pinhead Posted May 13, 2010 ID:249126 Share Posted May 13, 2010 DDS (Ver_10-03-17.01) - NTFSx86 Run by USER at 17:07:55.65 on Wed 05/12/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.614 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\writefor\adsi_web\bin\apache.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\writefor\adsi_web\mysql\bin\mysqld.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exeC:\writefor\adsi_web\mail\bin\XMail.exeC:\writefor\adsi_web\bin\apache.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\USER\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.wndu.com/uSearch Bar = hxxp://www.google.com/ieuDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=usuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}uInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB: {A057A204-BACC-4D26-9990-79A187E2698E} - No FileuRun: [Dyuyewehapaximib] rundll32.exe "c:\windows\dmp2cl.dll",StartupmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessIE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTMIE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTMIE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTMIE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTMIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CABDPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Authentication Packages = msv1_0 wvauth================= FIREFOX ===================FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\d527dics.default\FF - prefs.js: browser.startup.homepage - hxxp://www.crossfit.comFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R2 XMail;Apache2Triad Xmail Service;c:\writefor\adsi_web\mail\bin\xmail.exe [2006-9-21 339968]S0 smbkqzic;smbkqzic; [x]S2 gupdate1c9d74f5bbac5c8;Google Update Service (gupdate1c9d74f5bbac5c8);c:\program files\google\update\GoogleUpdate.exe [2009-5-17 133104]S2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\writefor\adsi_web\ftp\SlimFTPd.exe [2006-9-21 74240]S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\writefor\adsi_web\bin\apache.exe [2006-9-21 20537]S3 HHPCDC;HHPCDC;c:\windows\system32\drivers\hhpcdc.sys [2009-7-24 89728]S3 PgSql;Apache2Triad PostgreSQL Service;c:\writefor\adsi_web\pgsql\bin\pg_ctl.exe [2006-9-21 67062]=============== Created Last 30 ================2010-05-12 20:55:51 0 ----a-w- c:\documents and settings\user\defogger_reenable2010-05-12 01:22:10 0 d-----w- c:\windows\system32\appmgmt2010-05-10 19:55:24 704 ----a-w- c:\windows\elacevezuyoca.dll2010-05-10 01:06:20 40960 ---ha-w- c:\windows\system32\cmmosrss.dll2010-05-10 01:05:55 20 ----a-w- c:\docume~1\user\applic~1\qvjsge.dat2010-05-02 23:54:18 0 d-----w- C:\Temp2010-04-16 05:28:00 0 d-----w- c:\program files\Auslogics==================== Find3M ====================2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll2008-09-23 01:57:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat============= FINISH: 17:08:23.53 ===============ark.zip Link to post Share on other sites More sharing options...
kahdah Posted May 14, 2010 ID:249851 Share Posted May 14, 2010 Hello pinheadWelcome to Malwarebytes.=====================Please rerun gmer and post the log please the one you posted has nothing but the header in it. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 22, 2010 ID:254213 Share Posted May 22, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts