Jump to content

Its taken over my PC


Recommended Posts

Note: I am a PC dummie :mellow:

This started in September, I had a Trojan found by melwarebytes, I try ed to delete it and the next thing I know I can not get into PC with out

going through safe mode, As I become frustrated my husband told me to just do a system restore, back to its orig state. Yikes

So I have been trying to get this thing back.

Yesterday and Today..I ran Mal, found a Trojan in the win32/Hostfile . I clicked to delete it and it said it did but its still showing up.

On the last time I run it it said it updated but I don't think It did. Then I get locked out and had to dig around to

find password for the PC.

So now I am here, here is my dds

Any help you could give me would be really appreciated.

DiamondGirl

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 18:35:40 on 2011-10-21

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net/webdirectory

uDefault_Page_URL = hxxp://us10.hpwis.com/

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

uSearch Bar = hxxp://srch-us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Settings,ProxyOverride = localhost

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [RecordNow!]

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [LTMSG] LTMSG.exe 7

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1316829629774

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1316658307437

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A48A7E87-3190-437B-A540-35D06186B163} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cjsl4uia.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - Yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R? avast! Firewall;avast! Firewall

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? cpuz134;cpuz134

R? mrtRate;mrtRate

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? aswFsBlk;aswFsBlk

S? aswFW;avast! TDI Firewall driver

S? aswNdis;avast! Firewall NDIS Filter Service

S? aswNdis2;avast! Firewall Core Firewall Service

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

.

=============== Created Last 30 ================

.

2011-10-20 14:24:31 1611 ----a-w- c:\windows\mvps.bat

2011-10-12 15:55:18 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2011-10-10 02:14:27 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-10-10 02:11:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 02:11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 02:11:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-29 02:33:10 -------- d-----w- c:\windows\tracing

2011-09-29 01:45:36 -------- d-----w- c:\program files\Support Tools

2011-09-29 01:14:14 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-09-27 19:33:23 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-09-27 19:33:07 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-09-27 19:33:03 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-09-27 19:05:34 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-27 02:05:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-27 02:05:18 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-26 23:58:45 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-26 23:58:45 -------- d-----w- c:\windows\Trend Micro

2011-09-26 21:24:31 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic

2011-09-26 21:24:30 -------- d-----w- c:\program files\common files\ParetoLogic

2011-09-26 21:24:30 -------- d-----w- c:\documents and settings\all users\application data\FileCure

2011-09-26 01:05:43 163840 ----a-w- c:\windows\system32\igfxres.dll

2011-09-25 20:34:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-09-25 20:30:02 -------- d-----w- c:\program files\Microsoft

2011-09-25 20:27:17 23510720 ----a-w- c:\program files\common files\windows live\.cache\84a7f5aa1cc7bc1\dotnetfx.exe

2011-09-25 20:22:38 484632 ----a-w- c:\program files\common files\windows live\.cache\de1b90ac1cc7bc0\DXSETUP.exe

2011-09-25 20:22:37 74520 ----a-w- c:\program files\common files\windows live\.cache\de1b90ac1cc7bc0\DSETUP.dll

2011-09-25 20:22:37 1670936 ----a-w- c:\program files\common files\windows live\.cache\de1b90ac1cc7bc0\dsetup32.dll

2011-09-25 20:22:14 1013800 ----a-w- c:\program files\common files\windows live\.cache\d019bfec1cc7bc0\WindowsXP-KB954708-x86-ENU.exe

2011-09-25 18:39:58 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2011-09-25 00:47:42 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2011-09-24 01:55:23 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-24 01:39:41 -------- d-----w- c:\program files\common files\Windows Live

2011-09-24 01:37:25 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-09-24 01:37:07 -------- d-----w- c:\windows\ie8updates

2011-09-24 01:35:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-09-24 01:35:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-09-24 01:35:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-09-24 01:30:30 -------- dc-h--w- c:\windows\ie8

2011-09-24 01:21:32 -------- d-----w- c:\windows\system32\GroupPolicy

2011-09-24 01:19:21 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-24 01:19:21 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-24 01:19:21 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2011-09-24 01:17:24 -------- d-----w- c:\windows\system32\LogFiles

2011-09-23 16:31:10 651144 ----a-w- C:\WindowsServer2003-KB937342-x86-ENU.exe

2011-09-22 20:07:41 -------- d-----w- c:\windows\system32\NtmsData

2011-09-22 14:08:18 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-09-22 14:08:18 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll

2011-09-22 14:08:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-09-22 14:08:18 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll

2011-09-22 14:08:18 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

2011-09-22 14:08:18 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-09-22 14:08:18 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-09-22 14:08:18 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-09-22 12:10:49 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-09-22 12:10:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-09-22 01:41:02 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-09-22 01:40:59 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-09-22 01:40:55 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-09-22 01:40:11 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll

2011-09-22 01:39:59 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-09-22 01:39:23 229888 -c----w- c:\windows\system32\dllcache\fxscover.exe

2011-09-22 01:37:59 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-09-22 01:37:48 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-09-22 01:37:18 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2011-09-22 01:37:07 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-09-22 01:37:07 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-09-22 01:36:40 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-09-22 01:09:14 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2011-09-22 01:08:21 265728 -c----w- c:\windows\system32\dllcache\http.sys

2011-09-22 00:42:42 -------- d-----w- c:\windows\system32\scripting

2011-09-22 00:42:42 -------- d-----w- c:\windows\system32\en

2011-09-22 00:42:42 -------- d-----w- c:\windows\system32\bits

.

==================== Find3M ====================

.

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-25 18:26:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-24 00:22:49 278016 ----a-w- C:\netfx_setupverifier.exe

2011-09-17 23:59:42 0 ----a-w- c:\windows\000001_.tmp

2011-09-17 22:42:45 374888 ----a-w- c:\program files\WindowsServer2003-KB828035-x86-ENU.exe

2011-09-17 02:03:47 1981952 ----a-w- c:\program files\epson11887.exe

2011-09-14 02:23:30 278927592 ----a-w- c:\windows\WindowsXP-KB835935-SP2-ENU.exe

2011-09-14 02:06:05 94560 ----a-w- c:\program files\NETFX4RTM.exe

2011-09-14 02:04:59 889416 ----a-w- C:\dotNetFx40_Full_setup.exe

2011-09-14 01:39:21 5356304 ----a-w- c:\windows\uninst.exe

2011-09-14 01:26:27 827392 ----a-w- c:\windows\system32\FLASH.OCX

2011-09-09 19:23:20 3884 ----a-w- c:\windows\viassary-hp.reg

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 18:38:30.40 ===============

Link to post
Share on other sites

Greetings :)

We don't work on malware removal in this part of the forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.