Tech Support Forum banner
Not open for further replies.
1 - 4 of 4 Posts

8 Posts
Discussion Starter · #1 ·

I seem to have new problems on my computer. I can't get my antispyware to update or scan, and I cannot restore my system to a previous date. The antivirus caught two intrusions, but I feel there might be something else lurking in there, because my internet explorer keeps being redirected to annoying ads whenever I research something.

Well, without further words, here are the reports of the scans, as per your instructions like last time... =.=

DDS (Ver_10-03-17.01) - NTFSx86
Run by Shawnee at 16:35:59.85 on 15/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2431.1815 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Shawnee\Local Settings\Temporary Internet Files\Content.IE5\L4LB7XOR\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:[email protected]?subject=Weather Snapshot&body=Enter a description and don't forget to attach your photo!
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\shawnee\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
TCP: NameServer =,
TCP: {9D6F330F-C0F9-4BCE-8B6B-E9DB2D118021} =,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-13 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-6 532224]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-1-6 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-13 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-13 60936]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-8-11 29184]

=============== Created Last 30 ================

2010-09-10 18:19:59 468 ----a-w- c:\program files\09201014195951.bat
2010-09-10 17:19:08 0 d-----w- c:\docume~1\shawnee\applic~1\Flood Light Games
2010-09-10 17:19:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Flood Light Games
2010-09-10 17:17:11 0 d-----w- c:\program files\I-play Games
2010-08-29 17:57:35 1089593 -c----w- c:\windows\system32\dllcache\
2010-08-29 03:03:24 0 d-----w- c:\windows\system32\XPSViewer
2010-08-29 03:02:42 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-29 03:02:42 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-29 03:02:42 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-29 03:02:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-29 03:02:42 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-29 03:02:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-29 03:02:42 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-29 03:02:42 0 d-----w- C:\4b32585e705e8b0854370f49
2010-08-29 00:00:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-28 20:42:21 0 d-----w- c:\docume~1\shawnee\applic~1\Malwarebytes
2010-08-28 20:42:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 20:42:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-28 20:42:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 20:42:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 19:45:27 0 d-sha-w- c:\windows\Repair
2010-08-28 19:09:27 0 d-sha-r- C:\cmdcons
2010-08-28 19:06:26 98816 ----a-w- c:\windows\sed.exe
2010-08-28 19:06:26 77312 ----a-w- c:\windows\MBR.exe
2010-08-28 19:06:26 256512 ----a-w- c:\windows\PEV.exe
2010-08-28 19:06:26 161792 ----a-w- c:\windows\SWREG.exe
2010-08-22 00:18:31 0 d-----w- c:\docume~1\shawnee\applic~1\Avira

==================== Find3M ====================

2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 00:19:25 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2002-06-04 11:06:04 65536 ------w- c:\windows\inf\copyinf.exe
2010-01-09 12:32:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010010920100110\index.dat

============= FINISH: 16:37:26.97 ===============


Premium Member
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


I seem to have new problems on my computer
tetonbob left you with a clean computer just three short weeks ago. Someone with access to this machine needs to be schooled on safe and proper surfing/downloading habits.

As you read in our:

Also be advised:

It is not our intent to repeatedly remove malware from the same member's machines. The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have happened, and how to prevent that from happening again. To this end, we provide links to articles and tools which should make your visit to the Virus/Trojan/Spyware Help section of TSF a one time event. Please do enjoy the rest of Tech Support Forum as many times as you like!

It also appears you didn't uninstall ComboFix as instructed by tetonbob in his closing speech.


One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.


Please delete ComboFix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix:

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.


8 Posts
Discussion Starter · #3 ·
As you coldly put it, it had indeed been only three short weeks since last I came to ask assistance to this forum. As it visibly inconveniences you, I will trouble you no further since my presence is deemed to be so disagreeable.

I formatted my computer and entirely reinstalled my operating system. As for the schooling of the users of this computer, not that it really seems to matter, but everyone is well aware of security with activities involving the Internet.

There will be no more need of this thread and I will kindly remove myself from this forum, and look elsewhere for assistance should further problems arise in the future.

Thank you... or not.
1 - 4 of 4 Posts
Not open for further replies.