Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page computer's gone bananas, Its a redirecting.... help pls.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 05-16-2009, 05:32 PM   #1 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


computer's gone bananas, Its a redirecting.... help pls.
Hi im being redirected to other sites using google search or any other search engine, I've had one blue screen so far and for the past week nod32 has been blocking trojan and viruses when I use the computer or when ever I do a start up. Disconnecting the computer from the internet seems to have stopped the virus alerts from my anti virus, how ever Im noticing a slowdown not a lot but there seems to be something running on the background especially Iexplore.exe seems to be running even if im not using it and a strange music played one time while I was editing my photos im not getting that anymore since the network disconnection, I only connect it when I start up my computer to update my anti virus then unplug again. Also firefox shuts down when ever I try to type anything on the address bar... its very strange, please help.

[currently using second computer for the internet]

here's the DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by rayz at 16:05:06.73 on 16/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1467 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
E:\program files 2\OmniPage SE\opware32.exe
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
E:\program files 2\adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\rayz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files 2\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {be83c3b6-0f77-436c-88b1-a56124a743cb} - MS extension
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files 2\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [<NO NAME>]
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Omnipage] e:\program files 2\omnipage se\opware32.exe
mRun: [VBTUCopy] c:\program files\vbtucopy\VBTUCopy.exe /a /f
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Photo Downloader] "e:\program files 2\adobe\adobe lightroom\apdproxy.exe"
mRun: [Acrobat Assistant 8.0] "e:\program files 2\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\rayz\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Append to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Fly - smart.dll
Notify: Love - LoveFly.dll
Notify: winzlo32 - winzlo32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rayz\applic~1\mozilla\firefox\profiles\g9gx3bqm.default\
FF - prefs.js: browser.search.selectedEngine - eBay Canada
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 app_filter;app_filter;c:\program files\nvidia corporation\networkaccessmanager\bin\nSvcAppFlt.exe [2004-11-24 139264]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-1 31744]

=============== Created Last 30 ================

2009-05-12 15:35 15,771 a------- c:\windows\st_1242186197.exe
2009-05-12 15:35 14,904 a------- c:\windows\st_1242167764.exe
2009-05-11 12:31 16,364 a------- c:\windows\st_1242088745.exe
2009-05-10 16:58 16,364 a------- c:\windows\st_1242018360.exe
2009-05-09 14:33 15,776 a------- c:\windows\st_1241923261.exe
2009-05-09 14:33 14,904 a------- c:\windows\st_1241904808.exe
2009-05-08 11:14 15,776 a------- c:\windows\st_1241824933.exe
2009-05-07 16:15 15,776 a------- c:\windows\st_1241756581.exe
2009-05-07 16:15 15,492 a------- c:\windows\st_1241738151.exe
2009-05-06 21:50 45,056 a------- c:\windows\system32\inform.dat
2009-05-06 21:50 56 a------- c:\windows\system32\mjwa
2009-05-05 15:09 14,316 a------- c:\windows\st_1241579818.exe
2009-05-04 19:07 2 ----h--- c:\windows\t55ft2692f44.dat
2009-05-04 19:07 268 a------- c:\windows\system32\kjs
2009-04-27 14:23 <DIR> --d----- c:\program files\QuickTax 2008

==================== Find3M ====================

2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll

============= FINISH: 16:06:13.56 ===============
Attached Files
File Type: zip Attach.zip (4.0 KB, 5 views)
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-16-2009, 09:04 PM   #2 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi gillbills

Please complete the logs we needed for analysis. You are lacking of GMER.

Please visit this link:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

And complete the instruction for GMER.

Post it here after you are done. I'll be waiting for it.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2009, 09:53 PM   #3 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hi Mark,
thanks for the quick reply I tried to run gmer but it wont start I tried to redownload it but still nothing I even rebooted the computer.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2009, 10:10 PM   #4 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
ok wait renaming it "gt0279a.exe" seems to work scanning now....
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2009, 06:47 AM   #5 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hi mark,

I attached the ark file that you requested sorry it took so long to scan (11 hrs)
I have over 10000 pictures on my computer and other files as well, thank you
again for your assistance. I have some errands to run today so I will be back at 16:00 pacific time.

Thanks
Attached Files
File Type: zip attach.zip (1.4 KB, 9 views)
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2009, 06:57 AM   #6 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi.


Quote:
I attached the ark file that you requested sorry it took so long to scan (11 hrs)
I have over 10000 pictures on my computer and other files as well, thank you
again for your assistance. I have some errands to run today so I will be back at 16:00 pacific time.
No problem.

I am sorry to inform you that we are dealing with Password Stealers now.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

By the way, you also got rootkit =) Read more about it here. We will also deal with it.

-------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.

  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
Last edited by mas_pogi; 05-17-2009 at 06:58 AM.
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2009, 06:12 PM   #7 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
hello again Mark, thanks for the notice.

*panics!!! I just did some online banking and paypal and ebay accounts tooo... oh noes

Will change all password now and notify the bank right away.

now for combo-fix.

Strange Microsoft Windows Recovery Console did not install, but it still created a log... hopefully it alright, or should I disable the firewall too?


*************************************************
ComboFix 09-05-17.03 - rayz 17/05/2009 16:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1600 [GMT -7:00]
Running from: c:\documents and settings\rayz\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\rayz\Application Data\wiaserva.log
c:\program files\safety bar
c:\program files\safety bar\Uninstall.bat
c:\recycler\S-1-5-21-2025429265-1275210071-682003330-501\Dc3\Cover letter_inquiries assistant.lnk
c:\recycler\S-1-5-21-2025429265-1275210071-682003330-501\Dc3\Email.lnk
c:\recycler\S-1-5-21-2025429265-1275210071-682003330-501\Dc3\Resume_adminassistant.lnk
c:\recycler\S-1-5-21-2025429265-1275210071-682003330-501\INFO2
c:\windows\system32\components
c:\windows\system32\disk.dll
c:\windows\system32\drivers\UACentnbmqekvssfol.sys
c:\windows\system32\inform.dat
c:\windows\system32\kjs
c:\windows\system32\UACbqvtredphxndiww.dll
c:\windows\system32\UACdyrjdmpihfvpmkj.log
c:\windows\system32\UACehkcbfvrmoqghxe.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkdpulpwjpygfswv.log
c:\windows\system32\UACkhmyqspnrodqqya.dat
c:\windows\system32\UACsipxviqufaqukyp.dll
c:\windows\system32\UACvbldrhkxiucoujr.log
c:\windows\system32\UACwcfxumasbiqtjko.dll
c:\windows\system32\UACwrsytabwemxbfxw.dll
c:\windows\t55ft2692f44.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-14 00:26 . 2009-05-14 00:26 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\ESET
2009-05-12 22:35 . 2009-05-12 22:35 15771 ----a-w c:\windows\st_1242186197.exe
2009-05-12 22:35 . 2009-05-12 22:35 14904 ----a-w c:\windows\st_1242167764.exe
2009-05-11 19:31 . 2009-05-11 19:31 16364 ----a-w c:\windows\st_1242088745.exe
2009-05-10 23:58 . 2009-05-10 23:58 16364 ----a-w c:\windows\st_1242018360.exe
2009-05-09 21:33 . 2009-05-09 21:33 15776 ----a-w c:\windows\st_1241923261.exe
2009-05-09 21:33 . 2009-05-09 21:33 14904 ----a-w c:\windows\st_1241904808.exe
2009-05-08 18:14 . 2009-05-08 18:14 15776 ----a-w c:\windows\st_1241824933.exe
2009-05-07 23:15 . 2009-05-07 23:15 15776 ----a-w c:\windows\st_1241756581.exe
2009-05-07 23:15 . 2009-05-07 23:15 15492 ----a-w c:\windows\st_1241738151.exe
2009-05-05 22:09 . 2009-05-05 22:09 14316 ----a-w c:\windows\st_1241579818.exe
2009-04-27 21:23 . 2009-04-27 21:53 -------- d-----w c:\program files\QuickTax 2008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 07:50 . 2008-04-21 04:10 -------- d-----w c:\program files\QuickTax 2007
2009-05-15 09:24 . 2006-08-01 18:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-15 06:42 . 2006-08-03 02:34 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-15 05:50 . 2006-08-06 20:10 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-15 05:49 . 2006-08-01 23:13 -------- d-----w c:\program files\FlashGet
2009-05-03 04:18 . 2006-08-15 02:41 131808 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 17:45 . 2006-08-01 18:25 131808 ----a-w c:\documents and settings\rayz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 21:23 . 2007-04-09 17:30 -------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-04-04 05:27 . 2006-08-02 07:26 -------- d-----w c:\program files\DivX
2009-04-04 05:27 . 2009-04-04 05:27 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-08 1410296]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-11 84480]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-08 131072]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-25 266240]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Omnipage"="e:\program files 2\OmniPage SE\opware32.exe" [2002-06-03 49152]
"VBTUCopy"="c:\program files\VBTUCopy\VBTUCopy.exe" [2005-01-27 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"Acrobat Assistant 8.0"="e:\program files 2\adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\rayz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/07/2008 9:04 AM 34312]
R2 app_filter;app_filter;c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [24/11/2004 6:10 PM 139264]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [01/07/2008 9:02 AM 468224]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [01/08/2006 3:08 PM 31744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BE83C3B6-0F77-436c-88B1-A56124A743CB} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-Adobe Photo Downloader - e:\program files 2\adobe\Adobe lightroom\apdproxy.exe
Notify-winzlo32 - winzlo32.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\documents and settings\rayz\Application Data\Mozilla\Firefox\Profiles\g9gx3bqm.default\
FF - prefs.js: browser.search.selectedEngine - eBay Canada
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 17:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1275210071-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1275210071-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5e,b7,3d,ac,f3,cc,dd,be,d0,05,1d,89,a7,0c,23,fb,0f,3f,d0,4a,46,5a,08,
da,55,7b,7f,89,13,36,93,00,5f,56,f1,50,7b,08,2c,4a,43,55,1e,f0,55,78,07,86,\
"??"=hex:36,35,85,5b,77,76,f6,b2,b7,27,cd,ab,93,82,32,5f

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-18 17:01
ComboFix-quarantined-files.txt 2009-05-18 00:01

Pre-Run: 46,281,363,456 bytes free
Post-Run: 58,206,154,752 bytes free

193 --- E O F --- 2009-05-15 05:35
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-18-2009, 12:38 AM   #8 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hi Mark,

A little update...
I loaded up firefox and its not redirecting my google search results anymore, however my anti virus just blocked 7 trojans (in the past 7 hrs) trying to install its self and I have a feeling there is still something running on the background.
maybe this is the rootkit you mentioned earlier.

anyways I hope this info might help.

thanks.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-18-2009, 10:01 AM   #9 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi.
Quote:
*panics!!! I just did some online banking and paypal and ebay accounts tooo... oh noes

Will change all password now and notify the bank right away.
Relax. Don't panic. Just do what is necessary. Calm down.
Quote:
however my anti virus just blocked 7 trojans (in the past 7 hrs) trying to install its self and I have a feeling there is still something running on the background.
maybe this is the rootkit you mentioned earlier.
What file did it caught? Can you still remember it? Can you also post the ESET log?

-------------------------------------------------------------------------
Read through the instructions before your proceed.

--------------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/376682-computers-gone-bananas-its-redirecting-help-pls.html#post2140315

COLLECT::
c:\windows\st_1242186197.exe
c:\windows\st_1242167764.exe
c:\windows\st_1242088745.exe
c:\windows\st_1241923261.exe
c:\windows\st_1241824933.exe
c:\windows\st_1241738151.exe
c:\windows\st_1241579818.exe

FILE::
c:\windows\st_1242018360.exe
c:\windows\st_1241904808.exe
c:\windows\st_1241756581.exe

REGISTRY::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"=dword:00000000
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.
-------------------------------------------------------------------------

Your Java is out of date.
Java(TM) SE Runtime Environment 6 Update 1 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

-------------------------------------------------------------------------

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
------------------------------------------------------------------------

How's your computer?



In your reply, please post

C:\combofix.txt
Kaspersky scan result
Answer to my questions

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-18-2009, 10:13 PM   #10 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hi Mark,

I ran the combofix, and the Microsoft Windows Recovery Console installed this time.

I've updated java and no problems there, the Kaspersky Online Scanner - however crashes and reboots my computer after reaching 28% I saw it finish scanning my C: drive and seemed to have detected several threats. but like I said it crashes after that.

I included the nod32 log at the bottom.

=============
COMBOFIX
=============

ComboFix 09-05-17.03 - rayz 18/05/2009 16:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1511 [GMT -7:00]
Running from: c:\documents and settings\rayz\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\rayz\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
c:\windows\st_1241756581.exe
c:\windows\st_1241904808.exe
c:\windows\st_1242018360.exe

file zipped: c:\windows\st_1241579818.exe
file zipped: c:\windows\st_1241738151.exe
file zipped: c:\windows\st_1241824933.exe
file zipped: c:\windows\st_1241923261.exe
file zipped: c:\windows\st_1242088745.exe
file zipped: c:\windows\st_1242167764.exe
file zipped: c:\windows\st_1242186197.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\st_1241579818.exe
c:\windows\st_1241738151.exe
c:\windows\st_1241756581.exe
c:\windows\st_1241824933.exe
c:\windows\st_1241904808.exe
c:\windows\st_1241923261.exe
c:\windows\st_1242018360.exe
c:\windows\st_1242088745.exe
c:\windows\st_1242167764.exe
c:\windows\st_1242186197.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-14 00:26 . 2009-05-14 00:26 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\ESET
2009-04-27 21:23 . 2009-04-27 21:53 -------- d-----w c:\program files\QuickTax 2008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 07:50 . 2008-04-21 04:10 -------- d-----w c:\program files\QuickTax 2007
2009-05-15 09:24 . 2006-08-01 18:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-15 06:42 . 2006-08-03 02:34 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-15 05:50 . 2006-08-06 20:10 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-15 05:49 . 2006-08-01 23:13 -------- d-----w c:\program files\FlashGet
2009-05-03 04:18 . 2006-08-15 02:41 131808 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 17:45 . 2006-08-01 18:25 131808 ----a-w c:\documents and settings\rayz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 21:23 . 2007-04-09 17:30 -------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-04-04 05:27 . 2006-08-02 07:26 -------- d-----w c:\program files\DivX
2009-04-04 05:27 . 2009-04-04 05:27 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-05-18 1217784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-11 84480]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-08 131072]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-25 266240]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Omnipage"="e:\program files 2\OmniPage SE\opware32.exe" [2002-06-03 49152]
"VBTUCopy"="c:\program files\VBTUCopy\VBTUCopy.exe" [2005-01-27 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"Acrobat Assistant 8.0"="e:\program files 2\adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\rayz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/07/2008 9:04 AM 34312]
R2 app_filter;app_filter;c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [24/11/2004 6:10 PM 139264]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [01/07/2008 9:02 AM 468224]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [01/08/2006 3:08 PM 31744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files 2\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\documents and settings\rayz\Application Data\Mozilla\Firefox\Profiles\g9gx3bqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 16:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1275210071-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1275210071-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5e,b7,3d,ac,f3,cc,dd,be,d0,05,1d,89,a7,0c,23,fb,0f,3f,d0,4a,46,5a,08,
da,55,7b,7f,89,13,36,93,00,5f,56,f1,50,7b,08,2c,4a,43,55,1e,f0,55,78,07,86,\
"??"=hex:36,35,85,5b,77,76,f6,b2,b7,27,cd,ab,93,82,32,5f

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-18 16:06
ComboFix-quarantined-files.txt 2009-05-18 23:06

Pre-Run: 58,126,475,264 bytes free
Post-Run: 58,112,794,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

179 --- E O F --- 2009-05-15 05:35
Upload was successful

===============================
NOD32 DELETED THREATS LOG FILE
===============================

18/05/2009 8:44:04 PM Real-time file system protection file C:\System Volume Information\_restore{9F49B6BC-3410-4E92-97AA-30A295DE6D4B}\RP872\A0116990.dll Win32/Olmarik.HC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
17/05/2009 10:37:20 PM Real-time file system protection file C:\System Volume Information\_restore{9F49B6BC-3410-4E92-97AA-30A295DE6D4B}\RP872\A0116989.dll Win32/Olmarik.HC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
17/05/2009 9:30:55 PM Real-time file system protection file C:\System Volume Information\_restore{9F49B6BC-3410-4E92-97AA-30A295DE6D4B}\RP872\A0116988.dll Win32/Olmarik.GX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
17/05/2009 8:29:50 PM Real-time file system protection file C:\System Volume Information\_restore{9F49B6BC-3410-4E92-97AA-30A295DE6D4B}\RP872\A0116987.dll Win32/Olmarik.GY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
17/05/2009 7:35:07 PM Real-time file system protection file C:\System Volume Information\_restore{9F49B6BC-3410-4E92-97AA-30A295DE6D4B}\RP872\A0116986.dll Win32/Olmarik.GW trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
17/05/2009 6:31:01 PM Real-time file system protection file C:\System Volume Information\_restore{9F49B6BC-3410-4E92-97AA-30A295DE6D4B}\RP872\A0116985.sys Win32/Olmarik.HU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
17/05/2009 4:57:42 PM Real-time file system protection file C:\DOCUME~1\rayz\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\cmd.exe.
17/05/2009 3:34:07 PM Startup scanner file \\?\globalroot\systemroot d


_____________________________

Ill try and run Kaspersky Online Scanner maybe with just the C: it might work.

and as for my computer like I said the redirects were gone but the trojan attacks remain.

thanks again for looking, and sorry it took so long.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-18-2009, 11:50 PM   #11 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
:Update:

I tried to scan with just C: drive and still it will crash and reboot... dont know what to do with kaspersky now.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2009, 02:10 AM   #12 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
UPDATE+

hello again Mark,

A new problem so I thought my computer crashes when ever I run the kaspersky, but now my computer crashes and reboots on its own when left on idle. I just noticed it when I left it a lone for 1 hr with out anything running. I checked power management and everything seems fine and auto off is not on.... very strange.

Good news is Iexplore.exe doesn't run by it's self anymore.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2009, 08:40 AM   #13 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi Rayz.

I have few more question before I give you my instructions.

Aside from your computer crashes when doing online scan, are you getting some pop ups? How often does ESET found an infected file? What other thing have you noticed? Slowness?

If you encounter ESET will block another attempt, could have a screen shot of it?

Thank you very much for your patience.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2009, 09:37 AM   #14 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hi Mark,

There are no more pop ups, when I browse (thank you firefox), and the infected file varies I've never seen it before but for the last 2 weeks I've gotten several virus alerts - but after your help it has greatly reduced, as to before I get 5-8 virus/trojan alerts. And as for slowness I think its almost back to normal I see a hick-ups here and there but maybe that's just me running too many applications at the same time.

I will do a screen shot later as I'm at work right now, and also I will attempt to run the online scanner again and disable the firewall as well and also adblock from firefox, and hope my computer wont crash

Oh and windows I saw that windows is prompting me to update to sp3 for my XP, should I do it or wait until my computer is clean.

[Oh did I mention its not redirecting my search links anymore ]

I really appreciate all your help

-thanks
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2009, 09:48 AM   #15 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi.

Quote:
, and also I will attempt to run the online scanner again and disable the firewall as well and also adblock from firefox, and hope my computer wont crash
Lets hold that one for the meantime. Wait for my further instructions.


Quote:
Oh and windows I saw that windows is prompting me to update to sp3 for my XP, should I do it or wait until my computer is clean.
This one too. I will ask you to update it after your computer is cleared with infection.

Give me some time to review and prepare your fix.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2009, 09:58 AM   #16 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Roger that ^^

Ill check back later after work then. - thanks for checking.



*goes back to work.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2009, 06:40 PM   #17 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi Rayz

Create a new System restore point

The easiest and safest way to do this is:
  • Goto
  • Click on Control Panel . At the Control Panel, choose Switch to Classsic View.
  • Look for SYSTEM, double-click it and find the System Restore tab.
  • Turn off the System Restore by clicking here
    It is set to off when there is check mark on it. Then APPLY to confirm.
  • Lets turn it on again to create a new restore point. Simply uncheck the
    then click on APPLY to confirm.
  • Now we have a new restore point.

Let me know if it is successful.
-------------------------------------------------------------------------

Your last log doesn't show any baddies anymore.

I want to gather more information about the alert you are getting. Does firewall also block some attempt to connect outside? Please post the latest ESET log so that I could review what was blocked recently.

As I have ask in my previous post, a screenshot will greatly help.


Thanks.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-20-2009, 03:31 AM   #18 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hello Mark,

Very late reply Im sorry, been very busy. Anyways I've created the system restore point, and it was a success.

For the virus alert I got non today however when I did a scan today it did detect the files that combofix created as a virus, and has been transferred to quarantine.

I dont really know how my firewall works but if I understand it correctly the firewall that windows xp has blocks off access going in to the computer but doesn't block out going info. I also believe my router comes with a firewall and how it work I dont really know all I know is it has one when I bought it

As for my computer it seems to be doing fine now. No crashes so far even when idle.

Many thanks
Attached Images
File Type: jpg log-screen.jpg (546.1 KB, 4 views)
Last edited by gill.bates; 05-20-2009 at 03:34 AM.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-20-2009, 05:39 AM   #19 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: computer's gone bananas, Its a redirecting.... help pls.
hi.

Let's try other online scan. Shall we?

Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply

--------------------------------------------------------------------------

Disable any script blocker then double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
Please post the content of DDS.txt and attach attach.txt in your next reply.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2009, 12:27 AM   #20 (permalink)
Registered User
 
Join Date: May 2009
Posts: 15
OS: xp


Re: computer's gone bananas, Its a redirecting.... help pls.
Hi Mark

After so many attempts I finally got this active scan to work it keeps running for several hours and then stalls then reboots my system I was about to give up but ended up watching the whole thing run (like watching paint dry) and it finally finished the scan, I've attached the active scan log as requested... I wonder if it will work on the Kaspersky scanner if I watch it too
Any ways the way that I did it was turn off the adblocker on firefox along with the NVIDIA firewall and NOD32 anti-virus, that combination worked well, and removing some big files that I don't use anymore from my other drive.

here are the reports from:

========
DDS
========


DDS (Ver_09-05-14.01) - NTFSx86
Run by rayz at 23:15:38.27 on 20/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1412 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
E:\program files 2\OmniPage SE\opware32.exe
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\program files 2\adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\rayz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files 2\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files 2\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Omnipage] e:\program files 2\omnipage se\opware32.exe
mRun: [VBTUCopy] c:\program files\vbtucopy\VBTUCopy.exe /a /f
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "e:\program files 2\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\rayz\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-system: EnableProfileQuota = 0 (0x0)
IE: Append to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files 2\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rayz\applic~1\mozilla\firefox\profiles\g9gx3bqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-20 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 app_filter;app_filter;c:\program files\nvidia corporation\networkaccessmanager\bin\nSvcAppFlt.exe [2004-11-24 139264]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-1 31744]

=============== Created Last 30 ================

2009-05-20 15:36 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-05-20 15:35 <DIR> --d----- c:\program files\Panda Security
2009-05-18 16:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-18 16:01 <DIR> a-dshr-- C:\cmdcons
2009-05-17 16:46 161,792 a------- c:\windows\SWREG.exe
2009-05-17 16:46 98,816 a------- c:\windows\sed.exe
2009-05-17 16:46 0 a------- c:\windows\LCDMedia.INI
2009-05-06 21:50 56 a------- c:\windows\system32\mjwa
2009-04-27 14:23 <DIR> --d----- c:\program files\QuickTax 2008

==================== Find3M ====================

2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll

============= FINISH: 23:15:49.82 ===============

===========
ATTACH
===========


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/08/2006 11:03:54 AM
System Uptime: 20/05/2009 8:47:17 PM (3 hours ago)

Motherboard: DFI Corp,LTD | | LP NF4 Series
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket 939 | 2211/201mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket 939 | 2210/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 103 GiB total, 57.528 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 363 GiB total, 164.184 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Generic Marvell Yukon 88E8001/8003/8010 based Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Manufacturer: Marvell
Name: Generic Marvell Yukon 88E8001/8003/8010 based Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Service: yukonwxp

Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_LONNYRJONES_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_LONNYRJONES_XX
Service: UACd.sys

==== System Restore Points ===================

RP875: 19/05/2009 8:21:37 PM - System Checkpoint
RP876: 20/05/2009 8:44:44 PM - Removed Steam(TM)

==== Installed Programs ======================

Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AMD Dual-Core Optimizer
AMD LCD Keyboard Applet
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
AutoUpdate
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDisplay 1.8
CINEMA 4D Release 10
Combined Community Codec Pack 2006-07-28 (Remove Only)
Corel Painter X
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ESET NOD32 Antivirus
Fable - The Lost Chapters
File Splitter and Joiner (FFSJ v3.2)
FlashGet(JetCar)
FLV Player 2.0 (build 25)
GTA San Andreas
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
ICQ6
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6 Update 1
Logitech G-series Keyboard Software
Magic ISO Maker v5.4 (build 0239)
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Demo
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NvMixer
Oblivion
OmniPage SE
Panda ActiveScan 2.0
PDF Settings
Platform
QuickPar 0.9
QuickTax 2008
QuickTime
RealPlayer
Safety Bar
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Send to SmugMug
Tablet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player
VIA Platform Device Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

==== Event Viewer Messages From Past Week ========

20/05/2009 7:46:18 PM, error: System Error [1003] - Error code 100000d1, parameter1 64536d79, parameter2 00000002, parameter3 00000000, parameter4 a2278fff.
19/05/2009 12:59:23 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 a74a8d84, parameter3 a3ccda1c, parameter4 00000000.
18/05/2009 6:18:09 PM, error: System Error [1003] - Error code 100000d1, parameter1 43505275, parameter2 00000002, parameter3 00000000, parameter4 a7b34fff.
18/05/2009 4:05:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DD55F204FD307B4A8C64B325897086F7 service to connect.
18/05/2009 4:05:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the A1D55B83F174C94063FF4ABEE6A5F566 service to connect.
18/05/2009 4:04:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 1208764FBF1F7AF00AA1983C5B79D842 service to connect.
18/05/2009 4:04:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 5C151480CE99368EAE9868D0D3C3BA42 service to connect.
18/05/2009 10:43:08 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000025, parameter2 00000002, parameter3 00000000, parameter4 a7aafe50.
18/05/2009 10:42:52 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000025, parameter2 00000002, parameter3 00000000, parameter4 a6ee7e50.
17/05/2009 4:59:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 588A4CF18BCB8464C0E7FA4571DF8C36 service to connect.
17/05/2009 4:59:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 2C0A95719F0FE169A67371DECE04FBA5 service to connect.
17/05/2009 4:58:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FA241014B58BCE8A203B1204352EF2B7 service to connect.
17/05/2009 4:58:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FC89658C10B010F97E8EC0F02FD7B88F service to connect.
17/05/2009 4:49:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 86BEE404D61D4CF285CDA6E1490847AD service to connect.
16/05/2009 12:10:57 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
15/05/2009 2:25:45 AM, error: System Error [1003] - Error code 100000d1, parameter1 0004ff69, parameter2 00000002, parameter3 00000000, parameter4 a84d9fff.
15/05/2009 12:43:45 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FF0AD556-8F98-4FD6-. The master browser is stopping or an election is being forced.
14/05/2009 11:03:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
13/05/2009 5:03:55 PM, error: amdtools [3] - RegisterTscDrift() Node[ 0 ] Core[ 1 ] Error: Thread already registered.
13/05/2009 5:03:55 PM, error: amdtools [3] - RegisterTscDrift() Node[ 0 ] Core[ 0 ] Error: Thread already registered.

==== End Of File ===========================

Again I must appologize for the slow reply my computer kept crashing during the scan, but like your signature say's to "Never give up"

So how does it look?

-thanks
Attached Files
File Type: txt ActiveScan.txt (24.2 KB, 3 views)
Last edited by gill.bates; 05-21-2009 at 12:29 AM.
gill.bates is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:54 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85