Now going to malwareremoval.com in Firefox browser leaves me waiting (it will never come up) so I have to use IE 8.0
So here is the necessary files.
Thank you,
Charles
DDS.scr output
- Code: Select all
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_27 Run by charles at 20:29:45 on 2011-09-03 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1894 [GMT -5:00] . AV: Doctor Web Anti-Virus *Enabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Doctor Web Anti-Virus *Enabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65} FW: Dr.Web Firewall *Enabled* {54FD2F0C-F7E9-625E-7F1B-B80A587561A3} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe C:\Program Files\DrWeb\frwl_svc.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Camera Assistant Software for Gateway\traybar.exe C:\WINDOWS\sttray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\System32\HWKeyPlus.exe C:\WINDOWS\System32\HWTabTray.exe C:\Program Files\ContentWatch\Internet Protection\cwtray.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\DrWeb\spideragent.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\WINDOWS\ehome\ehtray.exe C:\Hanvon_soft\hwshell.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\DrWeb\frwl_notify.exe C:\WINDOWS\System32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.msn.com uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6321 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6321 mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6321 mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6321 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [Qnext] "c:\program files\qnext\qnext.exe" pause=30000 uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe" mRun: [NapsterShell] c:\program files\napster\napster.exe /systray mRun: [SigmatelSysTrayApp] sttray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HWTablet KeyPlus] c:\windows\system32\HWKeyPlus.exe mRun: [HWTablet Service] c:\windows\system32\HWTabTray.exe mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" -autorun mRun: [Dr.Web Firewall] "c:\program files\drweb\frwl_notify.exe" mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [CWPhoenixApp] c:\program files\contentwatch\internet protection\updater\Phoenix.exe /r mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe StartupFolder: c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hanvon~1.lnk - c:\hanvon_soft\hwshell.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll LSP: c:\program files\drweb\drwebsp.dll LSP: c:\windows\system32\cwalsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial2.webex.com/client/T27LB/webex/ieatgpc1.cab TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{BC1AB20A-233A-456C-A3D0-AC58033DAC70} : DhcpNameServer = 192.168.2.254 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\charles\appdata\roaming\mozilla\firefox\profiles\ur92008q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.infowars.com FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search= FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\charles\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-8-9 139640] R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2010-8-9 109560] R1 DRWEBAF;DrWEB Firewall Application Filter;c:\windows\system32\drivers\drwebaf.sys [2010-8-9 84728] R1 SASDIFSV;SASDIFSV;c:\users\charles\appdata\local\temp\sas_selfextract\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\users\charles\appdata\local\temp\sas_selfextract\saskutil.sys [2010-5-10 67656] R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2010-7-26 2100544] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2010-6-21 1771864] R2 DrWebFWSvc;Dr.Web Firewall Service;c:\program files\drweb\frwl_svc.exe [2010-8-11 2267120] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504] R2 HYRDBios;HYRDBios;c:\windows\system32\drivers\HYRDBios.sys [2010-2-17 5632] R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016] R3 DrWebPF;DrWeb Packet Filter Driver;c:\windows\system32\drivers\drwebpf.sys [2010-8-9 72568] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648] R3 VHWDrawing;HanWang Drawing Tablet;c:\windows\system32\drivers\HWDrawing.sys [2010-2-17 6400] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] . =============== Created Last 30 ================ . 2011-09-03 03:41:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-02 21:14:35 749832 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll . ==================== Find3M ==================== . 2011-09-03 03:08:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-07 11:21:29 139640 ----a-w- c:\windows\system32\drivers\dwprot.sys 2011-07-05 09:57:54 109560 ----a-w- c:\windows\system32\drivers\spiderg3.sys . ============= FINISH: 20:32:18.49 ===============
attach.txt
- Code: Select all
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/9/2010 1:31:57 AM System Uptime: 9/3/2011 5:00:22 PM (3 hours ago) . Motherboard: Gateway | | Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | U2E1 | 1867/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 138 GiB total, 20.164 GiB free. D: is FIXED (NTFS) - 11 GiB total, 4.515 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0000 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #3 PNP Device ID: ROOT\*ISATAP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: MAC Bridge Miniport Device ID: ROOT\MS_BRIDGEMP\0000 Manufacturer: Microsoft Name: MAC Bridge Miniport PNP Device ID: ROOT\MS_BRIDGEMP\0000 Service: BridgeMP . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.2.5 Adobe Shockwave Player 11.5 AGEIA PhysX v7.11.13 AllyCAD 2010 Home Release 5 Apple Application Support Apple Software Update Browser Address Error Redirector Camera Assistant Software for Gateway CaptureWizPro 4.40 Content Corel Painter 11 Corel Painter 11 - ICA Corel Painter 11 - IPM Crystal Reports Basic Runtime for Visual Studio 2008 Dr.Web anti-virus for Windows Pro 6.0 (x86) FATE Gateway Recovery Center Installer GDR 3073 for SQL Server Database Services 2005 ENU (KB954606) Hanvon soft HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IconHandler 32 bit IDT Audio IncrediMail IncrediMail 2.0 Ink Intel(R) Graphics Media Accelerator Driver Intel(R) Matrix Storage Manager Java Auto Updater Java(TM) 6 Update 27 JumpStart Advanced 6th Grade KWorld Editing Device Driver KWorld USB 2860 Device Driver LabelPrint Langauge Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 Microsoft Access 2000 Runtime Microsoft Games for Windows - LIVE Redistributable Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SOSHOME309) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.5.16) MP3 WAV Converter 4.13 Net Nanny Parental Controls 6.0 Norton Security Scan OpenOffice.org 3.0 Opera 10.53 PhotoMail Maker PhotoNow! 1.0 Power2Go 5.0 PowerDirector PowerProducer Qnext QuickTime Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek USB 2.0 Card Reader REALTEK USB Wireless LAN Driver RollerCoaster Tycoon 2 RollerCoaster Tycoon 2: Time Twister RollerCoaster Tycoon® 3 SpanishNow! Spelling Dictionaries Support For Adobe Reader 8 Switched-On Schoolhouse 2009 - Home Edition Switched-On Schoolhouse 2009 - Home Edition Database Synaptics Pointing Device Driver Tablet Driver Tux Paint 0.9.21 Tux Paint Stamps 2009-06-28 Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) WebEx Windows Live ID Sign-in Assistant WinPatrol WinZip 14.5 Wizard101 . ==== Event Viewer Messages From Past Week ======== . 9/3/2011 5:01:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 9/3/2011 3:49:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 001644C6D6B7 has been denied by the DHCP server 192.168.2.254 (The DHCP Server sent a DHCPNACK message). 8/30/2011 6:24:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:56:34 PM on 8/30/2011 was unexpected. 8/30/2011 10:02:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:50:56 PM on 8/29/2011 was unexpected. 8/28/2011 10:22:37 AM, Error: EventLog [6008] - The previous system shutdown at 10:08:06 AM on 8/28/2011 was unexpected. 8/27/2011 8:40:48 PM, Error: EventLog [6008] - The previous system shutdown at 5:23:25 PM on 8/27/2011 was unexpected. . ==== End Of File ===========================