Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

MALWARE SCAN RESULTS DDS

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
churamv37
Newbie


Joined: 04 Jan 2012
Last Visit: 04 Jan 2012
Posts: 1

PostPosted: Wed Jan 04, 2012 5:51 pm    Post subject: MALWARE SCAN RESULTS DDS Reply with quote

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by MARY at 19:39:26 on 2012-01-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1040 [GMT -6:00]
.
AV: Antivirus Soft *Enabled/Updated* {B316C67E-09F1-44c7-85E0-94F6DA8A4AA1}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! antivirus 4.7.1043 [VPS 080403-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\MARY\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\mary\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\mary\start menu\programs\startup\PowerReg Scheduler V3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail.mehlville.k12.mo.us/dwa85W.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A6C3A6F1-4896-4149-8716-AAB0F2D11A10} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mary\application data\mozilla\firefox\profiles\h4wkzpu3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=393&systemid=1&sr=0&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys [2011-8-19 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys [2011-8-19 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\bashdefs\20111221.003\BHDrvx86.sys [2011-12-21 819320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys [2011-8-19 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccSvcHst.exe [2011-8-19 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-11 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\ipsdefs\20120104.002\IDSXpx86.sys [2012-1-4 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\virusdefs\20120104.017\NAVENG.SYS [2012-1-4 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\virusdefs\20120104.017\NAVEX15.SYS [2012-1-4 1576312]
S0 23630272;23630272 Boot Guard Driver;c:\windows\system32\drivers\23630272.sys --> c:\windows\system32\drivers\23630272.sys [?]
S1 23630271;23630271;c:\windows\system32\drivers\23630271.sys --> c:\windows\system32\drivers\23630271.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\tuneup utilities 2010\tuneuputilitiesservice32.exe" --> c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\mary\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mary\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-4 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176]
S3 marsqx5;Digital Blue QX5 V2 Microscope;c:\windows\system32\drivers\marsqx5.sys [2011-9-18 72576]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-6 91841]
S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-12-17 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-12-17 14336]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\tuneup utilities 2010\tuneuputilitiesdriver32.sys --> c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [?]
.
=============== Created Last 30 ================
.
2012-01-01 23:14:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-01 23:14:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-31 04:04:18 -------- dc-h--w- c:\windows\ie8
2011-12-31 03:42:55 -------- d-----w- c:\program files\Systweak Advanced System Protector
2011-12-27 09:01:01 -------- d-----w- C:\Rbackup
2011-12-26 06:05:56 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-12-26 06:05:16 -------- d-----w- c:\program files\common files\xing shared
2011-12-26 06:04:51 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-12-26 06:04:28 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-12-23 23:38:59 -------- d-----w- c:\program files\Perfect Uninstaller
2011-12-08 19:05:00 -------- d-----w- c:\documents and settings\mary\local settings\application data\antiphishing-vmntbcleaner1_0dn
2011-12-08 06:33:35 -------- d-----w- c:\documents and settings\mary\application data\PC Cleaners
2011-12-08 06:33:30 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2011-12-08 03:05:48 -------- d-----w- c:\documents and settings\mary\application data\wincoreimband
2011-12-08 03:05:48 -------- d-----w- c:\documents and settings\mary\AppData
2011-12-06 19:49:46 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2011-12-06 19:49:46 -------- d-----w- c:\documents and settings\all users\application data\2E135
.
==================== Find3M ====================
.
2011-12-26 06:03:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-26 06:03:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-08 06:32:06 6071056 ----a-w- c:\windows\uninst.exe
2011-11-25 03:30:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 04:30:29 1409 ----a-w- c:\windows\QTFont.for
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-15 21:58:16 110456 ----a-w- c:\documents and settings\mary\g2ax_customer_downloadhelper_win32_x86.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 01:18:20 1442272 ----a-w- c:\program files\MapsSetup.exe
2011-10-02 10:40:42 211008 ----a-w- c:\program files\Maps4PC.exe
2011-09-19 00:47:27 450352 ----a-w- c:\program files\FixitCenter_Run.exe
.
============= FINISH: 19:40:26.94 ===============
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 20 Sep 2014
Posts: 4633
Location: Land Of The Leprechauns

PostPosted: Thu Jan 05, 2012 3:05 am    Post subject: Reply with quote

Duplicate post therefore closed.
http://spywarewarrior.com/viewtopic.php?t=34272
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group