Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Have all sorts of problems,think entire system has been hija

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Have all sorts of problems,think entire system has been hija

Unread postby sportcraft » January 26th, 2012, 3:09 am

I can't install XP SP3, I think my certificate authorities are being redated. think my data is being exported.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11
Run by Dan at 1:36:08 on 2012-01-26
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} -
TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
uRun: [SpybotSD TeaTimer] c:\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\canoni~1.lnk - c:\windows\system32\rundll32.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B5BBF516-DAC8-49AF-9072-BE661DCAEDDA} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D3ED0C28-E21D-4495-BD8A-693A3E76478D} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\mr3zb5oi.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - %profile%\extensions\multipletab@piro.sakura.ne.jp
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-01-26 01:21:06 -------- d-----w- c:\documents and settings\dan\application data\SUPERAntiSpyware.com
2012-01-26 01:20:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-26 01:20:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-26 01:11:14 14266192 ----a-w- c:\program files\SUPERAntiSpyware.exe
2012-01-25 23:34:14 607260 ------r- c:\program files\dds.scr
2012-01-25 22:49:25 331805736 ----a-w- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2012-01-24 08:46:35 -------- d-----w- c:\program files\SonicWallES
2012-01-24 07:41:00 -------- d-----w- c:\windows\system32\DisabledCPL
2012-01-24 06:25:10 11264 ----a-w- c:\windows\system32\drivers\uze1oti4.sys
2012-01-23 03:58:58 -------- d-----w- c:\documents and settings\dan\application data\Malwarebytes
2012-01-23 03:58:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-23 03:58:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 03:58:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-20 06:26:09 10134560 ----a-w- c:\program files\common files\lpuninstall.exe
2012-01-20 06:25:48 -------- d-----w- c:\program files\LastPass
2012-01-19 06:58:27 -------- d-----w- c:\program files\File Viewer
2012-01-16 22:57:39 -------- d-----w- c:\documents and settings\dan\local settings\application data\Solid State Networks
2012-01-16 18:27:54 -------- d-----w- c:\documents and settings\dan\local settings\application data\LastPass
2012-01-16 14:06:20 -------- d-----w- c:\program files\VideoLAN
2012-01-16 13:03:32 -------- d-----w- c:\documents and settings\dan\dwhelper
2012-01-16 08:46:05 -------- d-----w- C:\Driver downloads
2012-01-08 03:50:42 -------- d-----w- c:\program files\silverlight
2012-01-07 00:24:15 -------- d-----w- c:\documents and settings\dan\application data\OpenWith.org Downloaded Setups
2012-01-07 00:19:11 -------- d-----w- C:\bb
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-31 03:50:55 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJScan
.
==================== Find3M ====================
.
2012-01-25 23:07:17 617472 ----a-w- c:\windows\system32\comctl32.dll
2012-01-22 22:03:37 88 --sh--r- c:\windows\system32\D7A0CF68A8.sys
2012-01-22 22:03:37 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-01-16 13:36:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 03:13:02 32608 ----a-w- c:\windows\king-uninstall.exe
2011-12-13 20:52:14 7253080 ----a-w- c:\program files\registrybooster.exe
2011-12-09 23:58:49 16409960 ----a-w- C:\spybotsd162.exe
2011-12-09 22:00:38 6013072 ----a-w- c:\program files\ExterminateItSetup.exe
2011-11-07 08:26:14 939368 ----a-w- c:\windows\system32\flash.ocx
2010-08-05 21:25:44 152190976 ----a-w- c:\program files\ZASPSetup_93_014_000_en.exe
2010-07-13 19:31:37 145181184 ----a-w- c:\program files\ZASPSetup_91_603_000_en.exe
2010-01-27 00:34:54 1236816 ----a-w- c:\program files\Setup.exe
2010-01-14 00:56:18 912089 ----a-w- c:\program files\unitconversion.exe
2009-12-27 00:12:39 3820454 ----a-w- c:\program files\ZoneAlarm Security.lnk.exe
2009-10-12 01:31:36 186880 ----a-w- c:\program files\LSPFix.exe
2009-09-26 01:55:41 8951576 ----a-w- c:\program files\is360setup.exe
2009-09-23 02:25:56 1296288 ----a-w- c:\program files\DMSetup-Serial.exe
2009-08-28 15:16:16 902656 ----a-w- c:\program files\Indihiang-x86.v0.2.1.msi
2009-08-28 15:15:45 912896 ----a-w- c:\program files\Indihiang-x64.v0.2.1.msi
2009-08-28 11:49:26 299288 ----a-w- c:\program files\GmailInstaller.exe
2000-09-01 00:39:48 1179695 ----a-w- c:\program files\MapSend.exe
2000-08-31 23:14:04 5472 ----a-w- c:\program files\lbltxt.fon
1998-10-27 11:08:04 317952 ----a-w- c:\program files\ROBOEX32.dll



Here is the attach text
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
===========================
Attach.zip
You do not have the required permissions to view the files attached to this post.
sportcraft
Active Member
 
Posts: 2
Joined: January 25th, 2012, 7:43 pm
Advertisement
Register to Remove

Re: Have all sorts of problems,think entire system has been

Unread postby deltalima » January 26th, 2012, 4:49 pm

Posting Logs as Attachments

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.

The section here explains why you should not post attachments unless the helper assisting you requests that you do so.

If you still require assistance, please start a new topic and copy and paste your DDS logs (DDS.txt and Attach.txt) and wait for a new helper. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware