Zeke_Zane Posted April 28, 2009 Posted April 28, 2009 for a few weeks now i have been getting re-directed to ad websites when i open links, it seems to specifically happen when i open links from google but has also happened from other sites. i have pc tools internet security and do regular full scans, have also used eset internet security and regularly run ad-aware, tune up utilities 2009 registry cleaner and uniblue spyeraser and have tried registry mechanic but none of these have been able to fix my problem. last few days have also been getting internet explorer crashes, have upgraded to IE8.0 but this hasnt fixed the problem. was just wondering if anyone could offer any suggestions as it is really starting to bug me now and i really dont want to have to do a clean windows install due to the amount of programs i have installed and amount of data stored Quote
Guest Wolfeymole Posted April 28, 2009 Posted April 28, 2009 Registry editors/cleaners are not worth a monkeys toss. Have you tried doing a System Restore to when you think the problems started happening Zeke? Quote
Zeke_Zane Posted April 28, 2009 Author Posted April 28, 2009 i tried that when it very first started but it didnt help, so did full scans with everything i had and removed anything adware or anything else found but still no luck Quote
Tootech Posted April 28, 2009 Posted April 28, 2009 Hi Zeke, From what you described I believe you still have malware on your machine. Ad-Aware is ok, but it doesn't pick up everything. The Eset scanner won't shift spyware, so I recommend you run through the full malware removal process. Its takes a bit of time, but its thorough and sorts out most problems. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process. Perform all the steps in the order listed to avoid any conflicts. If unsure, please stop and voice your doubts. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference. If you stick to the above guidelines, all should go smoothly. ================================================ STEP 1 Download ATF-Cleaner by Atribune. Save the file to your Desktop. Double-click on the file to run the program. On the Main tab, check the Select All button. Next, click on the Firefox tab (if applicable) and check the Select All button. Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt. Now, click on the Opera tab (if applicable) and check the Select All button. Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt. Press the Empty Selected button and click OK to acknowledge the corresponding prompt. Click on the Exit button to quit the program. ================================================ STEP 2 Please click here to download Malwarebytes' Anti-Malware. Save the file to your Desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, make sure a check mark is placed next to: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Click Finish. [*]The program will download and update itself if it finds the necessity to do so. Please allow this. [*]Once the program has loaded, select Perform full scan, then click Scan. Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process. [*]When the scan is complete, click OK, and then Show Results to view the results. [*]Make sure that every entry is selected, and click Remove Selected. [*]Restart your computer. ================================================ STEP 3 Please click here to download SUPERAntiSpyware (Free Version). Save the file to your Desktop. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program. Open SUPERAntiSpyware. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following fields checked: [*]Click the Close button to leave the control center screen. [*]On the main screen, under Scan for Harmful Software click Scan your computer. [*]On the left, make sure you check mark All the Fixed Drives. [*]On the right, under Complete Scan, choose Perform Complete Scan. [*]Click Next to start the scan. Please be patient while it scans your computer. [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK. [*]Make sure every entry has a check mark next to it and click Next. [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu. [*]Restart your computer. ================================================ STEP 4 Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan. Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu. Check mark the YES, I accept the Terms of Use box. Click the Start button. Click the Install button on the following screen. Click Start. This will will initialize and update the scanner engine. Check mark the box beside Remove found threats. Click the Scan button. This will start the scan. Please be patient while it is in progress. Restart your computer. ================================================ STEP 5 Click on Start > Programs > Accessories > System Tools and select System Restore. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore. Next, click on Start > Run, type Cleanmgr and click on OK. Click on the More Options tab. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one. This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files. Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong. Re-enable all your security applications and please return here and tell us how the computer seems to be operating. Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Quote
Zeke_Zane Posted April 28, 2009 Author Posted April 28, 2009 all done, followed steps exactly and am still getting same problem Quote
Zeke_Zane Posted April 28, 2009 Author Posted April 28, 2009 when i have re-enabled my internet security it has started an intelli-scan which found the same 3 infections it seems to find everytime i run. if it helps they are - 1) Adware.Advertising 2)Aplication.TrackingCookies 3)Trojan.Adclicker - Also known as: Adware.Hiu.c AdWare.Win32.Agent.ak [Kaspersky] AdWare.Win32.Age Quote
RandyL Posted April 29, 2009 Posted April 29, 2009 When you followed the steps above did they find anything and if so what? There are different possibilities here but this is what I would try first: Uninstall any programs that are suspicious or not needed that you may have downloaded as they may be reinstalling malware. Your registry programs come to mind and definitely uniblue spyeraser. Look for others such as P2P, smiley, my web or my search or anything else that you might suspect. Make sure the MalwareBytes and SuperAntiSpyware are updated and this time run them in Safe Mode. Report back what they find. By the way is intelli-scan from PC-Tools? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Zeke_Zane Posted April 29, 2009 Author Posted April 29, 2009 they were finding the same things that my pc tools internet security is fidning, plus a couple other adware infections. ok thanks will give it a try and see what comes up and let you know. yes intelli-scan is just one of the quick scans pc tools internet security does. i have also just noticed, when i do a search from google or certain links on other sites, when i highlight the link, they show at the bottom of IE as what the link should be, but if i right click and check the links properties it is showing a different site. Quote
Zeke_Zane Posted April 30, 2009 Author Posted April 30, 2009 (edited) ok this is all done now, and here are the logs for scans - Malwarebytes' Anti-Malware 1.36 Database version: 2058 Windows 5.1.2600 Service Pack 3 29/04/2009 14:52:32 mbam-log-2009-04-29 (14-52-32).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|I:\|J:\|) Objects scanned: 341243 Time elapsed: 1 hour(s), 53 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Default User\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Whysper Lupus\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Whysper Lupus\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully. SUPERAntiSpyware No malicious items found ESET Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted (after next restart) C:\WINDOWS\Temp\msb.dll Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted_ C:\WINDOWS\system32\config\systemprofile\protect.dll Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted) C:\WINDOWS\system32\autochk.dll as soon as i have re-started my internet security, it has initiated a quick scan and is still finding infections and i still have the same problem, here is the log file from that. Pc tools internet security 4/30/2009 17:03:22:890 Scan Started Scan Type - Intelli-Scan 4/30/2009 17:03:24:890 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - 2o7.net/ 2o7.net 4/30/2009 17:03:24:890 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - 7search.com/ 7search.com 4/30/2009 17:03:24:906 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - ad.yieldmanager.com/ ad.yieldmanager.com 4/30/2009 17:03:24:906 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - adtech.de/ adtech.de 4/30/2009 17:03:24:921 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - atdmt.com/ atdmt.com 4/30/2009 17:03:24:937 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - azjmp.com/ azjmp.com 4/30/2009 17:03:24:968 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - bs.serving-sys.com/ bs.serving-sys.com 4/30/2009 17:03:25:46 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - doubleclick.net/ doubleclick.net 4/30/2009 17:03:25:62 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ehg-eset.hitbox.com/ ehg-eset.hitbox.com 4/30/2009 17:03:25:171 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - hitbox.com/ hitbox.com 4/30/2009 17:03:25:203 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - imrworldwide.com/ imrworldwide.com 4/30/2009 17:03:25:203 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - livenation.122.2o7.net/ livenation.122.2o7.net 4/30/2009 17:03:25:234 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - mediaplex.com/ mediaplex.com 4/30/2009 17:03:25:421 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - serving-sys.com/ serving-sys.com 4/30/2009 17:03:25:437 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - statcounter.com/ statcounter.com 4/30/2009 17:03:25:500 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - tribalfusion.com/ tribalfusion.com 4/30/2009 17:09:15:890 Scan Finished Scan Type - Intelli-Scan Items Processed - 287093 Threats Detected - 3 Infections Detected - 16 Infections Ignored - 0 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - tribalfusion.com/ tribalfusion.com 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - serving-sys.com/ serving-sys.com 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - livenation.122.2o7.net/ livenation.122.2o7.net 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - imrworldwide.com/ imrworldwide.com 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - hitbox.com/ hitbox.com 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ehg-eset.hitbox.com/ ehg-eset.hitbox.com 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - doubleclick.net/ doubleclick.net 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - bs.serving-sys.com/ bs.serving-sys.com 4/30/2009 17:10:14:937 Infection cleaned Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - 2o7.net/ 2o7.net 4/30/2009 17:10:15:0 Infection cleaned Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - 7search.com/ 7search.com 4/30/2009 17:10:15:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - statcounter.com/ statcounter.com 4/30/2009 17:10:15:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - mediaplex.com/ mediaplex.com 4/30/2009 17:10:15:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - azjmp.com/ azjmp.com 4/30/2009 17:10:15:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - atdmt.com/ atdmt.com 4/30/2009 17:10:15:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - adtech.de/ adtech.de 4/30/2009 17:10:15:78 Infection cleaned Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - ad.yieldmanager.com/ ad.yieldmanager.com 4/30/2009 17:10:17:109 Infections Quarantined/Removed Summary Quarantined - 0 Quarantine Failed - 0 Removed - 16 Remove Failed - 0 *also, forgot to mention, since doing the scans in safe mode it is no longer alowing me to create system restore points, it just give me an error asking me to restart windows Edited April 30, 2009 by Zeke_Zane Quote
RandyL Posted May 1, 2009 Posted May 1, 2009 PC-Tools only picked up tracking cookies. Nothing to worry about there except that ATF and Superantispyware should have removed them. Did you run the Eset online scanner? Did you scan all your drives. Do you have any external drives or USB storage devices attached? Is your computer networked to any other computers? Aside from System Restore not creating points is the system working correctly now? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Tootech Posted May 1, 2009 Posted May 1, 2009 I noticed that the PC Tools scan was an Intelli-scan. That's not a full scan. Does your PC Tools software have Spyware Doctor installed? If so, run a full system scan with Spyware Doctor. Its not on the Extreme Tech Support - Free PC Help list of recommended products, but it is thorough, and I've used it with success a great deal. Let us know the results. Quote
RandyL Posted May 1, 2009 Posted May 1, 2009 Sorry Zeke I see you did run the Eset scan. Scott has a point. Spyware Doctor is an option I hope you have. Also a full scan can't hurt. Thanks Scott. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Zeke_Zane Posted May 1, 2009 Author Posted May 1, 2009 thanks for reply guys, full scan picks up same things, except a couple more infected files, will download spyware doctor and post results. i do have external hd's but none are conected at the moment or have been recently. i am not networked to any other computers. i scanned all drives. apart freom system restore not working, i am still having problems with google redirecting to ads and since i have run all the scans on here, my computer is taking a lot longer to boot, boots up to desktop and just sits there, takes it about 60 seconds just to launch IE for the first time, but i dont see how that can be related to scans so thats probably something seperate that i can sort myself once i get the redirecting problem sorted. Quote
Zeke_Zane Posted May 1, 2009 Author Posted May 1, 2009 ok i have just tried to install spyware doctor and been told that it is already installed as part of pc tools internet security so that had a full scan yesterday morning. i have also tried using a different internet security suite from yesterday as i read a couple of really bad reviews of pc tools internet security so have upgraded to avira premium security suite, and run full scans which found the same infections as pc tools, but it found and removed more infected files. Quote
RandyL Posted May 1, 2009 Posted May 1, 2009 Zeke something seems to be reinfecting you. Usually we don't ask for this but can you run Hijackthis for us? It will create a log file that you can save to notepad. Once the log is saved copy and paste the contents here. TrendMicro™ HijackThis™ Download Please download the latest version of HijackThis from Trend Micro and save it to your desktop. Download HJTInstall.exe to your desktop. Doubleclick HJTInstall.exe to install HijackThis. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log in your next reply. Notes: Do not use the AnalyseThis button, its findings are dangerous if misinterpreted. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should In the mean time I would avoid booting normally and connecting to the internet if you can. Use safemode with networking if possible. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Zeke_Zane Posted May 1, 2009 Author Posted May 1, 2009 ok thanks for the fast reply, will do my best to stay in safe mode as much as possible. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:59:11, on 01/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\IDU\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DigitalPersona\Bin\DpHost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DigitalPersona\Bin\DPAgnt.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = VampireFreaks.com - Gothic Industrial Culture R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.virginmedia.com:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 11519 bytes Quote
RandyL Posted May 2, 2009 Posted May 2, 2009 Thankyou for the log. Let's try some different simple tools first. Dr. Web Cure It is the first. After the Express Scan run the Complete Scan. Kaspersky Online Scanner is the next one to try. Scan the entire computer. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Zeke_Zane Posted May 2, 2009 Author Posted May 2, 2009 (edited) while doing dr web scan my avira premium internet security suite found a few things dr web seemed to miss, so will post those at bottom after dr web log just so you can see what else is being found, quick scan result is earlier in the day as first full scan didnt complete so had to run twice. will complete kaspersky online scan now and post those results asap. Dr Web Quick Scan Log ovfsthxjwswulvh.sys;c:\windows\system32\drivers;BackDoor.Tdss.115;Deleted.; Dr Web Full Scan Log ConTest.dll;C:\WINDOWS\system32;Program.Fakespeedup;Deleted.; ovfsthxmehpxjig.dll;C:\WINDOWS\system32;BackDoor.Tdss.141;Deleted.; ovfsthxomhxafuw.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Deleted.; ovfsthxwabvttvt.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Deleted.; ovfsthxxbrqgqcs.dll;C:\WINDOWS\system32;BackDoor.Tdss.141;Deleted.; ovfsthxyvetehhb.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Deleted.; Avira Premium Internet Secuirity Log 02/05/2009 18:32 [Guard] Malware found Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]' detected in file 'C:\System Volume Information\_restore{CEFA4C9F-5C30-483E-8AF5-E40B6C9D05EF}\RP1\A0002384.dll. Action performed: Overwrite file 02/05/2009 18:31 [Guard] Malware found Virus or unwanted program 'APPL/NirCmd.2 [program]' detected in file 'C:\System Volume Information\_restore{CEFA4C9F-5C30-483E-8AF5-E40B6C9D05EF}\RP1\A0002369.exe. Action performed: Overwrite file 02/05/2009 18:31 [Guard] Malware found Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]' detected in file 'C:\WINDOWS\system32\ovfsthxrrftqjip.dll. Action performed: Overwrite file 02/05/2009 15:35 [Guard] Malware found Virus or unwanted program 'APPL/NirCmd.2 [program]' detected in file 'C:\fixwareout\FindT\nircmd.exe. Action performed: Overwrite file 02/05/2009 14:39 [Guard] Malware found Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]' detected in file 'C:\WINDOWS\system32\ovfsthxioeiuwqp.dll. Action performed: Delete file 02/05/2009 01:39 [Webguard] Malware found When accessing data from the URL, "Deleted link to malware site for safety reasons= 303585&s=183&e=google&v=icv13040901ie&q=the+elder+scrolls+5" a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. Action taken: Blocked file 02/05/2009 01:39 [Webguard] Malware found When accessing data from the URL, "Deleted link to malware site for safety reasons=303585&s=183&e=google&v=icv13040901ie&q=oblivion+5" a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. Action taken: Blocked file 02/05/2009 01:38 [Webguard] Malware found When accessing data from the URL, "Deleted link to malware site for safety reasons= 303585&s=183&e=google&v=icv13040901ie&q=oblivion+what+next" a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. Action taken: Blocked file 02/05/2009 01:35 [Webguard] Malware found When accessing data from the URL, "Deleted link to malware site for safety reasons= 303585&s=183&e=google&v=icv13040901ie&q=oblivion+champion+what+next" a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. Action taken: Blocked file Edited May 2, 2009 by maynardvdm Quote
Zeke_Zane Posted May 2, 2009 Author Posted May 2, 2009 kaspersky online scan found nothing, but i still have the same problem Quote
Tootech Posted May 2, 2009 Posted May 2, 2009 (edited) We need you to run a couple of more specialized tools and post the logs once they have completed. The first one is called Roguefix, and can be downloaded from here Roguefix - Rogue scanner & Fake warning removal tool The second one is called Combofix and can be downloaded from here A guide and tutorial on using ComboFix Before running them close any programs you have running and disable your antivirus/firewall software. Be aware that in some circumstances Combofix could break your Windows installation, so make sure you do have backups if your data is important to you. Run Roguefix, it will restart your PC when complete, then run Combofix. Once both are complete please post the logfiles, and once that is done uninstall Combofix by doing this. Start>Run>Combofix /u and press Enter Edited May 3, 2009 by Tootech Quote
bannik Posted May 2, 2009 Posted May 2, 2009 (edited) sry if i am not much help but it looks like you got enough suggestions, i also suggest just googling for the info as this is not the first time a problem like this happend Link Removed this guy solved it so it might help but if the problem still persists and you need the net and haven't fixed it yet I use too have a similar problem and used no script (a Firefox addon) that solved it temporarily (the links worked fine as long as no script is active) Edited May 3, 2009 by maynardvdm Quote
Zeke_Zane Posted May 3, 2009 Author Posted May 3, 2009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logfile of scans by Roguefix V2.243 Scan performed on The current date is: 03/05/2009 The current time is: 17:58:59.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~ Files found ~~~~ checking size of beep.sys 04/08/2004 01:00 PM 4,224 beep.sys 1 File(s) 4,224 bytes beep.sys is not infected Cleaned Temporary files Cleaned Prefetch folder Registry was cleaned and repaired Quote
Zeke_Zane Posted May 3, 2009 Author Posted May 3, 2009 Couldnt fit log in 1 message so will post in 2 ComboFix 09-05-02.4 - Whysper Lupus 03/05/2009 18:04.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1758 [GMT 1:00] Running from: c:\documents and settings\Whysper Lupus\My Documents\Downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) FW: Avira Firewall *disabled* WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\setup.exe c:\windows\system32\_000003_.tmp.dll c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\_000013_.tmp.dll c:\windows\system32\_000014_.tmp.dll c:\windows\system32\_000015_.tmp.dll c:\windows\system32\_000017_.tmp.dll c:\windows\system32\_000018_.tmp.dll c:\windows\system32\_000020_.tmp.dll c:\windows\system32\_000021_.tmp.dll c:\windows\system32\_000022_.tmp.dll c:\windows\system32\_000023_.tmp.dll c:\windows\system32\_000029_.tmp.dll c:\windows\system32\lmppcsetup.exe c:\windows\system32\ovfsthxehrqqwci.dat c:\windows\system32\ovfsthxlog.dat c:\windows\system32\ovfsthxnkvixmyq.dat c:\windows\system32\ovfsthxowbslsoa.dat . ((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 ))))))))))))))))))))))))))))))) . 2009-05-02 19:24 . 2009-05-02 19:24 -------- d-----w c:\program files\DivX 2009-05-02 19:24 . 2009-05-02 19:24 -------- d-----w c:\program files\Common Files\DivX Shared 2009-05-02 09:44 . 2009-05-02 18:06 -------- d-----w c:\documents and settings\Whysper Lupus\DoctorWeb 2009-05-02 02:14 . 2009-05-02 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts 2009-05-01 17:27 . 2009-05-01 17:27 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\Xilisoft Corporation 2009-05-01 17:21 . 2002-01-05 21:37 344064 ----a-w c:\windows\system32\msvcr70.dll 2009-05-01 17:21 . 2009-05-01 17:23 -------- d-----w c:\program files\Audio Convert Master 2009-04-30 20:00 . 2009-04-30 20:00 -------- d-----w c:\program files\Trend Micro 2009-04-30 19:53 . 2009-04-30 19:57 -------- d-----w C:\fixwareout 2009-04-30 17:51 . 2009-04-30 17:51 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\Avira 2009-04-30 17:45 . 2009-04-30 17:43 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-30 17:45 . 2009-04-30 17:43 69632 ----a-w c:\windows\system32\drivers\avfwim.sys 2009-04-30 17:45 . 2009-04-30 17:43 97480 ----a-w c:\windows\system32\drivers\avfwot.sys 2009-04-30 17:45 . 2009-04-30 17:45 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-04-30 17:45 . 2009-04-30 17:45 -------- d-----w c:\program files\Avira 2009-04-29 11:46 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-29 11:46 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-29 11:46 . 2009-04-29 11:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-28 20:22 . 2009-04-28 20:22 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-28 20:21 . 2009-04-30 16:03 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-28 20:21 . 2009-04-29 11:52 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\SUPERAntiSpyware.com 2009-04-28 19:26 . 2009-04-28 19:26 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\Malwarebytes 2009-04-28 19:26 . 2009-04-28 19:26 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-27 13:11 . 2009-04-27 13:11 -------- d-sh--w c:\documents and settings\Whysper Lupus\IECompatCache 2009-04-27 13:08 . 2009-04-27 13:08 -------- d-sh--w c:\documents and settings\Whysper Lupus\PrivacIE 2009-04-27 13:08 . 2009-04-27 13:08 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-04-27 13:06 . 2009-04-27 13:06 -------- d-sh--w c:\documents and settings\Whysper Lupus\IETldCache 2009-04-27 13:03 . 2009-04-27 13:03 -------- d-----w c:\windows\ie8updates 2009-04-27 13:01 . 2009-04-27 13:03 -------- dc-h--w c:\windows\ie8 2009-04-27 12:59 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-04-21 22:14 . 2009-04-21 22:16 -------- d-----w c:\windows\system32\NtmsData 2009-04-21 15:38 . 2009-04-21 15:38 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\PCToolsFirewallPlus 2009-04-21 15:38 . 2009-04-21 15:38 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\PCToolsSpamMonitorPlus 2009-04-21 15:36 . 2009-04-21 15:36 -------- d-----w c:\documents and settings\Whysper Lupus\Local Settings\Application Data\Threat Expert 2009-04-21 15:35 . 2009-04-28 02:43 -------- d-----w c:\program files\Browser Defender 2009-04-21 15:35 . 2009-05-02 13:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2009-04-21 15:02 . 2009-04-21 15:02 -------- d-----w c:\documents and settings\All Users\Application Data\sentinel 2009-04-21 14:53 . 2009-04-21 14:53 -------- d-----w c:\documents and settings\All Users\Application Data\Backup 2009-04-21 14:51 . 2009-04-21 15:43 -------- d-----w c:\program files\Common Files\Panda Software 2009-04-21 13:09 . 2009-04-21 13:09 -------- d-----w c:\windows\system32\Service 2009-04-20 20:37 . 2009-04-20 20:37 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Windows Search 2009-04-16 21:47 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 21:47 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-16 21:47 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 21:47 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 21:47 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 21:47 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 21:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 21:47 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 21:47 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 21:47 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 21:47 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 15:46 . 2009-04-14 15:47 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\IGN_DLM 2009-04-11 15:04 . 2009-04-11 15:04 -------- d-----w c:\program files\Jowood 2009-04-11 14:05 . 2009-04-11 14:05 -------- d-----w c:\program files\iPod 2009-04-11 14:05 . 2009-04-11 14:05 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-11 14:05 . 2009-04-11 14:05 -------- d-----w c:\program files\iTunes 2009-04-07 12:54 . 2008-10-10 03:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll 2009-04-07 12:54 . 2008-10-10 03:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll 2009-04-07 12:53 . 2008-10-27 09:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll 2009-04-06 12:40 . 2009-04-06 12:40 -------- d-----w c:\program files\Community Patch Manager 2009-04-06 12:38 . 2009-04-06 12:38 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield 2009-04-06 12:14 . 2009-04-06 12:14 -------- d-----w c:\program files\Rockstar Games 2009-04-06 11:46 . 2009-04-06 11:46 271360 ----a-w c:\windows\system32\drivers\atksgt.sys 2009-04-06 11:46 . 2009-04-06 11:46 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys 2009-04-06 11:23 . 2009-04-06 13:06 -------- d-----w c:\program files\Gothic III 2009-04-05 20:04 . 2009-04-05 21:01 -------- d-----w c:\documents and settings\Whysper Lupus\Local Settings\Application Data\Oblivion 2009-04-03 20:42 . 2008-10-22 04:27 63040 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-03 20:42 . 2009-04-03 20:42 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 17:10 . 2008-12-12 02:13 502 ----a-w c:\windows\Tasks\1-Click Maintenance.job 2009-05-03 17:10 . 2008-12-08 01:33 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-03 16:26 . 2009-04-27 13:11 438 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{6711E175-A50D-432D-90AC-39AAC3EAF968}.job 2009-05-02 14:09 . 2009-01-10 07:53 -------- d-----w c:\program files\Common Files\Adobe 2009-05-02 13:52 . 2008-12-08 02:36 -------- d-----w c:\program files\MSBuild 2009-05-02 10:20 . 2008-12-08 01:35 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-02 10:14 . 2009-02-28 16:53 -------- d-----w c:\program files\Firefly Studios 2009-05-02 10:07 . 2008-12-29 16:16 -------- d-----w c:\program files\Bethesda Softworks 2009-05-01 20:52 . 2009-01-28 21:42 -------- d-----w c:\program files\ffdshow 2009-04-29 18:20 . 2008-12-08 12:25 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job 2009-04-29 11:47 . 2008-12-08 01:41 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-29 11:16 . 2009-01-18 15:29 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-21 13:41 . 2009-04-02 12:58 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-04-21 13:41 . 2004-08-04 12:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2009-04-20 12:27 . 2008-12-08 10:00 -------- d-----w c:\program files\BitTorrent 2009-04-11 14:05 . 2008-12-08 12:25 -------- d-----w c:\program files\Common Files\Apple 2009-04-06 12:37 . 2008-12-08 01:50 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-03 20:42 . 2009-02-26 19:59 183112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-02 17:01 . 2009-04-02 17:01 210672 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-02 12:34 . 2009-04-02 12:34 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-02 12:34 . 2009-04-02 12:34 -------- d-----w c:\program files\Java 2009-04-02 00:12 . 2009-04-02 00:12 -------- d-----w c:\program files\DAEMON Tools Lite 2009-03-31 20:26 . 2008-12-08 09:49 82440 ----a-w c:\documents and settings\Whysper Lupus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-31 17:15 . 2009-03-31 17:15 -------- d-----w c:\program files\Microsoft Works 2009-03-31 17:13 . 2009-03-31 17:13 -------- d-----w c:\program files\Microsoft.NET 2009-03-31 16:51 . 2008-12-09 02:00 715248 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-29 21:53 . 2009-01-03 03:56 -------- d-----w c:\program files\Windows Desktop Search 2009-03-29 19:41 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-03-29 19:39 . 2008-12-08 01:25 23348 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-19 15:32 . 2008-12-08 12:26 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-17 19:05 . 2009-03-17 19:05 413696 ----a-w c:\windows\system32\wrap_oal.dll 2009-03-17 19:05 . 2009-03-17 19:05 110592 ----a-w c:\windows\system32\OpenAL32.dll 2009-03-13 12:42 . 2008-12-08 12:26 -------- d-----w c:\program files\QuickTime 2009-03-13 12:33 . 2009-03-13 12:33 -------- d-----w c:\program files\Bonjour 2009-03-08 03:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 03:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-05 21:44 . 2009-03-05 21:27 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2009-03-04 23:53 . 2009-03-03 00:00 -------- d-----w c:\program files\Microsoft Games 2009-02-28 22:37 . 2009-02-28 22:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll . ------- Sigcheck ------- [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2009-04-21 13:41 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS [-] 2009-04-21 13:41 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-04-30 209153] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-12-8 884838] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ] 2004-10-13 18:29 102400 ----a-w c:\windows\system32\DPWLEvHd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "autochk"=rundll32.exe c:\docume~1\LOCALS~1\protect.dll,_IWMPEvents@16 "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" "autochk"=rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16 "High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= "c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149] R3 pctplsg;pctplsg; [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-04-30 97480] S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-11-11 12298] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-04-30 388865] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-30 194817] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-30 108289] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-04-30 432897] S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-12 603904] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-04-30 69632] Quote
Zeke_Zane Posted May 3, 2009 Author Posted May 3, 2009 S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 32640] S3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\UsbdpFP.sys [2004-08-04 34560] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-03 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28] 2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-05-03 c:\windows\Tasks\User_Feed_Synchronization-{6711E175-A50D-432D-90AC-39AAC3EAF968}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.vampirefreaks.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = webcache.virginmedia.com:8080 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-03 18:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:ad,a3,b8,e4,4f,7f,b0,ab,ae,c2,1e,b9,a7,e1,78,14,00,d3,82,3d,2b,6b,1e, 66,bd,84,0b,81,59,d5,50,8f,4c,89,09,2b,5e,16,25,00,94,48,ae,06,ff,1e,05,5e,\ "??"=hex:90,64,52,bc,8f,d1,0b,c9,01,f6,6c,76,c3,8b,5b,e5 [HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:a3,c5,7b,a0,ee,10,ea,67,c9,c7,61,d0,96,c7,ab,ba,a5,92,2e,03,24, 6c,9e,bc,ae,27,c8,49,69,2c,5f,3c,eb,07,1f,99,87,e1,ad,c3,64,a8,bc,37,7c,b5,\ "rkeysecu"=hex:25,e1,26,5d,59,6e,42,ff,c8,5c,05,47,7e,d6,05,42 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1336) c:\windows\system32\DPGINA.dll c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\DPWLEvHd.dll - - - - - - - > 'lsass.exe'(1488) c:\windows\DPPWDFLT.dll - - - - - - - > 'Explorer.exe'(1048) c:\program files\DigitalPersona\Bin\DpOFeedb.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Intel\IDU\awServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\DigitalPersona\Bin\DpHost.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\DigitalPersona\Bin\DPFUSMgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-05-03 18:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-03 17:14 Pre-Run: 192,694,534,144 bytes free Post-Run: 192,499,822,592 bytes free Current=6 Default=6 Failed=3 LastKnownGood=7 Sets=1,2,3,4,5,6,7 338 --- E O F --- 2009-04-29 00:45 Quote
RandyL Posted May 4, 2009 Posted May 4, 2009 Zeke what are you using torrent software for? Were those games downloaded from a torrent? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.