|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-05-2009, 01:09 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 4
OS: xp
|
computer infected (logs)
hello
as i was advised, i have run the log and here is the dds one, the others are attached to this msg DDS (Ver_09-10-26.01) - NTFSx86 NETWORK Run by sameer at 12:31:25.18 on 05/11/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.732 [GMT 5.5:30] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: avast! antivirus 4.8.1356 [VPS 091104-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\sameer\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.in/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoResolveTrack = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254038718265 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-2 206256] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-2 114768] S1 is-4A88Bdrv;is-4A88Bdrv;c:\windows\system32\drivers\22620688.sys [2009-11-2 148496] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-2 20560] S2 gupdate1ca3f4da97f0aec;Google Update Service (gupdate1ca3f4da97f0aec);c:\program files\google\update\GoogleUpdate.exe [2009-9-27 133104] S2 ZeroVProtect;Zero-V AntiVirus Protection;d:\net protector 2009\zvscan\zvmonnt.exe --> d:\net protector 2009\zvscan\ZVMonNT.exe [?] S2 ZVONLINE;ZVONLINE;\??\d:\net protector 2009\zvscan\zvonline.sys --> d:\net protector 2009\zvscan\ZVONLINE.SYS [?] S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-9-1 14336] S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2009-11-2 348824] =============== Created Last 30 ================ 2009-11-05 06:30:09 0 d-----w- C:\ComboFix 2009-11-05 06:28:12 98816 ----a-w- c:\windows\sed.exe 2009-11-05 06:28:12 77312 ----a-w- c:\windows\MBR.exe 2009-11-05 06:28:12 267264 ----a-w- c:\windows\PEV.exe 2009-11-05 06:28:12 161792 ----a-w- c:\windows\SWREG.exe 2009-11-04 14:08:39 0 d-----w- c:\docume~1\sameer\applic~1\TeamViewer 2009-11-04 14:08:32 0 d-----w- c:\program files\TeamViewer 2009-11-04 14:07:53 0 d-----w- c:\documents and settings\sameer\temp 2009-11-03 15:45:24 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-11-03 15:45:24 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2009-11-03 13:35:52 42 ----a-w- c:\windows\system32\RegistryEasy.lie 2009-11-03 13:25:46 0 d-----w- c:\docume~1\sameer\applic~1\IObit 2009-11-02 18:21:02 0 d-----w- C:\ZVdefs 2009-11-02 16:50:01 39901216 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-02 16:50:01 359156 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-02 16:37:14 148496 ------w- c:\windows\system32\drivers\22620688.sys 2009-11-02 16:13:59 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-02 16:13:54 86888 ------w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-02 16:13:54 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-11-02 16:13:54 206256 ------w- c:\windows\system32\drivers\PCTCore.sys 2009-11-02 16:13:49 0 d-----w- c:\program files\common files\PC Tools 2009-11-02 16:13:48 64392 ------w- c:\windows\system32\drivers\pctplsg.sys 2009-11-02 16:13:44 0 d-----w- c:\docume~1\sameer\applic~1\PC Tools 2009-11-02 16:13:44 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2009-11-02 15:54:43 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-11-02 15:54:43 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-11-02 15:54:43 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-11-02 15:54:43 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-11-02 15:54:43 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-11-02 15:54:42 0 d-----w- c:\docume~1\sameer\applic~1\Simply Super Software 2009-11-02 15:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-11-02 14:59:25 4716 ------w- c:\windows\gdrv.sys 2009-11-02 04:38:36 268648 ----a-w- c:\windows\system32\MUCLTUI.DLL.OSF 2009-11-01 19:23:18 215920 ----a-w- c:\windows\system32\muweb.dll 2009-11-01 16:25:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Net Protector 2009-11-01 11:41:36 3739 ----a-w- c:\windows\imsins.BAK 2009-11-01 11:40:58 327168 ------w- c:\windows\IsUninst.exe 2009-11-01 07:11:35 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-11-01 07:11:29 0 d-----w- c:\docume~1\sameer\applic~1\SUPERAntiSpyware.com 2009-11-01 06  13 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2009-11-01 05:54:22 0 d-----w- c:\docume~1\sameer\applic~1\Malwarebytes 2009-11-01 05:54:18 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 05:54:17 19160 ------w- c:\windows\system32\drivers\mbam.sys 2009-11-01 05:54:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-31 07:42:25 0 d-----w- c:\windows\system32\ReinstallBackups 2009-10-31 07:42:13 0 d-----w- c:\program files\Yahoo! 2009-10-31 06:30:35 274 ----a-w- c:\windows\spydb.dat 2009-10-31 06:02:38 2577 ----a-w- C:\Config.NT 2009-10-31 06:02:38 1688 ----a-w- C:\Autoexec.NT 2009-10-31 05:46:06 0 d-----w- c:\windows\NPReg 2009-10-31 05:46:02 0 d-----w- c:\docume~1\alluse~1\applic~1\IFD 2009-10-31 05:32:59 295514 ----a-w- c:\windows\VB6.OLB 2009-10-31 05:32:59 16896 ----a-w- c:\windows\STDOLE2.TLB 2009-10-31 05:32:59 147512 ----a-w- c:\windows\SCRRUN.DLL 2009-10-31 05:32:59 135171 ----a-w- c:\windows\UCE.ocx 2009-10-31 05:32:59 10 ----a-w- c:\windows\cbid32.dll 2009-10-17 15:35:32 0 d-----w- c:\windows\system32\appmgmt 2009-10-13 17:11:41 0 d-----w- c:\docume~1\sameer\applic~1\Free&Easy Font Viewer 2009-10-08 15:08:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-08 15:08:10 0 d-----w- c:\program files\Bonjour 2009-10-07 09:12:23 25600 -c----w- c:\windows\system32\dllcache\usbser.sys 2009-10-07 09:12:23 25600 ------w- c:\windows\system32\drivers\usbser.sys 2009-10-07 09:12:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-10-07 09:12:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-10-07 09:11:55 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-10-07 09:10:45 0 d-----w- c:\program files\common files\PCSuite 2009-10-07 09:10:39 0 d-----w- c:\program files\common files\Nokia 2009-10-07 09:10:32 18816 ------w- c:\windows\system32\drivers\pccsmcfd.sys 2009-10-07 09:10:27 0 d-----w- c:\program files\PC Connectivity Solution 2009-10-07 09:10:22 7808 ------w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-10-07 09:10:21 7808 ------w- c:\windows\system32\drivers\usbser_lowerflt.sys 2009-10-07 09:10:21 22016 ------w- c:\windows\system32\drivers\ccdcmbo.sys 2009-10-07 09:10:19 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll 2009-10-07 09:10:19 17664 ------w- c:\windows\system32\drivers\ccdcmb.sys 2009-10-07 09:10:19 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2009-10-07 09:10:03 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-10-07 09:10:02 0 d-----w- c:\program files\Nokia 2009-10-07 08:12:50 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-07 08:12:50 411368 ----a-w- c:\windows\system32\deploytk.dll ==================== Find3M ==================== 2009-10-13 16:53:40 57588 ----a-w- c:\windows\fonts\K010.TTF 2009-10-12 09:37:44 48164 ----a-w- c:\windows\fonts\Shusha.ttf 2009-09-30 08:14:33 150164 ----a-w- c:\windows\hpwins05.dat 2009-09-29 18:19:06 2146304 ------w- c:\windows\system32\GPhotos.scr 2009-09-26 15:29:24 315392 ------w- c:\windows\HideWin.exe 2009-09-26 15:20:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-23 21:00:38 922112 ------w- c:\windows\system32\imapi2fs.dll 2009-08-23 21:00:38 426496 ------w- c:\windows\system32\imapi2.dll ============= FINISH: 12:31:51.01 =============== thanks again for your help |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-07-2009, 12:37 PM
|
#2 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home
|
Re: computer infected (logs)
As I see this issue is being addressed at another forum, this topic is closed.
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help Quote:
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
| Thread Tools | |
|
|
