Jump to content

Mkay

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. After several Malware Bytes removals, the problem still persists. I have redirection of my browser, popups, this silly Antivirus 2012 program popups (rogue software I assume?) Anyway, I'm having a lot of trouble with all of this. DDS: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Run by Office at 7:26:14 on 2011-08-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2604 [GMT -5:00] . AV: CyberDefender Internet Security *Enabled/Updated* {5D12D320-0FBD-4B67-B6C6-3F4A7B2E9881} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Office\Local Settings\Application Data\uta.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Office\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Office\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Office\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Office\My Documents\Downloads\Defogger.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll TB: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - c:\program files\utorrentbar2\prxtbuTor.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: CyberDefender Link Patrol: {dd662a0c-12fe-4b38-ba53-247f7ec82f46} - c:\documents and settings\office\local settings\application data\cyberdefender\cdmyidd.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Npebiya] rundll32.exe "c:\windows\wiui132.dll",Startup uRun: [Google Update] "c:\documents and settings\office\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [419504918] c:\documents and settings\office\local settings\application data\uta.exe mRun: [iDTSysTrayApp] sttray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys wireless guard\WscGuard.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {1B566A03-760E-4923-863F-19A0A461E71F} - hxxps://sdg2.quickbooks.com/NetPay/QBGL/OEGL.cab DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} - hxxps://accounting.quickbooks.com/c1/v20.141/qboimax6.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v20.141/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{8B8ABD08-EC39-4480-886A-4B39AE2916EC} : DhcpNameServer = 68.87.72.134 68.87.77.134 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\office\application data\mozilla\firefox\profiles\8m0b8vev.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101048100&s= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\office\application data\mozilla\firefox\profiles\8m0b8vev.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\office\application data\mozilla\firefox\profiles\8m0b8vev.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\office\application data\mozilla\firefox\profiles\8m0b8vev.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\office\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\office\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\office\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\office\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101048100&s=);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . S0 dsopnfcu;dsopnfcu;c:\windows\system32\drivers\tbmqs.sys --> c:\windows\system32\drivers\tbmqs.sys [?] S0 nypmehr;nypmehr;c:\windows\system32\drivers\gafnvku.sys --> c:\windows\system32\drivers\gafnvku.sys [?] S2 WSCNetManager;Linksys Wireless Guard Network Manager Service;c:\program files\linksys wireless guard\WscNetMgrSvc.exe [2004-4-18 663635] S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2011-3-9 96200] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-30 41272] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 CDLauncher;CyberDefender Launcher;c:\program files\cyberdefender\antispyware\CDLauncherWS.exe [2011-3-9 190792] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-10 136176] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-10 136176] S4 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288] S4 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288] S4 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152] . =============== Created Last 30 ================ . 2011-08-02 11:28:45 0 ----a-w- c:\documents and settings\office\local settings\application data\xkig.exe 2011-08-02 11:28:45 0 ----a-w- c:\documents and settings\office\local settings\application data\sxdw.exe 2011-08-02 11:28:45 0 ----a-w- c:\documents and settings\all users\application data\yels.exe 2011-08-02 11:28:45 0 ----a-w- c:\documents and settings\all users\application data\peyj.exe 2011-08-02 11:28:44 367104 ----a-w- c:\documents and settings\office\local settings\application data\uta.exe 2011-08-02 11:28:44 0 ----a-w- c:\documents and settings\office\local settings\application data\nsgw.exe 2011-08-02 11:28:44 0 ----a-w- c:\documents and settings\office\local settings\application data\hska.exe 2011-08-02 11:28:44 0 ----a-w- c:\documents and settings\all users\application data\tldj.exe 2011-08-02 11:28:44 0 ----a-w- c:\documents and settings\all users\application data\gjbs.exe 2011-07-31 18:13:04 -------- d-----w- c:\documents and settings\office\WINDOWS 2011-07-31 10:28:06 -------- d-----w- c:\documents and settings\all users\application data\kM01602GjJgF01602 2011-07-30 10:15:04 -------- d-----w- c:\program files\Incomplete 2011-07-30 10:14:14 -------- d-----w- c:\program files\FrostWire 2011-07-30 10:05:47 -------- d-----w- c:\documents and settings\office\local settings\application data\BearShare 2011-07-30 10:05:16 -------- d-----w- c:\program files\BearShare Applications 2011-07-30 10:05:16 -------- d-----w- c:\documents and settings\all users\application data\BearShare 2011-07-30 10:04:50 -------- dc-h--w- c:\documents and settings\all users\application data\{309C802B-A076-4563-B164-B62C0C145153} 2011-07-30 10:02:37 -------- d-----w- c:\documents and settings\office\local settings\application data\Conduit 2011-07-30 09:46:16 -------- d-----w- c:\documents and settings\office\.frostwire5 2011-07-30 06:20:49 -------- d-----w- c:\documents and settings\all users\application data\nL01602FgJlP01602 2011-07-30 06:10:26 177664 ----a-w- c:\windows\Rqysea.exe 2011-07-30 06:10:16 63488 --sha-r- c:\windows\system32\c_10082A.dll 2011-07-30 05:56:19 -------- d-----w- c:\documents and settings\office\local settings\application data\Wide Angle Software 2011-07-30 05:55:04 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-07-30 05:55:04 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-07-30 05:54:11 -------- d-----w- c:\program files\iPod 2011-07-30 05:54:08 -------- d-----w- c:\program files\iTunes 2011-07-30 05:54:08 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-07-30 05:52:37 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-07-30 05:52:37 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll . ==================== Find3M ==================== . 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-23 16:35:46 116224 ----a-w- c:\windows\system32\drivers\507270.sys . ============= FINISH: 7:26:53.59 =============== attach.txt ark.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.