Tech Support Forum - View Single Post - Cross-Infected Laptop AND GMER.EXE ISSUE

ChicagoIrish · 12-06-2008, 07:36 PM

Hi TetonBob -

Thanks. Below is the Scan; attached is the Attach.

DDS (Version 1.0) - NTFSx86
Run by Owner at 18:29:27.82 on 12/06/08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.30 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Downloads\dds(2).com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\window~3\MpShHook.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" [2008-8-18 468224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-11 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S3 pc100;Linksys EtherFast 10/100 PC Card NT Driver;c:\windows\system32\drivers\pc100nds.sys [2005-5-13 30495]

=============== Created Last 30 ================

2008-12-05 21:46 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-05 21:46 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-05 21:46 <DIR> --d----- c:\program files\iPod
2008-12-05 21:46 <DIR> --d----- c:\program files\iTunes
2008-12-05 21:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 21:45 <DIR> --d----- c:\program files\Bonjour
2008-12-05 19:10 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-12-05 19:05 <DIR> --d----- C:\f6f20ea7eff2db474ec36e43f723b9
2008-12-05 11:26 <DIR> --d----- c:\windows\system32\NtmsData
2008-12-03 18:16 250 a------- c:\windows\gmer.ini
2008-12-02 22:10 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2008-12-02 22:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-02 22:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 22:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-02 22:07 <DIR> --d----- c:\program files\SpywareBlaster
2008-12-02 17:56 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-02 17:56 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-02 17:56 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-02 17:56 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-02 17:56 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-02 17:56 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-02 17:56 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-02 17:56 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-02 17:55 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-02 09:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-02 09:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-02 09:51 <DIR> --d----- c:\program files\Lavasoft
2008-12-02 09:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-02 09:33 <DIR> --d----- c:\docume~1\owner\applic~1\ESET
2008-12-02 09:28 <DIR> --d----- c:\program files\ESET
2008-12-02 09:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2008-12-01 21:13 <DIR> --d----- c:\windows\system32\LogFiles
2008-11-11 16:14 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 16:13 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-10-24 03:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 19:42 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2007-07-19 21:34 502 -------- c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 18:30:14.54 ===============