Antonietta

Hi, have figured out how to post. :) Followed instructions on "First Steps". Copied the DDS below and will attempt to load the other 2 files you need. Please have patients with me for i am not computer savy. :) Your assistance in this matter is greatly appreciated.

When I surf the internet i've been redirected to other pages and web pages have been opening up on their own. I hear commercials on my computer but have no idea where they're coming from. Short of disableing the internet they won't stop. Scaned and did the anti-spyware scan. Computer deleted and quarantined any possible threat but nothings changed and when the computer scans again there's not threat. I also deleted history and cookies mulitple times.

PS. When i followed your steps (the first time) the scan said there was an error and had to shut down. The second time it worked. Don't know if that's helpful?

Antonietta


DDS (Ver_09-05-14.01) - NTFSx86
Run by Spinelli at 17:57:05.51 on Fri 06/19/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.57 [GMT -4:00]

AV: Rogers Online Protection Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Rogers Online Protection Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\Spinelli\LOCALS~1\Temp\b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Spinelli\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\rogers online protection\rogers online protection\pkR.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [SHS] "c:\program files\rogers\selfhealing\SHS.exe" /background
uRun: [Cognac] c:\docume~1\spinelli\locals~1\temp\b.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [IndexCleaner] "c:\program files\rogers online protection\rogers online protection\IdxClnR.exe"
mRun: [LogitechVideoRepair] C:\ISStart.exe
mRun: [HbTools] c:\program files\hbtools\bin\4.7.1.0\HbtOEAddOn.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRunOnce: [IndexCleaner] "c:\program files\rogers online protection\rogers online protection\IdxClnR.exe"
StartupFolder: c:\docume~1\spinelli\startm~1\programs\startup\websho~1.lnk - c:\program files\webshots\Launcher.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: adecco.com\ak3.xpert
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
Notify: OpinionSquare - c:\windows\system32\opls.dll
AppInit_DLLs: c:\windows\system32\opai.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spinelli\applic~1\mozilla\firefox\profiles\gmeql2bo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-6-18 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-6-18 196368]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-22 55152]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 Radialpoint Security Services;Rogers Online Protection;c:\program files\rogers online protection\rogers online protection\RpsSecurityAwareR.exe [2009-2-27 97520]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-8 13352]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-8 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-8 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-8 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-8 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-8 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-8 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-8 110120]

=============== Created Last 30 ================

2009-06-18 17:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-06-18 16:40 3,567,904 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-18 16:40 38,804 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-18 16:40 31,776 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-18 16:40 2,660 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-18 16:37 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-06-18 16:36 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-06-18 16:36 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-06-18 16:35 <DIR> --d----- c:\program files\Raxco
2009-06-18 15:58 <DIR> --d----- c:\docume~1\spinelli\applic~1\Rogers Online Protection
2009-06-18 15:58 <DIR> --d----- c:\program files\Rogers Online Protection
2009-06-18 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rogers Online Protection
2009-06-18 14:13 122,372 a------- c:\windows\msb.exe
2009-06-18 11:12 122,372 a------- c:\windows\msa.exe
2009-06-18 11:11 206,852 a------- c:\windows\system32\msxml71.dll
2009-06-17 18:22 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-17 18:22 <DIR> --d----- c:\program files\Digital Line Detect
2009-06-17 18:20 <DIR> --d----- C:\Seagate temp
2009-06-17 18:20 <DIR> --d----- C:\Maxtor temp
2009-06-17 18:20 <DIR> --d----- c:\program files\NCH Swift Sound
2009-06-17 18:20 <DIR> --d----- c:\program files\NCH Software
2009-06-17 18:20 <DIR> --d----- c:\program files\MUSICMATCH
2009-06-17 18:20 <DIR> --d----- c:\docume~1\spinelli\applic~1\McAfee
2009-06-15 19:35 3,246 a------- c:\windows\system32\wbem\Outlook_01c9ee11ea1d316a.mof
2009-06-12 19:32 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-06-12 17:35 <DIR> --d----- c:\program files\MSECache
2009-06-12 13:47 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-12 13:45 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-12 13:45 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-12 13:45 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-12 13:45 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-12 13:45 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-12 13:45 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-12 13:45 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-12 13:45 <DIR> --d----- C:\e66f5e14b04d1e65a34d6f951fdb31
2009-06-09 17:54 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 17:54 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-05-30 14:00 <DIR> --dsh--- c:\documents and settings\spinelli\IECompatCache
2009-05-30 13:59 <DIR> --dsh--- c:\documents and settings\spinelli\PrivacIE
2009-05-30 13:28 <DIR> --dsh--- c:\documents and settings\spinelli\IETldCache
2009-05-30 13:20 <DIR> --d----- C:\a6c06524bd322080dff38a846441ed
2009-05-30 13:19 <DIR> --d----- C:\c5504d6ad3873713772b3d1beeac
2009-05-30 13:15 <DIR> --d----- c:\windows\ie8updates
2009-05-30 13:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-30 13:01 <DIR> -cd-h--- c:\windows\ie8
2009-05-30 11:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2009-05-29 12:33 <DIR> --d----- c:\program files\Seagate
2009-05-29 07:34 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-24 15:06 5,174,608 a------- C:\MsgPlusLive-481.exe
2008-11-09 19:34 87,608 ac------ c:\docume~1\spinelli\applic~1\inst.exe
2008-11-09 19:34 47,360 ac------ c:\docume~1\spinelli\applic~1\pcouffin.sys
2008-11-08 14:10 27,709,704 a------- c:\program files\Update_Service_Setup-2.8.5.12.exe
2006-07-22 21:08 13,130,032 ac------ c:\documents and settings\spinelli\IE7BETA3-WindowsXP-x86-enu.exe
2006-07-14 09:57 15,272,744 ac------ c:\documents and settings\spinelli\Install_Messenger_nous.exe
2009-03-20 17:48 104 -c-shr-- c:\windows\system32\A5F25BD1F9.sys
2009-03-20 17:49 4,184 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 11:07 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
2009-06-19 17:58 3,571,488 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 17:59:04.12 ===============

Attached Files

	Attach.zip (4.4 KB, 1 views)
	ark.zip (1.0 KB, 2 views)

Angelfire777

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Antonietta

Hey Thank you so much for your reply and time. I have solved my problem. This has been very informative for me. A pretty good experience. Sounds weird but honestly it was great!!

Antonietta

Oh and could you send this to the closed section? I don't know how that's done. :)

Angelfire777

Did you solve this through combofix? Please show me the logs that I am asking for .. We are not done cleaning yet and you risk infecting the machine again with what may have been left there.. Take note that if you do come again after this is closed, it is less likely that you will be helped.