12.46.158 05:47:37 David IP-BLOCK 85.12.46.158 05:47:49 David IP-BLOCK 85.12.46.158 05:48:04 David MESSAGE IP Protection stopped protection_log_2010_07_28.zip
  2. lgrand
    Several months ago my home computer got infected with the Data Protection virus. We had McAfee as our virus protection software. I tried everything to remove it and finally called McAfee for virus removal help - paid $90, they said they got it all. Then the next time we used the PC more troubles, called them back, they dialed back in fixed more stuff. Then the PC started having a problem where it couldn't acquire an IP address. I then installed Malwarebytes - it got some stuff but I still couldn't get an IP address. Ran Winsockfix - got an IP address but then could get on any websites but could ping them. Reinstalled Internet Explorer - was able to get on the web but everytime I restart the PC, no IP address. Ran through the guidance on I'm infected - what do I do now. Attached are the log files. I would be greatful for any assistance - this has been a nightmare for the last 3 months. I have to use my work computer to get anything done! DSD.txt content DDS (Ver_10-03-17.01) - NTFSx86 Run by David at 19:34:04.14 on Wed 07/28/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1511 [GMT -5:00] AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\David\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uStart Page = hxxp://yahoo.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:1040 mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AutorunsDisabled - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [kyjkejnmllnd] c:\documents and settings\david\local settings\application data\dbsflwku\.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.cartoonnetwork.com/games/teentitans/battleblitz/index.html" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\java\j2re1.4.2_03\bin\jusched.exe" StartupFolder: c:\docume~1\david\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: turbotax.com DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238542569546 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-24 304464] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-24 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-30 135664] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\symcpcculaunchsvc.exe /s --> c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [?] S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [?] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?] S4 cpuz132;cpuz132;\??\c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys [?] S4 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?] =============== Created Last 30 ================ 2010-07-29 00:10:22 0 ----a-w- c:\documents and settings\david\defogger_reenable 2010-07-28 23:38:42 61555 ----a-w- c:\windows\system32\jpicpl32.cpl 2010-07-28 01:34:15 0 dc-h--w- c:\windows\ie8 ==================== Find3M ==================== 2010-05-26 14:56:17 103784 ----a-w- c:\documents and settings\david\GoToAssistDownloadHelper.exe 2010-05-16 14:57:27 201558 ------w- c:\windows\hpoins42.dat 2009-11-20 20:49:59 56 --sh--r- c:\windows\system32\61B885FB47.sys 2009-11-22 16:51:45 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-12-12 05:08:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121120081212\index.dat ============= FINISH: 19:35:39.35 =============== protection_log_2010_07_28.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.