Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
Hello,

I seem to have new problems on my computer. I can't get my antispyware to update or scan, and I cannot restore my system to a previous date. The antivirus caught two intrusions, but I feel there might be something else lurking in there, because my internet explorer keeps being redirected to annoying ads whenever I research something.

Well, without further words, here are the reports of the scans, as per your instructions like last time... =.=


DDS (Ver_10-03-17.01) - NTFSx86
Run by Shawnee at 16:35:59.85 on 15/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2431.1815 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Shawnee\Local Settings\Temporary Internet Files\Content.IE5\L4LB7XOR\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.saveswatts.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:[email protected]?subject=Weather Snapshot&body=Enter a description and don't forget to attach your photo!
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\shawnee\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.164.72,93.188.166.222
TCP: {9D6F330F-C0F9-4BCE-8B6B-E9DB2D118021} = 93.188.164.72,93.188.166.222
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-13 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-6 532224]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-1-6 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-13 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-13 60936]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-8-11 29184]

=============== Created Last 30 ================

2010-09-10 18:19:59 468 ----a-w- c:\program files\09201014195951.bat
2010-09-10 17:19:08 0 d-----w- c:\docume~1\shawnee\applic~1\Flood Light Games
2010-09-10 17:19:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Flood Light Games
2010-09-10 17:17:11 0 d-----w- c:\program files\I-play Games
2010-08-29 17:57:35 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-08-29 03:03:24 0 d-----w- c:\windows\system32\XPSViewer
2010-08-29 03:02:42 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-29 03:02:42 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-29 03:02:42 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-29 03:02:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-29 03:02:42 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-29 03:02:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-29 03:02:42 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-29 03:02:42 0 d-----w- C:\4b32585e705e8b0854370f49
2010-08-29 00:00:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-28 20:42:21 0 d-----w- c:\docume~1\shawnee\applic~1\Malwarebytes
2010-08-28 20:42:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 20:42:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-28 20:42:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 20:42:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 19:45:27 0 d-sha-w- c:\windows\Repair
2010-08-28 19:09:27 0 d-sha-r- C:\cmdcons
2010-08-28 19:06:26 98816 ----a-w- c:\windows\sed.exe
2010-08-28 19:06:26 77312 ----a-w- c:\windows\MBR.exe
2010-08-28 19:06:26 256512 ----a-w- c:\windows\PEV.exe
2010-08-28 19:06:26 161792 ----a-w- c:\windows\SWREG.exe
2010-08-22 00:18:31 0 d-----w- c:\docume~1\shawnee\applic~1\Avira

==================== Find3M ====================

2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 00:19:25 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2002-06-04 11:06:04 65536 ------w- c:\windows\inf\copyinf.exe
2010-01-09 12:32:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010010920100110\index.dat

============= FINISH: 16:37:26.97 ===============
 

Attachments

·
Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
As you coldly put it, it had indeed been only three short weeks since last I came to ask assistance to this forum. As it visibly inconveniences you, I will trouble you no further since my presence is deemed to be so disagreeable.

I formatted my computer and entirely reinstalled my operating system. As for the schooling of the users of this computer, not that it really seems to matter, but everyone is well aware of security with activities involving the Internet.

There will be no more need of this thread and I will kindly remove myself from this forum, and look elsewhere for assistance should further problems arise in the future.

Thank you... or not.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top