Thread: Spyware Infection
View Single Post
Old 11-11-2008, 09:47 AM   #1 (permalink)
coug1984
Registered User
 
Join Date: Jul 2008
Posts: 59
OS: XP sp3


Spyware Infection
Hello,
The last time I used your service, it was for a friend. This time, my son was playing an online game and completely locked up my machine. After running a couple antivirus programs in safe mode as I was unable to boot up in normal mode, I was able to start up in normal mode. I am getting a tray window popping up saying my computer is infected with spyware and to click the window to download "special" tools to prevent data loss. I have not done this as I believe this is all part of the Malware. I have tried to download GMER form numerous sites, but the program will not run. I was able to download DDS and run it and get the two reports. I have attached these. Thanks in advance for your help.
Coug

DDS (Version 1.0) - NTFSx86
Run by John at 8:21:23.17 on Tue 11/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.567 [GMT -8:00]

=============== Created Last 30 ================

2008-11-11 07:42 5,120 a------- c:\windows\brastk.exe
2008-11-11 07:24 32,768 a------- c:\windows\system32\drivers\ati3isxx.sys
2008-11-10 22:23 32,768 a------- c:\windows\system32\drivers\ati3fsxx.sys
2008-11-10 22:18 32,768 a------- c:\windows\system32\drivers\ati6yhxx.sys
2008-11-10 21:20 125,883 a------- c:\windows\system32\wini108023.exe
2008-11-10 21:19 32,768 a------- c:\windows\system32\drivers\ati8rmxx.sys
2008-11-10 21:19 6,144 a------- c:\windows\system32\karna.dat
2008-11-10 21:19 6,144 a------- c:\windows\karna.dat
2008-11-10 21:16 23,040 a------- c:\windows\system32\dllcache\beep.sys
2008-11-10 21:16 114 a------- c:\windows\system32\delself.bat
2008-11-10 21:16 5,120 a------- c:\windows\system32\brastk.exe
2008-11-10 21:11 3,352 a------- c:\windows\system32\TDSSnjvt.dll
2008-11-10 21:11 73,728 a------- c:\windows\system32\TDSSklfy.dll
2008-11-10 21:11 31,232 a------- c:\windows\system32\TDSSoiwg.dll
2008-11-10 21:11 29,696 a------- c:\windows\system32\TDSSwrln.dll
2008-11-10 21:11 527 a------- c:\windows\system32\TDSSrpnv.dat
2008-11-10 21:11 35,840 a------- c:\windows\system32\TDSSarju.dll
2008-11-10 21:11 60,416 a------- c:\windows\system32\drivers\TDSSgfqw.sys
2008-11-10 21:10 2 a------- C:\-598491797
2008-11-10 21:09 <DIR> --d----- c:\temp\PRE45
2008-10-23 18:22 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 16:48 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-10-14 16:47 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 16:47 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:47 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 16:47 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:47 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe

================== Find3M ==================

2008-11-11 08:14 <DIR> --d----- c:\docume~1\john\applic~1\DNA
2008-11-11 07:42 <DIR> --d----- c:\program files\FirstClass
2008-10-04 07:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FirstClass
2008-10-02 20:31 <DIR> --d----- c:\docume~1\john\applic~1\ZoomBrowser EX
2008-10-02 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2008-09-15 14:46 <DIR> --d----- c:\program files\DNA
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-07 17:24 <DIR> --d----- c:\docume~1\john\applic~1\BitTorrent
2008-09-07 13:03 <DIR> --d----- c:\docume~1\john\applic~1\StumbleUpon
2008-09-01 19:40 89,343 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-08-19 21:30 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-19 21:30 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-08-19 21:30 666,112 a------- c:\windows\system32\wininet.dll
2008-08-19 21:30 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-08-19 21:30 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-08-14 02:09 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2008-08-14 02:04 138,496 -------- c:\windows\system32\dllcache\afd.sys
2008-08-14 01:33 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2008-07-12 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-06-16 15:30 <DIR> --d----- c:\docume~1\john\applic~1\Move Networks
2008-05-15 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell
2008-02-28 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2008-01-31 06:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SupportSoft
2007-12-03 17:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McNeel
2007-10-23 20:17 <DIR> --d----- c:\docume~1\john\applic~1\AVS4YOU
2007-10-23 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2007-09-07 05:57 <DIR> --d----- c:\docume~1\john\applic~1\Smart Panel
2007-09-01 06:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2007-07-04 13:08 <DIR> --d----- c:\docume~1\john\applic~1\Snapfish
2007-02-10 20:56 <DIR> --d----- c:\docume~1\john\applic~1\FunWebProducts
2007-02-08 20:29 <DIR> --d----- c:\docume~1\john\applic~1\Viewpoint
2006-11-30 14:47 <DIR> --d----- c:\docume~1\john\applic~1\MySpace
2006-10-10 20:51 <DIR> --d----- c:\docume~1\john\applic~1\iMesh
2006-08-29 14:30 <DIR> --d----- c:\docume~1\john\applic~1\EBookSys
2006-08-08 19:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2006-07-27 21:32 <DIR> --d----- c:\docume~1\john\applic~1\Corel Photo Album
2006-07-17 21:14 <DIR> --d----- c:\docume~1\john\applic~1\Symantec
2006-07-17 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Labs
2007-07-25 07:54 88 ---shr-- c:\windows\system32\E5BA678971.sys
2007-07-25 07:54 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [EPSON Stylus CX5400] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
mRun: [iRiver Updater] \Updater.exe
mRun: [Auto EPSON Stylus CX5400 on VAIO] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2g1.exe /p32 "auto epson stylus cx5400 on vaio" /o14 "\\vaio\Printer" /M "Stylus CX5400"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
StartupFolder: c:\docume~1\john\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: InstallVisualStyle = c:\windows\resources\themes\royale\Royale.msstyles
mPolicies-system: InstallTheme = c:\windows\resources\themes\Royale.theme
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm021YYUS
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/html - {db1c43c3-bd93-4815-8e63-106b989dd4ef} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui -igfxdev.dll
AppInit_DLLs: karna.dat
SSODL: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ==============

R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\drivers\wg11tnd5.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.sys
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\ATHFMWDL.sys

============= FINISH: 8:22:00.92 ===============
Attached Files
File Type: txt Attach.txt (19.9 KB, 2 views)
coug1984 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here