Thread: Adware infection help needed
View Single Post
Old 12-01-2008, 08:04 PM   #1 (permalink)
basskiller
Registered User
 
Join Date: Dec 2008
Posts: 14
OS: XP


Adware infection help needed
Any help would be greatly appreciated
after running spysweeper, it found
Adware found: webdir
Adware found: brilliant digital
I'm getting popup like crazy. Plus the "your computer is infected" ballon
also.. computer is running seiously slow now

DDS (Version 1.0) - NTFSx86
Run by Owner at 21:36:02.10 on Mon 12/01/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.99 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
"C:\WINDOWS\system32\drivers\svchost.exe"
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {2793B8E2-28D1-4C49-91F2-C96F749CA9D6} - c:\windows\system32\pmnoLebX.dll
BHO: {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\cbXQgheF.dll
BHO: {b429db82-b049-44a0-ae24-856bf1a8d90b} - c:\windows\system32\fhxbzp.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [readericon] "c:\program files\digital media reader\readericon45G.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] "c:\program files\mcafee.com\vso\oasclnt.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] "c:\progra~1\mcafee\spamki~1\MSKDetct.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [c450d3e9] rundll32.exe "c:\windows\system32\gkduhjqs.dll",b
dRun: [Power2GoExpress] NA
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: cbXQgheF - cbXQgheF.dll
AppInit_DLLs: fhxbzp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\cbXQgheF.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnoLebX

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-28 24652]

=============== Created Last 30 ================

2008-12-01 20:03 250 a------- c:\windows\gmer.ini
2008-12-01 00:26 129,024 a------- c:\windows\system32\fhxbzp.dll
2008-12-01 00:26 129,024 a------- c:\windows\system32\iifjbolc.dll
2008-12-01 00:25 1,342,962 ---sh--- c:\windows\system32\sqjhudkg.ini
2008-12-01 00:25 72,704 a------- c:\windows\system32\gkduhjqs.dll
2008-11-30 23:50 129,024 a------- c:\windows\system32\wotrfk(2).dll
2008-11-30 23:49 872,944 a--sh--- c:\windows\system32\XbeLonmp.ini2
2008-11-30 23:49 872,944 a--sh--- c:\windows\system32\XbeLonmp.ini
2008-11-30 23:49 318,464 a------- c:\windows\system32\pmnoLebX.dll
2008-11-30 23:44 25,600 a------- c:\windows\system32\pmnoLdbA.dll
2008-11-30 23:44 25,600 a------- c:\windows\system32\cbXQgheF.dll
2008-11-30 23:39 22,528 a------- c:\windows\system32\digeste.dll
2008-11-30 23:39 22,528 a------- c:\documents and settings\owner\~.exe
2008-11-23 04:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\channels
2008-11-20 17:28 <DIR> --d----- c:\program files\UnRar for Windows
2008-11-20 14:36 <DIR> --d----- c:\docume~1\owner\applic~1\Free Sound Recorder
2008-11-20 14:36 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2008-11-20 14:36 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2008-11-20 14:36 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2008-11-20 14:36 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2008-11-20 14:36 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2008-11-20 14:36 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2008-11-20 14:36 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2008-11-20 14:36 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2008-11-20 14:36 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2008-11-20 14:36 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2008-11-20 14:36 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2008-11-20 14:36 <DIR> --d----- c:\program files\Free Sound Recorder
2008-11-15 15:21 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-11-15 15:21 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-11-15 15:21 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-15 15:21 87,040 a------- c:\windows\system32\wiafbdrv.dll
2008-11-15 15:21 69,632 a------- c:\windows\system32\lxbkscin.dll
2008-11-15 15:21 <DIR> --d----- c:\program files\Lexmark X1100 Series

==================== Find3M ====================

2008-12-01 20:12 <DIR> --d----- c:\program files\Puppy Luv
2008-12-01 01:12 <DIR> --d----- c:\program files\FTP Commander
2008-11-05 06:56 <DIR> --d----- c:\program files\DivX
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-25 03:03 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-25 03:03 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-25 03:03 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-25 03:03 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-25 03:03 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-25 03:03 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-25 03:03 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-25 03:03 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-25 03:03 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-25 03:03 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 16:57 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-19 16:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-19 16:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-19 16:54 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-17 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-10 02:07 <DIR> --d----- c:\docume~1\owner\applic~1\DNA
2008-09-06 12:54 <DIR> --d----- c:\docume~1\owner\applic~1\CVS
2008-09-04 11:42 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-07 23:27 <DIR> --d----- c:\docume~1\owner\applic~1\Thinstall
2008-05-11 08:36 <DIR> --d----- c:\docume~1\owner\applic~1\McAfee.com Personal Firewall
2008-04-27 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2008-01-14 20:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\HipSoft
2008-01-14 19:33 <DIR> --d----- c:\docume~1\owner\applic~1\Jane s Hotel
2008-01-11 16:10 <DIR> --d----- c:\docume~1\owner\applic~1\PlayFirst
2008-01-07 19:01 <DIR> --d----- c:\docume~1\owner\applic~1\FunWebProducts
2007-12-20 18:49 <DIR> --d----- c:\docume~1\owner\applic~1\Viewpoint
2007-10-28 14:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-09-24 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2007-09-24 16:23 <DIR> --d----- c:\docume~1\owner\applic~1\AOL
2007-02-02 20:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2007-02-02 18:29 <DIR> --d----- c:\docume~1\owner\applic~1\You've Got Pictures Screensaver
2007-02-02 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2008-08-29 11:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 21:37:13.40 ===============
Attached Files
File Type: txt GAMER.TXT (25.0 KB, 1 views)
File Type: zip Attach.zip (3.6 KB, 3 views)
Last edited by basskiller; 12-01-2008 at 08:10 PM.
basskiller is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here