Tech Support Forum banner
Status
Not open for further replies.

PLEASE!! TROJAN HELP! dds,ark,attach.txt included

1K views 2 replies 3 participants last post by  amateur 
#1 ·
Thats for looking! I really need someone to help. I just finished what i thought was "fixing" this computer. Its still acting up. I have combofix incase you need a log. just let me know. Here is dds.. ATTACH.ZIP is attached THANK YOU :pray:
--------------------------------------------------------------------------


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 23:48:51.68 on Tue 12/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.444 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1140006624\ee\AOLSoftware.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Kuma Games\ShootOutMP\Kuma Games\hcsystray\hc_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Ringo\Hub.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\companion\installs\cpn0\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [HostManager] c:\program files\common files\aol\1140006624\ee\AOLSoftware.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [SBC Yahoo! Connection Manager] c:\program files\sbc yahoo!\connection manager\ConnectionManager.exe -Show
mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
mRun: [FaxCenterServer4_in_1] "c:\program files\lexmark 4200 series\fax\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: ["c:\program files\sbc yahoo!\connection manager\ConnectionManager] SBC Yahoo! Connection Manager
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [hcsystray] c:\program files\kuma games\shootoutmp\kuma games\hcsystray\hc_tray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Corel Photo Downloader] c:\program files\cvs\cvs photo editor plus\Corel Photo Downloader.exe
mRun: [Cleanup] c:\docume~1\owner\locals~1\temp\2009128234647_mcappins.exe /v=3 /cleanup
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [msci] c:\docume~1\owner\locals~1\temp\2009128234646_mcinfo.exe /insfin
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ringol~1.lnk - c:\program files\ringo\Hub.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144709674622
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-5 24652]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?]
RUnknown MPFIREWL;MPFIREWL; [x]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-6-27 17149]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\owner\locals~1\temp\gagp440p.sys --> c:\docume~1\owner\locals~1\temp\gAGP440p.sys [?]

=============== Created Last 30 ================

2009-12-09 04:46:03 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-12-09 04:45:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 04:45:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-09 04:40:48 5840 ----a-w- c:\windows\system32\tmp.reg
2009-12-09 04:17:44 0 d-sha-r- C:\cmdcons
2009-12-09 04:15:42 77312 ----a-w- c:\windows\MBR.exe
2009-12-09 04:15:42 260096 ----a-w- c:\windows\PEV.exe
2009-12-09 04:15:41 98816 ----a-w- c:\windows\sed.exe
2009-12-09 04:15:41 161792 ----a-w- c:\windows\SWREG.exe
2009-12-09 04:00:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Clearwire
2009-12-08 19:13:19 0 d-----w- C:\f41dc2b94ee718412a656b3152
2009-12-07 22:33:47 0 d-----w- c:\program files\Skyhook Wireless
2009-12-07 21:21:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 21:21:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-07 18:22:30 0 d-----w- c:\windows\ie8updates
2009-12-06 19:59:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-06 19:59:46 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-06 19:39:54 1089601 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-12-03 19:29:35 88 --sh--r- c:\windows\system32\B317EE2E35.sys
2009-12-03 19:29:34 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-03 19:28:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2009-12-03 19:28:20 0 d-----w- c:\documents and settings\all users\My Music
2009-12-03 19:27:28 0 d-----w- c:\program files\CVS
2009-12-03 19:27:28 0 d-----w- c:\program files\common files\Corel
2009-12-03 19:25:16 0 d-----w- c:\program files\Corel
2009-12-03 19:19:58 0 d-----w- c:\docume~1\owner\applic~1\CVS
2009-11-25 04:02:55 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2009-11-25 03:59:42 0 d-----w- c:\docume~1\owner\applic~1\AVG8
2009-11-23 22:42:38 0 d-----w- c:\program files\Groove Games
2009-11-23 18:47:08 0 d-----w- c:\windows\SxsCaPendDel
2009-11-23 18:29:44 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2009-11-23 00:37:13 0 d-sh--w- c:\documents and settings\owner\IETldCache
2009-11-22 22:54:28 0 dc-h--w- c:\windows\ie8
2009-11-22 04:54:28 0 d-----w- c:\windows\system32\XPSViewer
2009-11-22 04:53:43 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-22 04:53:43 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-22 04:53:43 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-22 04:53:43 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-22 04:53:43 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-22 04:53:43 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-22 04:53:43 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-22 04:53:43 0 d-----w- C:\1f9f9de5eabc7bd7e3bd34e6829deff4
2009-11-22 04:51:07 0 d-----w- c:\program files\MSXML 6.0
2009-11-21 21:17:52 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-11-21 21:17:52 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-11-21 21:17:52 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-11-21 21:17:52 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-11-21 21:17:52 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-11-21 21:17:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-11-21 21:17:51 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-11-21 21:17:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-21 21:17:51 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-21 21:17:50 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-11-21 20:58:40 0 d-----w- c:\windows\ServicePackFiles
2009-11-21 20:56:21 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-21 20:56:21 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-21 20:49:31 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-21 20:48:17 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-21 20:47:00 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-21 20:44:20 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-21 20:44:20 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-21 20:44:18 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-21 20:44:17 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-21 20:44:15 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-11-21 20:43:20 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-21 20:43:19 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-21 20:15:16 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-11-21 20:15:14 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-11-21 20:15:13 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-11-21 20:15:13 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2009-10-20 17:47:42 144 ----a-w- c:\windows\system32\drivers\macxvi.cfg
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll

============= FINISH: 23:49:11.07 ===============
 

Attachments

See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top