Thread: Help Request
View Single Post
Old 07-01-2009, 02:26 AM   #1 (permalink)
Canniballistic
Registered User
 
Join Date: Jun 2009
Location: N.S.W., Australia
Posts: 10
OS: XP Service Pack 3


Send a message via MSN to Canniballistic
Help Request
Ok the problem is i got something nasty onto my computer and now its reaking havoc. It seems to be blocking Spybot S&D and Malwarebytes Anti-Malware, redirecting google search results and creating pop-ups in my browser, also it seems to be playing around with other programs but i cant tell for sure.

Aside from Malwarebytes and Spybot S&D im also running C.O.M.O.D.O. but it doesnt seem to be helping to much.

-------------------------------------------------------------------------------------------------------------

DDS (Ver_09-06-26.01) - NTFSx86
Run by Canniballistic at 17:55:59.93 on Wed 01/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.590 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "f:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cannib~1\startm~1\programs\startup\xfire.lnk - f:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - f:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - f:\program files\getright\getright.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-14 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-14 24096]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-14 692496]

=============== Created Last 30 ================

2009-06-30 13:09 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 13:09 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-30 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 13:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-30 12:30 <DIR> --dsh--- c:\documents and settings\canniballistic\IECompatCache
2009-06-29 08:13 <DIR> --dsh--- c:\documents and settings\canniballistic\PrivacIE
2009-06-24 17:48 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-24 17:26 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-06-24 17:26 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-06-24 17:26 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-06-24 17:26 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-06-24 17:26 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-06-24 17:26 8,192 a------- c:\windows\system32\kbdkor.dll
2009-06-24 17:26 6,144 a------- c:\windows\system32\kbd101c.dll
2009-06-24 17:26 5,632 a------- c:\windows\system32\kbd103.dll
2009-06-24 17:25 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-06-24 17:25 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-06-24 17:25 6,144 a------- c:\windows\system32\kbd106.dll
2009-06-24 17:25 6,144 a------- c:\windows\system32\kbd101b.dll
2009-06-16 20:24 4,096 a------- c:\windows\system32\drivers\nocashio.sys
2009-06-16 13:21 <DIR> --dsh--- c:\documents and settings\canniballistic\IETldCache
2009-06-16 13:05 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-16 13:05 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 13:05 <DIR> --d----- c:\windows\ie8updates
2009-06-16 13:05 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-16 13:04 <DIR> -cd-h--- c:\windows\ie8
2009-06-12 08:29 41,808 a------- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2009-07-01 01:01 189,680 a------- c:\windows\system32\PnkBstrB.exe
2009-07-01 00:02 138,672 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-30 12:25 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-06-23 10:42 132,640 a------- c:\windows\system32\drivers\cmdguard.sys
2009-05-26 16:22 22,328 a------- c:\docume~1\cannib~1\applic~1\PnkBstrK.sys
2009-05-26 16:21 682,280 a------- c:\windows\system32\pbsvc.exe
2009-05-21 14:32 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-05-21 14:32 17,212 a------t c:\windows\system32\SIntf32.dll
2009-05-21 14:32 12,067 a------t c:\windows\system32\SIntf16.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-18 20:05 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-15 21:25 168,208 a------- c:\windows\system32\guard32.dll
2009-05-15 21:25 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-14 00:21 217,536 a------- c:\windows\system32\drivers\truecrypt.sys
2009-05-13 15:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 10:50 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 22:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 00:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 15:46 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 17:56:19.75 ===============
Attached Files
File Type: zip Attach.zip (6.0 KB, 2 views)
Canniballistic is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here