Tech Support Forum - View Single Post - Same Ads in different websites, possible spyware

MnR11 · 12-18-2008, 11:59 AM

Quote:

Originally Posted by Angelfire777

Hi, welcome to TSF!

Before we continue, please follow the instructions presented in this thread: http://www.techsupportforum.com/secu...oval-help.html then post the requested logs.

Thanks for your reply. i have made the logs. Hope this helps

DDS (Version 1.1.0) - NTFSx86
Run by Mounir at 19:17:37,46 on do 18-12-2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.322 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Documents and Settings\Mounir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Mounir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Mounir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mounir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mounir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mounir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mounir\Mijn documenten\Downloads\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = www.google.nl
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Reaper Gaming Mouse] c:\progra~1\ideazon\reaper\Reaper_Settings.exe
uRun: [Google Update] "c:\documents and settings\mounir\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\mounir\menust~1\progra~1\opstar~1\hamachi.lnk - c:\program files\hamachi\hamachi.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mounir\applic~1\mozilla\firefox\profiles\txet5z8l.default\
FF - plugin: c:\documents and settings\mounir\application data\mozilla\firefox\profiles\txet5z8l.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-4-8 17952]
R2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" [2008-7-1 468224]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-29 47640]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992]
R3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
S2 dnscon;DNS Connection;c:\windows\system32\svchost.exe -k LocalServices [2004-8-4 14336]
S2 NetManager;Network Manager Service;c:\windows\system32\svchost.exe -k netm [2004-8-4 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2001-9-7 3584]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; []

=============== Created Last 30 ================

2008-12-15 20:57 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2008-12-02 12:34 <DIR> --d----- c:\program files\Trend Micro
2008-12-01 14:42 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2008-12-01 14:42 568 a---h--- c:\windows\nod32fixtemdono.reg
2008-12-01 14:42 <DIR> --d----- c:\docume~1\mounir\applic~1\ESET
2008-12-01 14:40 <DIR> --d----- c:\program files\ESET
2008-11-26 00:44 80 a------- C:\bootdelete.lst
2008-11-25 15:02 224,016 a------- c:\windows\system32\TabCtl32.ocx
2008-11-25 15:02 <DIR> --d----- c:\program files\GTASACenter
2008-11-25 14:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro
2008-11-25 14:40 <DIR> --d----- c:\program files\Hitman Pro 3
2008-11-25 14:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro 3
2008-11-24 20:26 <DIR> --d----- c:\program files\PC Satellite TV
2008-11-24 19:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-24 17:26 <DIR> --d----- c:\docume~1\mounir\applic~1\Xfire
2008-11-24 17:25 <DIR> --d----- c:\program files\Xfire
2008-11-20 21:44 42,320 a------- c:\windows\system32\xfcodec.dll
2008-11-20 10:53 <DIR> --d----- c:\docume~1\mounir\applic~1\Ideazon
2008-11-20 10:51 <DIR> --d----- c:\program files\Ideazon

==================== Find3M ====================

2008-12-02 12:46 513,746 a------- c:\windows\system32\perfh013.dat
2008-12-02 12:46 92,824 a------- c:\windows\system32\perfc013.dat
2008-11-12 14:17 98,304 a------- c:\windows\DUMP700f.tmp
2008-11-10 15:41 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2008-11-10 15:41 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2008-11-10 15:41 28,984 a------- c:\windows\system32\LMIport.dll
2008-11-10 15:41 87,352 a------- c:\windows\system32\LMIinit.dll
2008-11-10 15:41 23,736 a------- c:\windows\system32\lmimirr.dll
2008-11-10 15:41 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-24 12:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:43 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:50 827,904 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 11:05 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 00:46 81,920 a------- c:\windows\system32\frapsvid.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-05-21 08:07 1,914 a------- c:\docume~1\mounir\applic~1\SAS7_000.DAT
2008-05-08 20:38 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-05-08 20:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\index.dat
2008-05-08 20:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008050820080509\index.dat
2008-05-08 20:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 19:18:20,81 ===============