Thread: Ried - PC#2
View Single Post
Old 11-10-2008, 06:42 PM   #1 (permalink)
red_machine
Registered User
 
Join Date: Oct 2008
Location: Minneapolis
Posts: 52
OS: Vista


Ried - PC#2
Ried,
This is my wife's desktop. Her computer has some re-directs, plus the same ads and blocked sites that my laptop was experiencing. Her computer has probably been infected for months...I don't really pay much attention to it - she has a tendency to have more "oops" and "ooohhhh" moments.
Here is the DDS log:

DDS (Version 1.0) - NTFSx86
Run by Steph at 18:55:24.25 on Mon 11/10/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.356 [GMT -6:00]

=============== Created Last 30 ================

2008-11-07 06:32 4,050 a------- c:\windows\system32\tmp.reg
2008-11-06 22:29 <DIR> --d----- c:\docume~1\steph\applic~1\Malwarebytes
2008-11-06 22:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-04 22:20 <DIR> --d----- c:\windows\system32\NtmsData
2008-10-23 11:02 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-10-14 17:27 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-10-14 17:26 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-10-14 17:26 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 17:26 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 17:26 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 17:25 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

================== Find3M ==================

2008-11-10 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-04 22:14 <DIR> --d----- c:\program files\HP
2008-11-04 22:13 <DIR> --d----- c:\docume~1\steph\applic~1\SUPERAntiSpyware.com
2008-11-04 22:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-06 11:26 86,327 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-08-26 01:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-14 04:11 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2008-08-14 03:33 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2008-02-17 21:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-02-02 23:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2008-01-02 15:29 <DIR> --d----- c:\docume~1\steph\applic~1\extensions
2006-11-06 20:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Memories
2006-11-06 20:31 <DIR> --d----- c:\docume~1\steph\applic~1\Creative Memories
2006-04-15 09:19 <DIR> --d----- c:\docume~1\steph\applic~1\GretagMacbeth
2006-04-15 09:16 <DIR> --d----- c:\docume~1\steph\applic~1\Network Associates
2006-04-15 07:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Network Associates
2006-04-15 00:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Windows Genuine Advantage
2006-04-14 23:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nView_Profiles

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
TB: {F2CF5485-4E02-4F68-819C-B92DE9277049} - c:\windows\system32\ieframe.dll
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [McAfeeFireTray] c:\program files\network associates\mcafee desktop firewall for windows xp\Firetray.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin wireless utility.lnk - c:\program files\belkin\pci f5d7000\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logo calibration loader.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photo loader supervisory.lnk - c:\program files\casio\photo loader\Plauto.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\profilereminder.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - c:\windows\system32\msvidctl.dll
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - c:\progra~1\common~1\micros~1\webcom~1\10\OWC10.DLL
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - c:\progra~1\common~1\micros~1\webcom~1\11\OWC11.DLL
SSODL: {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll

============= SERVICES / DRIVERS ==============

R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\eyeonedp.sys
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.SYS

============= FINISH: 18:55:54.50 ===============
Attached Files
File Type: txt Attach.txt (13.3 KB, 1 views)
File Type: txt gmer.txt (4.4 KB, 1 views)
red_machine is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here