Jump to content

Recommended Posts

Posted
for a few weeks now i have been getting re-directed to ad websites when i open links, it seems to specifically happen when i open links from google but has also happened from other sites. i have pc tools internet security and do regular full scans, have also used eset internet security and regularly run ad-aware, tune up utilities 2009 registry cleaner and uniblue spyeraser and have tried registry mechanic but none of these have been able to fix my problem. last few days have also been getting internet explorer crashes, have upgraded to IE8.0 but this hasnt fixed the problem. was just wondering if anyone could offer any suggestions as it is really starting to bug me now and i really dont want to have to do a clean windows install due to the amount of programs i have installed and amount of data stored
  • Replies 28
  • Created
  • Last Reply

Top Posters In This Topic

Guest Wolfeymole
Posted

Registry editors/cleaners are not worth a monkeys toss.

 

Have you tried doing a System Restore to when you think the problems started happening Zeke?

Posted
i tried that when it very first started but it didnt help, so did full scans with everything i had and removed anything adware or anything else found but still no luck
Posted

Hi Zeke,

 

From what you described I believe you still have malware on your machine. Ad-Aware is ok, but it doesn't pick up everything. The Eset scanner won't shift spyware, so I recommend you run through the full malware removal process. Its takes a bit of time, but its thorough and sorts out most problems.

 

  1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
  2. Perform all the steps in the order listed to avoid any conflicts.
  3. If unsure, please stop and voice your doubts.
  4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.

If you stick to the above guidelines, all should go smoothly.

 

 

================================================

STEP 1

  1. Download ATF-Cleaner by Atribune.
  2. Save the file to your Desktop.
  3. Double-click on the file to run the program.
  4. On the Main tab, check the Select All button.
  5. Next, click on the Firefox tab (if applicable) and check the Select All button.
     
    Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
     
     
  6. Now, click on the Opera tab (if applicable) and check the Select All button.
     
    Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
     
     
  7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
  8. Click on the Exit button to quit the program.

================================================

STEP 2

  1. Please click here to download Malwarebytes' Anti-Malware.
  2. Save the file to your Desktop.
  3. Double-click mbam-setup.exe and follow the prompts to install the program.
  4. At the end, make sure a check mark is placed next to:
     

    1. Update Malwarebytes' Anti-Malware
    2. Launch Malwarebytes' Anti-Malware

 

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

 

 

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

  1. Please click here to download SUPERAntiSpyware (Free Version).
  2. Save the file to your Desktop.
  3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
  4. Open SUPERAntiSpyware.
  5. Under Configuration and Preferences, click the Preferences button.
  6. Click the Scanning Control tab.
  7. Under Scanner Options make sure the following fields checked:
     

     

     

    [*]Click the Close button to leave the control center screen.

    [*]On the main screen, under Scan for Harmful Software click Scan your computer.

    [*]On the left, make sure you check mark All the Fixed Drives.

    [*]On the right, under Complete Scan, choose Perform Complete Scan.

    [*]Click Next to start the scan. Please be patient while it scans your computer.

    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

    [*]Make sure every entry has a check mark next to it and click Next.

    [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

    [*]Restart your computer.

    ================================================

    STEP 4

    1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
       
       
    2. Check mark the YES, I accept the Terms of Use box.
    3. Click the Start button.
    4. Click the Install button on the following screen.
    5. Click Start. This will will initialize and update the scanner engine.
    6. Check mark the box beside Remove found threats.
    7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
    8. Restart your computer.

    ================================================

    STEP 5

    1. Click on Start > Programs > Accessories > System Tools and select System Restore.
    2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
    3. Next, click on Start > Run, type Cleanmgr and click on OK.
    4. Click on the More Options tab.
    5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.

    This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

     

    Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

     

    Re-enable all your security applications and please return here and tell us how the computer seems to be operating.


Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Posted

when i have re-enabled my internet security it has started an intelli-scan which found the same 3 infections it seems to find everytime i run. if it helps they are -

 

1) Adware.Advertising

 

2)Aplication.TrackingCookies

 

3)Trojan.Adclicker - Also known as: Adware.Hiu.c AdWare.Win32.Agent.ak [Kaspersky] AdWare.Win32.Age

Posted

When you followed the steps above did they find anything and if so what?

 

There are different possibilities here but this is what I would try first:

 

Uninstall any programs that are suspicious or not needed that you may have downloaded as they may be reinstalling malware. Your registry programs come to mind and definitely uniblue spyeraser. Look for others such as P2P, smiley, my web or my search or anything else that you might suspect.

 

Make sure the MalwareBytes and SuperAntiSpyware are updated and this time run them in Safe Mode.

 

Report back what they find.

 

By the way is intelli-scan from PC-Tools?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

they were finding the same things that my pc tools internet security is fidning, plus a couple other adware infections.

 

ok thanks will give it a try and see what comes up and let you know.

 

yes intelli-scan is just one of the quick scans pc tools internet security does.

 

i have also just noticed, when i do a search from google or certain links on other sites, when i highlight the link, they show at the bottom of IE as what the link should be, but if i right click and check the links properties it is showing a different site.

Posted (edited)

ok this is all done now, and here are the logs for scans -

 

 

Malwarebytes' Anti-Malware 1.36

Database version: 2058

Windows 5.1.2600 Service Pack 3

29/04/2009 14:52:32

mbam-log-2009-04-29 (14-52-32).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|I:\|J:\|)

Objects scanned: 341243

Time elapsed: 1 hour(s), 53 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Default User\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Whysper Lupus\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Whysper Lupus\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

 

SUPERAntiSpyware

No malicious items found

 

 

 

ESET

Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted (after next restart)

C:\WINDOWS\Temp\msb.dll

Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted)

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll

Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted_

C:\WINDOWS\system32\config\systemprofile\protect.dll

Win32/Rootkit.Agent.NIZ trojan (unable to clean - deleted)

C:\WINDOWS\system32\autochk.dll

 

 

 

 

as soon as i have re-started my internet security, it has initiated a quick scan and is still finding infections and i still have the same problem, here is the log file from that.

 

Pc tools internet security

4/30/2009 17:03:22:890 Scan Started

Scan Type - Intelli-Scan

 

4/30/2009 17:03:24:890 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - 2o7.net/ 2o7.net

 

4/30/2009 17:03:24:890 Infection was detected on this computer

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - 7search.com/ 7search.com

 

4/30/2009 17:03:24:906 Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - ad.yieldmanager.com/ ad.yieldmanager.com

 

4/30/2009 17:03:24:906 Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - adtech.de/ adtech.de

 

4/30/2009 17:03:24:921 Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - atdmt.com/ atdmt.com

 

4/30/2009 17:03:24:937 Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - azjmp.com/ azjmp.com

 

4/30/2009 17:03:24:968 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - bs.serving-sys.com/ bs.serving-sys.com

 

4/30/2009 17:03:25:46 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - doubleclick.net/ doubleclick.net

 

4/30/2009 17:03:25:62 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ehg-eset.hitbox.com/ ehg-eset.hitbox.com

 

4/30/2009 17:03:25:171 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - hitbox.com/ hitbox.com

 

4/30/2009 17:03:25:203 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - imrworldwide.com/ imrworldwide.com

 

4/30/2009 17:03:25:203 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - livenation.122.2o7.net/ livenation.122.2o7.net

 

4/30/2009 17:03:25:234 Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - mediaplex.com/ mediaplex.com

 

4/30/2009 17:03:25:421 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - serving-sys.com/ serving-sys.com

 

4/30/2009 17:03:25:437 Infection was detected on this computer

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - statcounter.com/ statcounter.com

 

4/30/2009 17:03:25:500 Infection was detected on this computer

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - tribalfusion.com/ tribalfusion.com

 

4/30/2009 17:09:15:890 Scan Finished

Scan Type - Intelli-Scan

Items Processed - 287093

Threats Detected - 3

Infections Detected - 16

Infections Ignored - 0

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - tribalfusion.com/ tribalfusion.com

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - serving-sys.com/ serving-sys.com

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - livenation.122.2o7.net/ livenation.122.2o7.net

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - imrworldwide.com/ imrworldwide.com

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - hitbox.com/ hitbox.com

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - ehg-eset.hitbox.com/ ehg-eset.hitbox.com

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - doubleclick.net/ doubleclick.net

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - bs.serving-sys.com/ bs.serving-sys.com

 

4/30/2009 17:10:14:937 Infection cleaned

Threat Name - Application.TrackingCookies

Type - Cookie

Risk Level - Low

Infection - 2o7.net/ 2o7.net

 

4/30/2009 17:10:15:0 Infection cleaned

Threat Name - Spyware.Known_Bad_Sites

Type - Cookie

Risk Level - High

Infection - 7search.com/ 7search.com

 

4/30/2009 17:10:15:78 Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - statcounter.com/ statcounter.com

 

4/30/2009 17:10:15:78 Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - mediaplex.com/ mediaplex.com

 

4/30/2009 17:10:15:78 Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - azjmp.com/ azjmp.com

 

4/30/2009 17:10:15:78 Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - atdmt.com/ atdmt.com

 

4/30/2009 17:10:15:78 Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - adtech.de/ adtech.de

 

4/30/2009 17:10:15:78 Infection cleaned

Threat Name - Adware.Advertising

Type - Cookie

Risk Level - Low

Infection - ad.yieldmanager.com/ ad.yieldmanager.com

 

4/30/2009 17:10:17:109 Infections Quarantined/Removed Summary

Quarantined - 0

Quarantine Failed - 0

Removed - 16

Remove Failed - 0

 

 

 

 

*also, forgot to mention, since doing the scans in safe mode it is no longer alowing me to create system restore points, it just give me an error asking me to restart windows

Edited by Zeke_Zane
Posted

PC-Tools only picked up tracking cookies. Nothing to worry about there except that ATF and Superantispyware should have removed them.

 

Did you run the Eset online scanner?

 

Did you scan all your drives.

 

Do you have any external drives or USB storage devices attached?

 

Is your computer networked to any other computers?

 

Aside from System Restore not creating points is the system working correctly now?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

I noticed that the PC Tools scan was an Intelli-scan. That's not a full scan.

 

Does your PC Tools software have Spyware Doctor installed?

 

If so, run a full system scan with Spyware Doctor. Its not on the Extreme Tech Support - Free PC Help list of recommended products, but it is thorough, and I've used it with success a great deal.

 

Let us know the results.

Posted

Sorry Zeke I see you did run the Eset scan.

 

Scott has a point. Spyware Doctor is an option I hope you have.

 

Also a full scan can't hurt.

 

Thanks Scott.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

thanks for reply guys, full scan picks up same things, except a couple more infected files, will download spyware doctor and post results.

i do have external hd's but none are conected at the moment or have been recently. i am not networked to any other computers. i scanned all drives. apart freom system restore not working, i am still having problems with google redirecting to ads and since i have run all the scans on here, my computer is taking a lot longer to boot, boots up to desktop and just sits there, takes it about 60 seconds just to launch IE for the first time, but i dont see how that can be related to scans so thats probably something seperate that i can sort myself once i get the redirecting problem sorted.

Posted

ok i have just tried to install spyware doctor and been told that it is already installed as part of pc tools internet security so that had a full scan yesterday morning.

i have also tried using a different internet security suite from yesterday as i read a couple of really bad reviews of pc tools internet security so have upgraded to avira premium security suite, and run full scans which found the same infections as pc tools, but it found and removed more infected files.

Posted

Zeke something seems to be reinfecting you. Usually we don't ask for this but can you run Hijackthis for us? It will create a log file that you can save to notepad. Once the log is saved copy and paste the contents here.

 

TrendMicro™ HijackThis™ Download

 

Please download the latest version of HijackThis from Trend Micro and save it to your desktop.

  • Download HJTInstall.exe to your desktop.
  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log in your next reply.

Notes:

Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.

Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should

 

In the mean time I would avoid booting normally and connecting to the internet if you can. Use safemode with networking if possible.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

ok thanks for the fast reply, will do my best to stay in safe mode as much as possible.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59:11, on 01/05/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\IDU\awServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DigitalPersona\Bin\DpHost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = VampireFreaks.com - Gothic Industrial Culture

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.virginmedia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 11519 bytes

Posted

Thankyou for the log.

 

Let's try some different simple tools first.

 

Dr. Web Cure It is the first. After the Express Scan run the Complete Scan.

 

Kaspersky Online Scanner is the next one to try. Scan the entire computer.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted (edited)

while doing dr web scan my avira premium internet security suite found a few things dr web seemed to miss, so will post those at bottom after dr web log just so you can see what else is being found, quick scan result is earlier in the day as first full scan didnt complete so had to run twice. will complete kaspersky online scan now and post those results asap.

 

Dr Web Quick Scan Log

 

ovfsthxjwswulvh.sys;c:\windows\system32\drivers;BackDoor.Tdss.115;Deleted.;

 

 

 

Dr Web Full Scan Log

 

ConTest.dll;C:\WINDOWS\system32;Program.Fakespeedup;Deleted.;

ovfsthxmehpxjig.dll;C:\WINDOWS\system32;BackDoor.Tdss.141;Deleted.;

ovfsthxomhxafuw.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Deleted.;

ovfsthxwabvttvt.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Deleted.;

ovfsthxxbrqgqcs.dll;C:\WINDOWS\system32;BackDoor.Tdss.141;Deleted.;

ovfsthxyvetehhb.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Deleted.;

 

 

 

 

 

 

Avira Premium Internet Secuirity Log

 

 

02/05/2009 18:32 [Guard] Malware found

Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'

detected in file 'C:\System Volume

Information\_restore{CEFA4C9F-5C30-483E-8AF5-E40B6C9D05EF}\RP1\A0002384.dll.

Action performed: Overwrite file

02/05/2009 18:31 [Guard] Malware found

Virus or unwanted program 'APPL/NirCmd.2 [program]'

detected in file 'C:\System Volume

Information\_restore{CEFA4C9F-5C30-483E-8AF5-E40B6C9D05EF}\RP1\A0002369.exe.

Action performed: Overwrite file

02/05/2009 18:31 [Guard] Malware found

Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'

detected in file 'C:\WINDOWS\system32\ovfsthxrrftqjip.dll.

Action performed: Overwrite file

02/05/2009 15:35 [Guard] Malware found

Virus or unwanted program 'APPL/NirCmd.2 [program]'

detected in file 'C:\fixwareout\FindT\nircmd.exe.

Action performed: Overwrite file

02/05/2009 14:39 [Guard] Malware found

Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'

detected in file 'C:\WINDOWS\system32\ovfsthxioeiuwqp.dll.

Action performed: Delete file

02/05/2009 01:39 [Webguard] Malware found

When accessing data from the URL,

"Deleted link to malware site for safety reasons=

303585&s=183&e=google&v=icv13040901ie&q=the+elder+scrolls+5"

a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found.

Action taken: Blocked file

02/05/2009 01:39 [Webguard] Malware found

When accessing data from the URL,

"Deleted link to malware site for safety reasons=303585&s=183&e=google&v=icv13040901ie&q=oblivion+5"

a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found.

Action taken: Blocked file

02/05/2009 01:38 [Webguard] Malware found

When accessing data from the URL,

"Deleted link to malware site for safety reasons=

303585&s=183&e=google&v=icv13040901ie&q=oblivion+what+next"

a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found.

Action taken: Blocked file

02/05/2009 01:35 [Webguard] Malware found

When accessing data from the URL,

"Deleted link to malware site for safety reasons=

303585&s=183&e=google&v=icv13040901ie&q=oblivion+champion+what+next"

a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found.

Action taken: Blocked file

Edited by maynardvdm
Posted (edited)

We need you to run a couple of more specialized tools and post the logs once they have completed.

 

The first one is called Roguefix, and can be downloaded from here

 

Roguefix - Rogue scanner & Fake warning removal tool

 

The second one is called Combofix and can be downloaded from here

 

A guide and tutorial on using ComboFix

 

Before running them close any programs you have running and disable your antivirus/firewall software.

 

Be aware that in some circumstances Combofix could break your Windows installation, so make sure you do have backups if your data is important to you.

 

Run Roguefix, it will restart your PC when complete, then run Combofix.

 

Once both are complete please post the logfiles, and once that is done uninstall Combofix by doing this.

 

Start>Run>Combofix /u and press Enter

Edited by Tootech
Posted (edited)

sry if i am not much help but it looks like you got enough suggestions, i also suggest just googling for the info as this is not the first time a problem like this happend Link Removed

 

this guy solved it so it might help

 

but if the problem still persists and you need the net and haven't fixed it yet I use too have a similar problem and used no script (a Firefox addon) that solved it temporarily (the links worked fine as long as no script is active)

Edited by maynardvdm
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

logfile of scans by Roguefix V2.243

 

Scan performed on

The current date is: 03/05/2009

The current time is: 17:58:59.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~~~ Files found ~~~~

 

checking size of beep.sys

04/08/2004 01:00 PM 4,224 beep.sys

1 File(s) 4,224 bytes

beep.sys is not infected

 

Cleaned Temporary files

 

Cleaned Prefetch folder

Registry was cleaned and repaired

Posted

Couldnt fit log in 1 message so will post in 2

ComboFix 09-05-02.4 - Whysper Lupus 03/05/2009 18:04.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1758 [GMT 1:00]

Running from: c:\documents and settings\Whysper Lupus\My Documents\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

FW: Avira Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Internet Explorer\setup.exe

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000010_.tmp.dll

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\_000014_.tmp.dll

c:\windows\system32\_000015_.tmp.dll

c:\windows\system32\_000017_.tmp.dll

c:\windows\system32\_000018_.tmp.dll

c:\windows\system32\_000020_.tmp.dll

c:\windows\system32\_000021_.tmp.dll

c:\windows\system32\_000022_.tmp.dll

c:\windows\system32\_000023_.tmp.dll

c:\windows\system32\_000029_.tmp.dll

c:\windows\system32\lmppcsetup.exe

c:\windows\system32\ovfsthxehrqqwci.dat

c:\windows\system32\ovfsthxlog.dat

c:\windows\system32\ovfsthxnkvixmyq.dat

c:\windows\system32\ovfsthxowbslsoa.dat

.

((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))

.

2009-05-02 19:24 . 2009-05-02 19:24 -------- d-----w c:\program files\DivX

2009-05-02 19:24 . 2009-05-02 19:24 -------- d-----w c:\program files\Common Files\DivX Shared

2009-05-02 09:44 . 2009-05-02 18:06 -------- d-----w c:\documents and settings\Whysper Lupus\DoctorWeb

2009-05-02 02:14 . 2009-05-02 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts

2009-05-01 17:27 . 2009-05-01 17:27 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\Xilisoft Corporation

2009-05-01 17:21 . 2002-01-05 21:37 344064 ----a-w c:\windows\system32\msvcr70.dll

2009-05-01 17:21 . 2009-05-01 17:23 -------- d-----w c:\program files\Audio Convert Master

2009-04-30 20:00 . 2009-04-30 20:00 -------- d-----w c:\program files\Trend Micro

2009-04-30 19:53 . 2009-04-30 19:57 -------- d-----w C:\fixwareout

2009-04-30 17:51 . 2009-04-30 17:51 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\Avira

2009-04-30 17:45 . 2009-04-30 17:43 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-04-30 17:45 . 2009-04-30 17:43 69632 ----a-w c:\windows\system32\drivers\avfwim.sys

2009-04-30 17:45 . 2009-04-30 17:43 97480 ----a-w c:\windows\system32\drivers\avfwot.sys

2009-04-30 17:45 . 2009-04-30 17:45 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-04-30 17:45 . 2009-04-30 17:45 -------- d-----w c:\program files\Avira

2009-04-29 11:46 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-29 11:46 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-29 11:46 . 2009-04-29 11:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-28 20:22 . 2009-04-28 20:22 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-04-28 20:21 . 2009-04-30 16:03 -------- d-----w c:\program files\SUPERAntiSpyware

2009-04-28 20:21 . 2009-04-29 11:52 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\SUPERAntiSpyware.com

2009-04-28 19:26 . 2009-04-28 19:26 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\Malwarebytes

2009-04-28 19:26 . 2009-04-28 19:26 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-27 13:11 . 2009-04-27 13:11 -------- d-sh--w c:\documents and settings\Whysper Lupus\IECompatCache

2009-04-27 13:08 . 2009-04-27 13:08 -------- d-sh--w c:\documents and settings\Whysper Lupus\PrivacIE

2009-04-27 13:08 . 2009-04-27 13:08 -------- d-sh--w c:\documents and settings\LocalService\IETldCache

2009-04-27 13:06 . 2009-04-27 13:06 -------- d-sh--w c:\documents and settings\Whysper Lupus\IETldCache

2009-04-27 13:03 . 2009-04-27 13:03 -------- d-----w c:\windows\ie8updates

2009-04-27 13:01 . 2009-04-27 13:03 -------- dc-h--w c:\windows\ie8

2009-04-27 12:59 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll

2009-04-21 22:14 . 2009-04-21 22:16 -------- d-----w c:\windows\system32\NtmsData

2009-04-21 15:38 . 2009-04-21 15:38 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\PCToolsFirewallPlus

2009-04-21 15:38 . 2009-04-21 15:38 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\PCToolsSpamMonitorPlus

2009-04-21 15:36 . 2009-04-21 15:36 -------- d-----w c:\documents and settings\Whysper Lupus\Local Settings\Application Data\Threat Expert

2009-04-21 15:35 . 2009-04-28 02:43 -------- d-----w c:\program files\Browser Defender

2009-04-21 15:35 . 2009-05-02 13:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools

2009-04-21 15:02 . 2009-04-21 15:02 -------- d-----w c:\documents and settings\All Users\Application Data\sentinel

2009-04-21 14:53 . 2009-04-21 14:53 -------- d-----w c:\documents and settings\All Users\Application Data\Backup

2009-04-21 14:51 . 2009-04-21 15:43 -------- d-----w c:\program files\Common Files\Panda Software

2009-04-21 13:09 . 2009-04-21 13:09 -------- d-----w c:\windows\system32\Service

2009-04-20 20:37 . 2009-04-20 20:37 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Windows Search

2009-04-16 21:47 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

2009-04-16 21:47 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-16 21:47 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 21:47 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 21:47 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 21:47 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 21:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 21:47 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 21:47 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 21:47 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 21:47 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-14 15:46 . 2009-04-14 15:47 -------- d-----w c:\documents and settings\Whysper Lupus\Application Data\IGN_DLM

2009-04-11 15:04 . 2009-04-11 15:04 -------- d-----w c:\program files\Jowood

2009-04-11 14:05 . 2009-04-11 14:05 -------- d-----w c:\program files\iPod

2009-04-11 14:05 . 2009-04-11 14:05 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-11 14:05 . 2009-04-11 14:05 -------- d-----w c:\program files\iTunes

2009-04-07 12:54 . 2008-10-10 03:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll

2009-04-07 12:54 . 2008-10-10 03:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll

2009-04-07 12:53 . 2008-10-27 09:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll

2009-04-06 12:40 . 2009-04-06 12:40 -------- d-----w c:\program files\Community Patch Manager

2009-04-06 12:38 . 2009-04-06 12:38 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield

2009-04-06 12:14 . 2009-04-06 12:14 -------- d-----w c:\program files\Rockstar Games

2009-04-06 11:46 . 2009-04-06 11:46 271360 ----a-w c:\windows\system32\drivers\atksgt.sys

2009-04-06 11:46 . 2009-04-06 11:46 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys

2009-04-06 11:23 . 2009-04-06 13:06 -------- d-----w c:\program files\Gothic III

2009-04-05 20:04 . 2009-04-05 21:01 -------- d-----w c:\documents and settings\Whysper Lupus\Local Settings\Application Data\Oblivion

2009-04-03 20:42 . 2008-10-22 04:27 63040 ----a-w c:\windows\system32\PnkBstrA.exe

2009-04-03 20:42 . 2009-04-03 20:42 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-03 17:10 . 2008-12-12 02:13 502 ----a-w c:\windows\Tasks\1-Click Maintenance.job

2009-05-03 17:10 . 2008-12-08 01:33 6 ---ha-w c:\windows\Tasks\SA.DAT

2009-05-03 16:26 . 2009-04-27 13:11 438 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{6711E175-A50D-432D-90AC-39AAC3EAF968}.job

2009-05-02 14:09 . 2009-01-10 07:53 -------- d-----w c:\program files\Common Files\Adobe

2009-05-02 13:52 . 2008-12-08 02:36 -------- d-----w c:\program files\MSBuild

2009-05-02 10:20 . 2008-12-08 01:35 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-02 10:14 . 2009-02-28 16:53 -------- d-----w c:\program files\Firefly Studios

2009-05-02 10:07 . 2008-12-29 16:16 -------- d-----w c:\program files\Bethesda Softworks

2009-05-01 20:52 . 2009-01-28 21:42 -------- d-----w c:\program files\ffdshow

2009-04-29 18:20 . 2008-12-08 12:25 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job

2009-04-29 11:47 . 2008-12-08 01:41 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-04-29 11:16 . 2009-01-18 15:29 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-21 13:41 . 2009-04-02 12:58 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2009-04-21 13:41 . 2004-08-04 12:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS

2009-04-20 12:27 . 2008-12-08 10:00 -------- d-----w c:\program files\BitTorrent

2009-04-11 14:05 . 2008-12-08 12:25 -------- d-----w c:\program files\Common Files\Apple

2009-04-06 12:37 . 2008-12-08 01:50 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-03 20:42 . 2009-02-26 19:59 183112 ----a-w c:\windows\system32\PnkBstrB.exe

2009-04-02 17:01 . 2009-04-02 17:01 210672 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-04-02 12:34 . 2009-04-02 12:34 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-02 12:34 . 2009-04-02 12:34 -------- d-----w c:\program files\Java

2009-04-02 00:12 . 2009-04-02 00:12 -------- d-----w c:\program files\DAEMON Tools Lite

2009-03-31 20:26 . 2008-12-08 09:49 82440 ----a-w c:\documents and settings\Whysper Lupus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-31 17:15 . 2009-03-31 17:15 -------- d-----w c:\program files\Microsoft Works

2009-03-31 17:13 . 2009-03-31 17:13 -------- d-----w c:\program files\Microsoft.NET

2009-03-31 16:51 . 2008-12-09 02:00 715248 ----a-w c:\windows\system32\drivers\sptd.sys

2009-03-29 21:53 . 2009-01-03 03:56 -------- d-----w c:\program files\Windows Desktop Search

2009-03-29 19:41 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini

2009-03-29 19:39 . 2008-12-08 01:25 23348 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-19 15:32 . 2008-12-08 12:26 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-17 19:05 . 2009-03-17 19:05 413696 ----a-w c:\windows\system32\wrap_oal.dll

2009-03-17 19:05 . 2009-03-17 19:05 110592 ----a-w c:\windows\system32\OpenAL32.dll

2009-03-13 12:42 . 2008-12-08 12:26 -------- d-----w c:\program files\QuickTime

2009-03-13 12:33 . 2009-03-13 12:33 -------- d-----w c:\program files\Bonjour

2009-03-08 03:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 03:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-05 21:44 . 2009-03-05 21:27 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys

2009-03-04 23:53 . 2009-03-03 00:00 -------- d-----w c:\program files\Microsoft Games

2009-02-28 22:37 . 2009-02-28 22:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys

2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe

2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll

.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS

[-] 2009-04-21 13:41 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS

[-] 2009-04-21 13:41 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-04-30 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-12-8 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]

2004-10-13 18:29 102400 ----a-w c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"autochk"=rundll32.exe c:\docume~1\LOCALS~1\protect.dll,_IWMPEvents@16

"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe"

"autochk"=rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16

"High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=

"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]

R3 pctplsg;pctplsg; [x]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-04-30 97480]

S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-11-11 12298]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]

S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-04-30 388865]

S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-30 194817]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-30 108289]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-04-30 432897]

S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]

S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-12 603904]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-04-30 69632]

Posted

S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 32640]

S3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\UsbdpFP.sys [2004-08-04 34560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-05-03 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-05-03 c:\windows\Tasks\User_Feed_Synchronization-{6711E175-A50D-432D-90AC-39AAC3EAF968}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.vampirefreaks.com/

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = webcache.virginmedia.com:8080

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-03 18:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ad,a3,b8,e4,4f,7f,b0,ab,ae,c2,1e,b9,a7,e1,78,14,00,d3,82,3d,2b,6b,1e,

66,bd,84,0b,81,59,d5,50,8f,4c,89,09,2b,5e,16,25,00,94,48,ae,06,ff,1e,05,5e,\

"??"=hex:90,64,52,bc,8f,d1,0b,c9,01,f6,6c,76,c3,8b,5b,e5

[HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:a3,c5,7b,a0,ee,10,ea,67,c9,c7,61,d0,96,c7,ab,ba,a5,92,2e,03,24,

6c,9e,bc,ae,27,c8,49,69,2c,5f,3c,eb,07,1f,99,87,e1,ad,c3,64,a8,bc,37,7c,b5,\

"rkeysecu"=hex:25,e1,26,5d,59,6e,42,ff,c8,5c,05,47,7e,d6,05,42

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)

c:\windows\system32\DPGINA.dll

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\DPWLEvHd.dll

- - - - - - - > 'lsass.exe'(1488)

c:\windows\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(1048)

c:\program files\DigitalPersona\Bin\DpOFeedb.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Intel\IDU\awServ.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\DigitalPersona\Bin\DpHost.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\DigitalPersona\Bin\DPFUSMgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-05-03 18:15 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-03 17:14

Pre-Run: 192,694,534,144 bytes free

Post-Run: 192,499,822,592 bytes free

Current=6 Default=6 Failed=3 LastKnownGood=7 Sets=1,2,3,4,5,6,7

338 --- E O F --- 2009-04-29 00:45

Posted

Zeke what are you using torrent software for?

 

Were those games downloaded from a torrent?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...