Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91805 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] redirection and issues with firefox


  • This topic is locked This topic is locked
35 replies to this topic

#1 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 19 October 2009 - 04:51 AM

Hi, new to the forum I discovered this as i was looking up issues with a certain site called Allkpop, i like to go on there time to time and noticed that its been redirecting me. currently its the only website that does and hopefully its the only one that will. I hope to get rid of whatever this is in the bud. It re-directs me to various spam ad sites like asklots, the most recent one. Not sure if this redirection might be with the site itself and not me, but i rather be safe than sorry. Anyways i also been having issues with firefox, it takes a while to load up and sometimes it loads but closes back up, i have to click it a couple times to get it work lately. I have updated and did malware scans and nothing has turned up so i don't know the issues. i have suspected it to be spyware but nada. As well my brother said that something wrong with my network card, though i assumed it was just the frequency our router was on because i didn't have issues with it till last week suddenly and my brother suddenly had to. hopefully you guys can check if i have anything wrong, either way i think i might just reformat my whole system to start a new slate. thanks. here are my logs. Like to edit: I only use firefox, i dont use IE or other browsers. As well i looked up that askupgrade and it stated it was connected to a bittorent called Vuze? which i've never used, i don't use bittorents though i admit i have downloaded from programs like mediafire and 4shared. So i logged on allkpop on a different computer at school and it redirected me there. Is this something to do with their site and not me? thank you all again. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/19 06:46 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS Address: 0x89D02000 Size: 57344 File Visible: - Signed: - Status: - Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x8068E000 Size: 286720 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x81C35000 Size: 3903488 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x8AB3B000 Size: 294912 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x807AD000 Size: 32768 File Visible: - Signed: - Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x807B5000 Size: 122880 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS Address: 0x8071E000 Size: 40960 File Visible: - Signed: - Status: - Name: bcm4sbxp.sys Image Path: C:\Windows\system32\DRIVERS\bcm4sbxp.sys Address: 0x89CE2000 Size: 65536 File Visible: - Signed: - Status: - Name: bcmwl6.sys Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys Address: 0x89C04000 Size: 548864 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x8A7C7000 Size: 28672 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x80496000 Size: 32768 File Visible: - Signed: - Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0xA7288000 Size: 102400 File Visible: - Signed: - Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x91AB0000 Size: 57344 File Visible: - Signed: - Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0xA9FCE000 Size: 90112 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x8A005000 Size: 98304 File Visible: - Signed: - Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x804DF000 Size: 917504 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x85DA1000 Size: 135168 File Visible: - Signed: - Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x8049E000 Size: 266240 File Visible: - Signed: - Status: - Name: CmBatt.sys Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys Address: 0x823F1000 Size: 14208 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: C:\Windows\system32\DRIVERS\compbatt.sys Address: 0x8071B000 Size: 10496 File Visible: - Signed: - Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x8B83D000 Size: 53248 File Visible: - Signed: - Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x85DC2000 Size: 36864 File Visible: - Signed: - Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x8A5A0000 Size: 94208 File Visible: - Signed: - Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x85D90000 Size: 69632 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8A4D0000 Size: 151552 File Visible: - Signed: - Status: - Name: dsunidrv.sys Image Path: C:\Program Files\DellSupport\Drivers\dsunidrv.sys Address: 0xA73C9000 Size: 7424 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8B855000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8B84A000 Size: 45056 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x8B85D000 Size: 40960 File Visible: - Signed: - Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x89AB5000 Size: 651264 File Visible: - Signed: - Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x85D69000 Size: 159744 File Visible: - Signed: - Status: - Name: fastfat.SYS Image Path: C:\Windows\System32\Drivers\fastfat.SYS Address: 0xA9EE0000 Size: 163840 File Visible: - Signed: - Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x807D3000 Size: 65536 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x805BF000 Size: 204800 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x8A7B7000 Size: 36864 File Visible: - Signed: - Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x8AAF6000 Size: 110592 File Visible: - Signed: - Status: - Name: GEARAspiWDM.sys Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys Address: 0x8A01D000 Size: 40960 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x81C02000 Size: 208896 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x89B60000 Size: 577536 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Address: 0x8A5CE000 Size: 65536 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Address: 0x8AA00000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\Windows\system32\DRIVERS\hidusb.sys Address: 0x8ABF6000 Size: 36864 File Visible: - Signed: - Status: - Name: HSX_CNXT.sys Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys Address: 0x8A703000 Size: 737280 File Visible: - Signed: - Status: - Name: HSX_DPV.sys Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys Address: 0x8A600000 Size: 1060864 File Visible: - Signed: - Status: - Name: HSXHWAZL.sys Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys Address: 0x8A4F5000 Size: 249856 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0xA7200000 Size: 438272 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys Address: 0x89D9D000 Size: 77824 File Visible: - Signed: - Status: - Name: igdkmd32.sys Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys Address: 0x89406000 Size: 7008256 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: C:\Windows\system32\drivers\intelide.sys Address: 0x80781000 Size: 28672 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\Windows\system32\DRIVERS\intelppm.sys Address: 0x823E2000 Size: 61440 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x89DE8000 Size: 45056 File Visible: - Signed: - Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x8040E000 Size: 28672 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\Windows\system32\DRIVERS\ks.sys Address: 0x8A14D000 Size: 172032 File Visible: - Signed: - Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x82200000 Size: 462848 File Visible: - Signed: - Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0x8B949000 Size: 65536 File Visible: - Signed: - Status: - Name: luafv.sys Image Path: C:\Windows\system32\drivers\luafv.sys Address: 0x8B876000 Size: 110592 File Visible: - Signed: - Status: - Name: mcupdate_GenuineIntel.dll Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll Address: 0x80415000 Size: 458752 File Visible: - Signed: - Status: - Name: mdmxsdk.sys Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys Address: 0xA73CB000 Size: 12672 File Visible: - Signed: - Status: - Name: modem.sys Image Path: C:\Windows\system32\drivers\modem.sys Address: 0x8A0AA000 Size: 53248 File Visible: - Signed: - Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x8B867000 Size: 61440 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x89DDD000 Size: 45056 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\Windows\system32\DRIVERS\mouhid.sys Address: 0x8A5DE000 Size: 32768 File Visible: - Signed: - Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x8079D000 Size: 65536 File Visible: - Signed: - Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0xA72A1000 Size: 86016 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0xA72B6000 Size: 135168 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0xA72D7000 Size: 126976 File Visible: - Signed: - Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0xA72F6000 Size: 233472 File Visible: - Signed: - Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0xA732F000 Size: 98304 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x8A542000 Size: 45056 File Visible: - Signed: - Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x806DD000 Size: 32768 File Visible: - Signed: - Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x8A027000 Size: 192512 File Visible: - Signed: - Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x8237C000 Size: 176128 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x8A177000 Size: 40960 File Visible: - Signed: - Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x85D5A000 Size: 61440 File Visible: - Signed: - Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x82271000 Size: 1093632 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x8A0CE000 Size: 45056 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0x8B983000 Size: 40960 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x8A0D9000 Size: 143360 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x8A1C3000 Size: 69632 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x8ABCB000 Size: 57344 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x8AB83000 Size: 204800 File Visible: - Signed: - Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x823A7000 Size: 241664 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x8A54D000 Size: 57344 File Visible: - Signed: - Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x8ABEC000 Size: 40960 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x85C09000 Size: 1114112 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x81C35000 Size: 3903488 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x8A7C0000 Size: 28672 File Visible: - Signed: - Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0x8B959000 Size: 172032 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys Address: 0x89CF2000 Size: 62208 File Visible: - Signed: - Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x8ABB5000 Size: 90112 File Visible: - Signed: - Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x8070C000 Size: 61440 File Visible: - Signed: - Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x806E5000 Size: 159744 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: C:\Windows\system32\DRIVERS\pciide.sys Address: 0x80796000 Size: 28672 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS Address: 0x80788000 Size: 57344 File Visible: - Signed: - Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0xA9E02000 Size: 909312 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x81C35000 Size: 3903488 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8A4A3000 Size: 184320 File Visible: - Signed: - Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x80485000 Size: 69632 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: C:\Windows\System32\Drivers\PxHelp20.sys Address: 0x807E3000 Size: 37376 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x8A55B000 Size: 36864 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x8A0B7000 Size: 94208 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x8A0FC000 Size: 61440 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x8A10B000 Size: 81920 File Visible: - Signed: - Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x8A11F000 Size: 86016 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x81C35000 Size: 3903488 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x8A564000 Size: 245760 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x8A532000 Size: 32768 File Visible: - Signed: - Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x8A53A000 Size: 32768 File Visible: - Signed: - Status: - Name: rimmptsk.sys Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys Address: 0x89D2A000 Size: 57344 File Visible: - Signed: - Status: - Name: RimSerial.sys Image Path: C:\Windows\system32\DRIVERS\RimSerial.sys Address: 0x8A134000 Size: 27136 File Visible: - Signed: - Status: - Name: rimsptsk.sys Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys Address: 0x89D38000 Size: 81920 File Visible: - Signed: - Status: - Name: rixdptsk.sys Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys Address: 0x89D4C000 Size: 331776 File Visible: - Signed: - Status: - Name: RootMdm.sys Image Path: C:\Windows\System32\Drivers\RootMdm.sys Address: 0x8A0A2000 Size: 32768 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA9F39000 Size: 49152 File Visible: No Signed: - Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0x8B98D000 Size: 77824 File Visible: - Signed: - Status: - Name: sdbus.sys Image Path: C:\Windows\system32\DRIVERS\sdbus.sys Address: 0x89D10000 Size: 106496 File Visible: - Signed: - Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0xA9F08000 Size: 40960 File Visible: - Signed: - Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x8AB27000 Size: 81920 File Visible: - Signed: - Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x85D52000 Size: 32768 File Visible: - Signed: - Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0x8B899000 Size: 720896 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0xA736E000 Size: 311296 File Visible: - Signed: - Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0xA7347000 Size: 159744 File Visible: - Signed: - Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0xA726B000 Size: 118784 File Visible: - Signed: - Status: - Name: SSPORT.sys Image Path: C:\Windows\system32\Drivers\SSPORT.sys Address: 0xA9F12000 Size: 28672 File Visible: - Signed: - Status: - Name: storport.sys Image Path: C:\Windows\system32\DRIVERS\storport.sys Address: 0x8A056000 Size: 266240 File Visible: - Signed: - Status: - Name: stwrt.sys Image Path: C:\Windows\system32\drivers\stwrt.sys Address: 0x8A400000 Size: 667648 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x8A14B000 Size: 4992 File Visible: - Signed: - Status: - Name: SynTP.sys Image Path: C:\Windows\system32\DRIVERS\SynTP.sys Address: 0x89DB0000 Size: 172288 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x8AA0C000 Size: 958464 File Visible: - Signed: - Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0xA9F19000 Size: 49152 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x8A097000 Size: 45056 File Visible: - Signed: - Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x8AB11000 Size: 90112 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x8A13B000 Size: 65536 File Visible: - Signed: - Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x91A90000 Size: 36864 File Visible: - Signed: - Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x85DF6000 Size: 36864 File Visible: - Signed: - Status: - Name: tunnel.sys Image Path: C:\Windows\system32\DRIVERS\tunnel.sys Address: 0x85DEB000 Size: 45056 File Visible: - Signed: - Status: - Name: udfs.sys Image Path: C:\Windows\system32\DRIVERS\udfs.sys Address: 0x8B802000 Size: 241664 File Visible: - Signed: - Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x8A181000 Size: 53248 File Visible: - Signed: - Status: - Name: usbccgp.sys Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys Address: 0x8A5B7000 Size: 94208 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x89DDB000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x89CD3000 Size: 61440 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x8A18E000 Size: 217088 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x89C95000 Size: 253952 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys Address: 0x89C8A000 Size: 45056 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x8A7CE000 Size: 49152 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x8A7DA000 Size: 135168 File Visible: - Signed: - Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x80728000 Size: 61440 File Visible: - Signed: - Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x80737000 Size: 303104 File Visible: - Signed: - Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x85D19000 Size: 233472 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x8ABD9000 Size: 77824 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x89B54000 Size: 49152 File Visible: - Signed: - Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x80605000 Size: 507904 File Visible: - Signed: - Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x80681000 Size: 53248 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x91870000 Size: 2105344 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x91870000 Size: 2105344 File Visible: - Signed: - Status: - Name: wmiacpi.sys Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys Address: 0x85C00000 Size: 36864 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x806D4000 Size: 36864 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x81C35000 Size: 3903488 File Visible: - Signed: - Status: - Name: xaudio.sys Image Path: C:\Windows\system32\DRIVERS\xaudio.sys Address: 0xA9F25000 Size: 32768 File Visible: - Signed: - Status: - ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/19 06:46 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Program Files\Windows Media Player\wmpnscfg.exe PID: 408 Status: - Path: C:\Windows\System32\smss.exe PID: 428 Status: - Path: C:\Windows\System32\csrss.exe PID: 544 Status: - Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PID: 580 Status: - Path: C:\Windows\System32\wininit.exe PID: 588 Status: - Path: C:\Windows\System32\csrss.exe PID: 600 Status: - Path: C:\Windows\System32\services.exe PID: 632 Status: - Path: C:\Windows\System32\lsass.exe PID: 644 Status: - Path: C:\Windows\System32\lsm.exe PID: 652 Status: - Path: C:\Windows\System32\winlogon.exe PID: 704 Status: - Path: C:\Windows\System32\svchost.exe PID: 836 Status: - Path: C:\Program Files\Bonjour\mDNSResponder.exe PID: 848 Status: - Path: C:\Windows\System32\igfxpers.exe PID: 872 Status: - Path: C:\Windows\System32\svchost.exe PID: 900 Status: - Path: C:\Windows\System32\svchost.exe PID: 940 Status: - Path: C:\Windows\System32\svchost.exe PID: 1032 Status: - Path: C:\Windows\System32\svchost.exe PID: 1096 Status: - Path: C:\Windows\System32\svchost.exe PID: 1112 Status: - Path: C:\Windows\System32\audiodg.exe PID: 1184 Status: Locked to the Windows API! Path: C:\Windows\System32\svchost.exe PID: 1212 Status: - Path: C:\Windows\System32\SLsvc.exe PID: 1236 Status: - Path: C:\Windows\System32\svchost.exe PID: 1268 Status: - Path: C:\Windows\System32\svchost.exe PID: 1324 Status: - Path: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PID: 1404 Status: - Path: C:\Windows\System32\svchost.exe PID: 1444 Status: - Path: C:\Windows\System32\svchost.exe PID: 1452 Status: - Path: C:\Program Files\Dell\QuickSet\quickset.exe PID: 1504 Status: - Path: C:\Windows\System32\WLTRYSVC.EXE PID: 1600 Status: - Path: C:\Windows\System32\BCMWLTRY.EXE PID: 1612 Status: - Path: C:\Windows\System32\svchost.exe PID: 1720 Status: - Path: C:\Windows\System32\spoolsv.exe PID: 1816 Status: - Path: C:\Windows\System32\drivers\XAudio.exe PID: 1828 Status: - Path: C:\Windows\System32\svchost.exe PID: 1864 Status: - Path: C:\Windows\System32\WLTRAY.EXE PID: 1932 Status: - Path: C:\Windows\System32\SearchIndexer.exe PID: 2004 Status: - Path: C:\Program Files\Winamp\winampa.exe PID: 2160 Status: - Path: C:\Windows\System32\taskeng.exe PID: 2316 Status: - Path: C:\Windows\Samsung\PanelMgr\SSMMgr.exe PID: 2436 Status: - Path: C:\Windows\System32\dwm.exe PID: 2564 Status: - Path: C:\Windows\System32\taskeng.exe PID: 2576 Status: - Path: C:\Program Files\iPod\bin\iPodService.exe PID: 2704 Status: - Path: C:\Program Files\Windows Defender\MSASCui.exe PID: 2736 Status: - Path: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 2788 Status: - Path: C:\Program Files\Windows Media Player\wmpnetwk.exe PID: 2904 Status: - Path: C:\Program Files\iTunes\iTunesHelper.exe PID: 3144 Status: - Path: C:\Program Files\Digital Line Detect\DLG.exe PID: 3216 Status: - Path: C:\Windows\explorer.exe PID: 3324 Status: - Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PID: 3328 Status: - Path: C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PID: 3340 Status: - Path: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PID: 3408 Status: - Path: C:\Windows\System32\taskeng.exe PID: 3496 Status: - Path: C:\Windows\sttray.exe PID: 3548 Status: - Path: C:\Windows\ehome\ehtray.exe PID: 3656 Status: - Path: C:\Windows\ehome\ehmsas.exe PID: 3748 Status: - Path: C:\Windows\System32\hkcmd.exe PID: 3872 Status: - Path: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PID: 3936 Status: - Path: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PID: 17864 Status: - Path: C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe PID: 18040 Status: - Path: C:\Windows\System32\SearchFilterHost.exe PID: 28532 Status: - Path: C:\Windows\System32\conime.exe PID: 33164 Status: - Path: C:\Users\Marinin\Desktop\RootRepeal.exe PID: 34020 Status: - Path: C:\Windows\System32\SearchProtocolHost.exe PID: 34636 Status: - Path: C:\Program Files\Mozilla Firefox\firefox.exe PID: 35080 Status: - Path: C:\Program Files\Java\jre6\bin\jusched.exe PID: 35468 Status: - ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/19 06:46 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== SSDT ------------------- #: 000 Function Name: NtAcceptConnectPort Status: Not hooked #: 001 Function Name: NtAccessCheck Status: Not hooked #: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Not hooked #: 003 Function Name: NtAccessCheckByType Status: Not hooked #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Not hooked #: 005 Function Name: NtAccessCheckByTypeResultList Status: Not hooked #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Not hooked #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Not hooked #: 008 Function Name: NtAddAtom Status: Not hooked #: 009 Function Name: NtAddBootEntry Status: Not hooked #: 010 Function Name: NtAddDriverEntry Status: Not hooked #: 011 Function Name: NtAdjustGroupsToken Status: Not hooked #: 012 Function Name: NtAdjustPrivilegesToken Status: Not hooked #: 013 Function Name: NtAlertResumeThread Status: Not hooked #: 014 Function Name: NtAlertThread Status: Not hooked #: 015 Function Name: NtAllocateLocallyUniqueId Status: Not hooked #: 016 Function Name: NtAllocateUserPhysicalPages Status: Not hooked #: 017 Function Name: NtAllocateUuids Status: Not hooked #: 018 Function Name: NtAllocateVirtualMemory Status: Not hooked #: 019 Function Name: NtAlpcAcceptConnectPort Status: Not hooked #: 020 Function Name: NtAlpcCancelMessage Status: Not hooked #: 021 Function Name: NtAlpcConnectPort Status: Not hooked #: 022 Function Name: NtAlpcCreatePort Status: Not hooked #: 023 Function Name: NtAlpcCreatePortSection Status: Not hooked #: 024 Function Name: NtAlpcCreateResourceReserve Status: Not hooked #: 025 Function Name: NtAlpcCreateSectionView Status: Not hooked #: 026 Function Name: NtAlpcCreateSecurityContext Status: Not hooked #: 027 Function Name: NtAlpcDeletePortSection Status: Not hooked #: 028 Function Name: NtAlpcDeleteResourceReserve Status: Not hooked #: 029 Function Name: NtAlpcDeleteSectionView Status: Not hooked #: 030 Function Name: NtAlpcDeleteSecurityContext Status: Not hooked #: 031 Function Name: NtAlpcDisconnectPort Status: Not hooked #: 032 Function Name: NtAlpcImpersonateClientOfPort Status: Not hooked #: 033 Function Name: NtAlpcOpenSenderProcess Status: Not hooked #: 034 Function Name: NtAlpcOpenSenderThread Status: Not hooked #: 035 Function Name: NtAlpcQueryInformation Status: Not hooked #: 036 Function Name: NtAlpcQueryInformationMessage Status: Not hooked #: 037 Function Name: NtAlpcRevokeSecurityContext Status: Not hooked #: 038 Function Name: NtAlpcSendWaitReceivePort Status: Not hooked #: 039 Function Name: NtAlpcSetInformation Status: Not hooked #: 040 Function Name: NtApphelpCacheControl Status: Not hooked #: 041 Function Name: NtAreMappedFilesTheSame Status: Not hooked #: 042 Function Name: NtAssignProcessToJobObject Status: Not hooked #: 043 Function Name: NtCallbackReturn Status: Not hooked #: 044 Function Name: NtRequestDeviceWakeup Status: Not hooked #: 045 Function Name: NtCancelIoFile Status: Not hooked #: 046 Function Name: NtCancelTimer Status: Not hooked #: 047 Function Name: NtClearEvent Status: Not hooked #: 048 Function Name: NtClose Status: Not hooked #: 049 Function Name: NtCloseObjectAuditAlarm Status: Not hooked #: 050 Function Name: NtCompactKeys Status: Not hooked #: 051 Function Name: NtCompareTokens Status: Not hooked #: 052 Function Name: NtCompleteConnectPort Status: Not hooked #: 053 Function Name: NtCompressKey Status: Not hooked #: 054 Function Name: NtConnectPort Status: Not hooked #: 055 Function Name: NtContinue Status: Not hooked #: 056 Function Name: NtCreateDebugObject Status: Not hooked #: 057 Function Name: NtCreateDirectoryObject Status: Not hooked #: 058 Function Name: NtCreateEvent Status: Not hooked #: 059 Function Name: NtCreateEventPair Status: Not hooked #: 060 Function Name: NtCreateFile Status: Not hooked #: 061 Function Name: NtCreateIoCompletion Status: Not hooked #: 062 Function Name: NtCreateJobObject Status: Not hooked #: 063 Function Name: NtCreateJobSet Status: Not hooked #: 064 Function Name: NtCreateKey Status: Not hooked #: 065 Function Name: NtCreateKeyTransacted Status: Not hooked #: 066 Function Name: NtCreateMailslotFile Status: Not hooked #: 067 Function Name: NtCreateMutant Status: Not hooked #: 068 Function Name: NtCreateNamedPipeFile Status: Not hooked #: 069 Function Name: NtCreatePrivateNamespace Status: Not hooked #: 070 Function Name: NtCreatePagingFile Status: Not hooked #: 071 Function Name: NtCreatePort Status: Not hooked #: 072 Function Name: NtCreateProcess Status: Not hooked #: 073 Function Name: NtCreateProcessEx Status: Not hooked #: 074 Function Name: NtCreateProfile Status: Not hooked #: 075 Function Name: NtCreateSection Status: Not hooked #: 076 Function Name: NtCreateSemaphore Status: Not hooked #: 077 Function Name: NtCreateSymbolicLinkObject Status: Not hooked #: 078 Function Name: NtCreateThread Status: Not hooked #: 079 Function Name: NtCreateTimer DDS (Ver_09-06-26.01) - NTFSx86 Run by Marinin at 6:29:22.77 on 19/10/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.310 [GMT -4:00] SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Windows\sttray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Users\Marinin\Desktop\dds.scr C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522 uWindow Title = Internet Explorer provided by Dell mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522 uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)" -"http://www.miniclip....s/air-show/en/" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [SigmatelSysTrayApp] sttray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\marinin\appdata\roaming\mozilla\firefox\profiles\5xlkbqzp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\marinin\appdata\roaming\mozilla\firefox\profiles\5xlkbqzp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-10-18 5120] S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-2-21 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-21 29744] =============== Created Last 30 ================ 2009-10-14 01:32 218,624 a------- c:\windows\system32\msv1_0.dll 2009-10-14 01:32 3,548,216 a------- c:\windows\system32\ntoskrnl.exe 2009-10-14 01:32 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe 2009-10-14 01:20 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-14 00:14 <DIR> --d----- c:\programdata\Office Genuine Advantage 2009-10-11 21:03 <DIR> --d----- c:\users\marinin\Office Genuine Advantage 2009-10-10 19:20 <DIR> --d----- c:\users\marinin\appdata\roaming\Malwarebytes 2009-10-10 19:20 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-10 19:20 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-10 19:20 <DIR> --d----- c:\programdata\Malwarebytes 2009-10-10 19:20 <DIR> --d----- c:\progra~2\Malwarebytes 2009-10-10 19:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-07 06:29 2,421,760 a------- c:\windows\system32\wucltux.dll 2009-10-07 06:27 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-07 06:26 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-07 06:26 33,792 a------- c:\windows\system32\wuapp.exe 2009-10-02 12:52 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-09-30 23:48 <DIR> --d----- c:\program files\EA GAMES ==================== Find3M ==================== 2009-09-14 05:29 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-09-04 07:41 60,928 a------- c:\windows\system32\msasn1.dll 2009-09-02 23:13 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-02 23:13 51,200 a------- c:\windows\inf\infpub.dat 2009-09-02 23:12 143,360 a------- c:\windows\inf\infstor.dat 2009-09-02 17:35 665,600 a------- c:\windows\inf\drvindex.dat 2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll 2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll 2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll 2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll 2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-05-31 16:57 0 a------- c:\users\marinin\appdata\roaming\wklnhst.dat 2008-12-05 13:56 56 a---h--- c:\programdata\ezsidmv.dat 2008-12-05 13:56 56 a---h--- c:\progra~2\ezsidmv.dat 2008-10-04 07:37 174 a--sh--- c:\program files\desktop.ini 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 6:30:21.38 ===============

Attached Files


Edited by tokio, 19 October 2009 - 08:09 AM.

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 26 October 2009 - 11:17 AM

Hi tokio,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
  • Copy and paste the contents of the JavaRa log, in your next reply.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 31 October 2009 - 06:46 PM

Hey, okay so i tried using javara and the pop up for the logfile would not open or appear. i went looking for it and i see it nowhere. so i am unsure if you want me to continue on with the tfc clean, i also already have malwarebytes and i can do a quick scan again but it and along with avast has yet to even find any issues. Both are up to date. i actually got rid of some old files and alot of my temp files so my computer isn't as slow anymore. but once and a while if im on the site allkpop it sometimes redirects me. its hard to describe as i find it works good on some days and others not so much. thanks for the help

Edited by tokio, 31 October 2009 - 06:47 PM.


#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 01 November 2009 - 11:40 PM

tokio, Run TFC then provide me new DDS logs.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 05 November 2009 - 09:30 PM

I tried running the TFC but it just kept freezing on me. so i had to reboot it manually. I tried it twice and i figured it would do it again if i did it for a third time. So since TFC didn't work would you like for me to post new DDS lists? thanks!

Edited by tokio, 05 November 2009 - 09:31 PM.


#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 November 2009 - 11:23 PM

tokio, Yes. Please give it a try.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 08 November 2009 - 08:31 PM

here are my dds logs, i tried tfc again and still kept on freezing. DDS (Ver_09-06-26.01) - NTFSx86 Run by Marinin at 21:25:48.21 on 08/11/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.208 [GMT -5:00] SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Users\Marinin\Desktop\important carp**\dds.scr C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522 uWindow Title = Internet Explorer provided by Dell mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522 uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\marinin\appdata\roaming\mozilla\firefox\profiles\5xlkbqzp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\marinin\appdata\roaming\mozilla\firefox\profiles\5xlkbqzp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-22 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-22 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-22 53328] =============== Created Last 30 ================ 2009-11-04 12:01 1,638,912 a------- c:\windows\system32\mshtml.tlb 2009-10-28 01:12 310,784 a------- c:\windows\system32\unregmp2.exe 2009-10-28 01:12 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-10-22 19:31 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys 2009-10-20 22:35 1,601,536 a------- c:\windows\system32\stlang.dll 2009-10-20 22:35 102,400 a------- c:\windows\system32\stacsv.exe 2009-10-20 22:35 4,947,968 a------- c:\windows\system32\stacgui.cpl 2009-10-20 22:31 595,456 a------- c:\windows\system32\stapo.dll 2009-10-20 22:31 330,240 a------- c:\windows\system32\drivers\stwrt.sys 2009-10-20 22:31 328,704 a------- c:\windows\system32\stcplx.dll 2009-10-20 22:31 299,520 a------- c:\windows\system32\stapi32.dll 2009-10-20 22:31 146,944 a------- c:\windows\system32\st325614.dll 2009-10-20 22:31 45,568 a------- c:\windows\system32\ctppld.dll 2009-10-20 22:31 <DIR> --d----- c:\program files\SigmaTel 2009-10-14 00:32 218,624 a------- c:\windows\system32\msv1_0.dll 2009-10-14 00:32 3,548,216 a------- c:\windows\system32\ntoskrnl.exe 2009-10-14 00:32 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe 2009-10-14 00:20 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 23:14 <DIR> --d----- c:\programdata\Office Genuine Advantage 2009-10-11 20:03 <DIR> --d----- c:\users\marinin\Office Genuine Advantage 2009-10-10 18:20 <DIR> --d----- c:\users\marinin\appdata\roaming\Malwarebytes 2009-10-10 18:20 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-10 18:20 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-10 18:20 <DIR> --d----- c:\programdata\Malwarebytes 2009-10-10 18:20 <DIR> --d----- c:\progra~2\Malwarebytes 2009-10-10 18:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2009-11-02 20:42 195,456 -------- c:\windows\system32\MpSigStub.exe 2009-10-20 22:35 51,200 a------- c:\windows\inf\infpub.dat 2009-10-20 22:35 143,360 a------- c:\windows\inf\infstrng.dat 2009-10-20 22:34 143,360 a------- c:\windows\inf\infstor.dat 2009-09-14 04:29 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-09-04 06:41 60,928 a------- c:\windows\system32\msasn1.dll 2009-09-02 16:35 665,600 a------- c:\windows\inf\drvindex.dat 2009-08-28 21:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 21:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 21:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 21:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 19:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-28 19:14 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-27 00:22 916,480 a------- c:\windows\system32\wininet.dll 2009-08-27 00:17 109,056 a------- c:\windows\system32\iesysprep.dll 2009-08-27 00:17 71,680 a------- c:\windows\system32\iesetup.dll 2009-08-26 22:42 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-08-14 10:53 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 08:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 08:49 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 08:49 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 08:49 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 08:49 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 08:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-14 08:49 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 08:48 105,984 a------- c:\windows\system32\netiohlp.dll 2009-05-31 15:57 0 a------- c:\users\marinin\appdata\roaming\wklnhst.dat 2008-12-05 12:56 56 a---h--- c:\programdata\ezsidmv.dat 2008-12-05 12:56 56 a---h--- c:\progra~2\ezsidmv.dat 2008-10-04 06:37 174 a--sh--- c:\program files\desktop.ini 2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 21:28:17.44 ===============

Attached Files


Edited by tokio, 08 November 2009 - 08:32 PM.


#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 November 2009 - 09:48 PM

tokio,

Please go to add or remove programs in your control panel. Uninstall each of the following:

Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6

Your Java is out of date.

Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.



Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 08 November 2009 - 10:51 PM

brb. got it to work. brb with results. sorry about the bump. though i wasn't prompted to dl anything after updating. so unsure about that issue.

Edited by tokio, 08 November 2009 - 10:55 PM.


#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 November 2009 - 11:50 PM

tokio, Let's see what Kaspersky has to say.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#11 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 09 November 2009 - 01:02 AM

hey the results of my scan was one infection found in temp files. im sorry couldnt copy or post. one, it didn't give me a log file, so i viewed results and read infected temp file and so i tried to copy that but couldnt and now i cant even get on to kaspersky site as it wont load. I'll try to reload and post if i can. sorry.

#12 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 09 November 2009 - 12:46 PM

tokio,

If it's a temp file, it should have been removed when you ran TFC earlier. Seeing as how it still exists, we need to know more about it. I'm sorry but you may have to run Kaspersy again in order to get the information.

If you can't get Kaspersky to run again, try this other online scanner:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#13 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 09 November 2009 - 03:46 PM

I got it to work again, hope this helps. as well the reason why tfc didnt get rid of it is because everytime ive tried to get the program to work it comes up as zero items removed from temp files and it freezes on me. So im unsure why but ive tried couple times today with the same result. not sure what i could do to get it to work. thanks again. KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 9, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 09, 2009 10:30:17 Records in database: 3180654 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 149735 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 04:08:37 File name / Threat / Threats count C:\Users\Marinin\AppData\Local\Temp\plugtmp-53\plugin-pdf_4.php Infected: Exploit.Win32.Pidief.akn 1 Selected area has been scanned.

#14 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 09 November 2009 - 04:18 PM

tokio,

Let's try a little different tack here.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#15 tokio

tokio

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 09 November 2009 - 06:08 PM

here is the log file for combofix

ComboFix 09-11-08.03 - Marinin 09/11/2009 18:42.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.344 [GMT -5:00]
Running from: c:\users\Marinin\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1296867833-1063234781-1491833618-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-09 23:58 . 2009-11-09 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-28 06:12 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 06:12 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 00:32 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-23 00:32 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-23 00:32 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-23 00:32 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-23 00:32 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-23 00:31 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-23 00:31 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-23 00:31 . 2009-10-23 00:31 -------- d-----w- c:\program files\Alwil Software
2009-10-21 03:35 . 2007-09-13 18:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-10-21 03:35 . 2007-04-10 21:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-10-21 03:31 . 2007-09-13 18:46 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-10-21 03:31 . 2007-09-13 18:45 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-10-21 03:31 . 2007-09-13 18:45 595456 ----a-w- c:\windows\system32\stapo.dll
2009-10-21 03:31 . 2007-09-13 18:45 146944 ----a-w- c:\windows\system32\st325614.dll
2009-10-21 03:31 . 2007-09-13 18:44 299520 ----a-w- c:\windows\system32\stapi32.dll
2009-10-21 03:31 . 2007-03-05 17:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-10-21 03:31 . 2009-10-21 03:31 -------- d-----w- c:\program files\SigmaTel
2009-10-21 03:24 . 2009-10-21 03:24 -------- d-----w- c:\users\Marinin\AppData\Local\Apps
2009-10-21 03:24 . 2009-10-21 03:29 -------- d-----w- c:\users\Marinin\AppData\Local\Deployment
2009-10-19 10:27 . 2009-10-19 10:27 4096 d-----w- c:\program files\ERUNT
2009-10-14 05:32 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 05:32 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 05:32 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 05:20 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 04:14 . 2009-10-14 04:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-12 01:03 . 2009-10-12 01:03 -------- d-----w- c:\users\Marinin\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 04:04 . 2007-05-21 22:14 4096 d-----w- c:\program files\Java
2009-11-03 01:42 . 2009-10-02 16:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 11:37 . 2007-06-04 16:44 -------- d-----w- c:\users\Marinin\AppData\Roaming\BSplayer
2009-10-21 11:37 . 2007-06-04 16:44 -------- d-----w- c:\program files\Webteh
2009-10-14 07:44 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-14 07:13 . 2007-05-21 22:30 24576 d-----w- c:\program files\Microsoft Works
2009-10-12 00:45 . 2007-05-21 22:26 4096 d-----w- c:\programdata\McAfee
2009-10-12 00:01 . 2008-07-18 19:44 680 ----a-w- c:\users\Marinin\AppData\Local\d3d9caps.dat
2009-10-11 13:13 . 2007-06-02 12:07 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-10 23:20 . 2009-10-10 23:20 -------- d-----w- c:\users\Marinin\AppData\Roaming\Malwarebytes
2009-10-10 23:20 . 2009-10-10 23:20 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 23:20 . 2009-10-10 23:20 -------- d-----w- c:\programdata\Malwarebytes
2009-10-04 00:14 . 2009-10-01 03:48 -------- d-----w- c:\program files\EA GAMES
2009-09-27 01:39 . 2007-06-01 04:25 4096 d-----w- c:\program files\Winamp
2009-09-27 01:37 . 2007-06-01 04:25 4096 d-----w- c:\users\Marinin\AppData\Roaming\Winamp
2009-09-14 09:29 . 2009-10-14 05:31 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 18:54 . 2009-10-10 23:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-10 23:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 11:41 . 2009-10-14 05:31 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 21:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-29 00:27 . 2009-09-03 02:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 02:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 05:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 05:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 05:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 05:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 00:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 00:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 00:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 00:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 00:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 00:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 00:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 00:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 00:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 00:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 00:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-08-06 12:56 . 2008-08-06 12:56 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-05-22 05:52 . 2007-05-22 05:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-06 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 520192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-21 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-5-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(B):63,5e,ec,61,17,2c,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22/10/2009 7:32 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/10/2009 7:32 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/10/2009 7:31 PM 53328]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [18/10/2007 2:36 PM 5120]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [21/02/2009 12:10 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/05/2007 5:29 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{EC955D27-72D3-4D53-8E88-14C618900E31}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Marinin\AppData\Roaming\Mozilla\Firefox\Profiles\5xlkbqzp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Marinin\AppData\Roaming\Mozilla\Firefox\Profiles\5xlkbqzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 19:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-10 19:06
ComboFix-quarantined-files.txt 2009-11-10 00:06

Pre-Run: 40,344,080,384 bytes free
Post-Run: 44,131,917,824 bytes free

- - End Of File - - 42CA7457B91C5BEAAC614849C2A960F3

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users