AAQueen Posted September 30, 2011 ID:480771 Share Posted September 30, 2011 Hi, this is Jennifer again this is the scan results from one of the laptops.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_17Run by Brenda at 21:05:21 on 2011-09-29Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.901 [GMT -4:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\ZoneLabs\vsmon.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\STacSV.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exeC:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exeC:\Program Files\CheckPoint\ZAForceField\ForceField.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\sdclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.ask.com?o=14196&l=disuURLSearchHooks: Radio TV 1 Toolbar: {f29557fd-78aa-40e6-aba8-9fa219764018} - uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dllmURLSearchHooks: Radio TV 1 Toolbar: {f29557fd-78aa-40e6-aba8-9fa219764018} - mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dllBHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: {f29557fd-78aa-40e6-aba8-9fa219764018} - Radio TV 1 ToolbarTB: Radio TV 1 Toolbar: {f29557fd-78aa-40e6-aba8-9fa219764018} - TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dllTB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dllTB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorunmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exemRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /noguimRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentmPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1 71.252.0.12TCP: Interfaces\{BB407890-42F6-40C6-BBB8-9FCA09AE54A5} : DhcpNameServer = 192.168.1.1 71.252.0.12Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: GoToAssist - c:\program files\citrix\gotoassist\508\G2AWinLogon.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\itwgprzv.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.propertiesFF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dllFF - component: c:\program files\pcpitstop\download nitro\firefox\extension\components\vmsfdmff.dllFF - component: c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\itwgprzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\itwgprzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dllFF - component: c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\itwgprzv.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dllFF - component: c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\itwgprzv.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dllFF - component: c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\itwgprzv.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dllFF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - plugin: c:\users\brenda\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll.---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 16000FF - user.js: browser.chrome.favicons - falesFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.max.tokenizing.time - 3000000FF - user.js: content.maxtextrun - 4095FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 1000000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 1000000FF - user.js: dom.disable_window_status_change - trueFF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 1000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0FF - user.js: general.useragent.extra.brc - .============= SERVICES / DRIVERS ===============.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-12 442200]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-21 320856]R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2008-2-12 1984]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-21 20568]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-21 54616]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-16 42184]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-11-5 26872]R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-3-3 69976]R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-1-6 115312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-3-3 90864]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-11-5 488952]S4 Radialpoint Security Services;Verizon PC Security Checkup Service;c:\program files\verizon\pc security checkup\RpsSecurityAwareR.exe [2009-5-25 170736]S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-18 1153368]S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-15 24652].=============== Created Last 30 ================.2011-09-29 07:00:31 -------- dc----w- C:\ec3537d089ac64d922cc72a1e82011-09-15 11:25:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2011-09-11 16:58:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-09-11 16:58:45 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-09-11 16:58:45 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-09-11 16:58:45 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-09-11 16:58:45 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll2011-09-11 16:58:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll2011-09-11 16:58:45 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-09-11 16:58:45 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-09-11 16:38:47 -------- d-----w- c:\users\brenda\appdata\roaming\SUPERAntiSpyware.com2011-09-11 16:38:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-09-11 16:38:20 -------- d-----w- c:\program files\SUPERAntiSpyware2011-09-11 16:27:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl.==================== Find3M ====================.2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys.============= FINISH: 21:06:37.51 ===============--------------------------------------------------------------------------------------------------------------------------------------ARK.zip--------------------------------------------------------------------------------------------------------------------------------------Attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted October 4, 2011 Staff ID:482189 Share Posted October 4, 2011 Hi and welcome to Malwarebytes.Please describe the symptoms of infection you are experiencing, in detail. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 12, 2011 Root Admin ID:484823 Share Posted October 12, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts