Jump to content

Recommended Posts

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jose at 11:00:41.70 on Sat 01/29/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22ark.zip

============== Running Processes ===============

============== Pseudo HJT Report ===============

[code]

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = https://pccreg.trendmicro.com/15/PCC/150/DataProvider/en-us/htmlTemplate/forgotemail.htm

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=Userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: inSite: {74f6c5a9-0ead-4a71-891e-376a838df1f0} - c:\program files\american express insite\inSiteIE.dll

BHO: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {F997ACBD-1292-4c74-B96B-83BA5665E260} - No File

TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File

TB: inSite: {e8558d71-5e4e-4217-b608-d2f5d3623ae3} - c:\program files\american express insite\inSiteIE.dll

TB: {D79C4ACF-F903-4854-95CA-CDE413AC7E18} - No File

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\jose\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\insite.lnk - c:\program files\american express insite\inSite.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: $talisma_url$

DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - hxxp://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = :\WINDOW

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jose\applic~1\mozilla\firefox\profiles\nuwsnxw3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=

FF - component: c:\documents and settings\jose\application data\mozilla\firefox\profiles\nuwsnxw3.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\jose\application data\mozilla\firefox\profiles\nuwsnxw3.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\jose\application data\mozilla\firefox\profiles\nuwsnxw3.default\extensions\{8ae7fdbb-2d67-40da-a8ab-b8fbbda9c9d5}\components\inSiteFF.dll

FF - plugin: c:\documents and settings\jose\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npyaxmpb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

FF - Ext: inSite(SM) from American Express®: {8ae7fdbb-2d67-40da-a8ab-b8fbbda9c9d5} - %profile%\extensions\{8ae7fdbb-2d67-40da-a8ab-b8fbbda9c9d5}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-01-17 05:03:34 -------- d-----w- c:\docume~1\jose\applic~1\Malwarebytes

2011-01-17 05:03:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-17 05:03:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-17 05:03:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-17 05:03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-14 07:28:05 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-01-14 07:28:05 357968 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-01-14 07:27:59 189904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-01-14 07:27:43 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-01-14 07:27:42 38848 ----a-w- c:\windows\avastSS.scr

2011-01-14 06:42:40 -------- d-----w- c:\windows\LMIE.tmp

2011-01-14 05:22:58 -------- d-----w- c:\windows\LMI3.tmp

2011-01-14 05:11:58 -------- d-----w- c:\windows\LMI2.tmp

2011-01-14 04:53:49 -------- d-----w- c:\windows\LMI1.tmp

2011-01-03 03:32:21 -------- d-----w- c:\program files\American Express inSite

==================== Find3M ====================

2010-12-02 23:21:04 87688 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-12-02 23:20:18 11776 ----a-w- c:\windows\system32\smrgdf.exe

2010-12-02 23:20:10 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-12-02 23:18:28 2234040 ----a-w- c:\windows\system32\Incinerator.dll

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-13 16:40:36 74703 ----a-w- c:\windows\system32\mfc45.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet(5).dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1991680 ----a-w- c:\windows\system32\iertutil(2).dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:26:58 1210880 ----a-w- c:\windows\system32\urlmon(5).dll

2010-11-06 00:26:57 11080704 ----a-w- c:\windows\system32\ieframe(3).dll

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iecark.zip

Attach.zip

Link to post
Share on other sites

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hello, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

FCopy::
c:\windows\ServicePackFiles\i386\olepro32.dll | c:\windows\system32\olepro32.dll
.

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hello, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

FCopy::
c:\windows\ServicePackFiles\i386\olepro32.dll | c:\windows\system32\olepro32.dll
.

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hello, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

FCopy::
c:\windows\ServicePackFiles\i386\olepro32.dll | c:\windows\system32\olepro32.dll
.

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.