BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA  
Forum Quick Jump
 
New Topic Post reply to : KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA Printable version of : KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
[ << Previous Thread | Next Thread >> ]

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/14/2009 8:17 PM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Whenever I try and go to a web page I keep getting redirected to different webpages - have googled this and tried the many different routines advised but the problem persists and it is becoming difficult to get to any page that I am trying to. I have run Malwarebytes, Avast, CCleaner and DDS and all are coming back clean. Could somebody take a look at the HJT and DDS log and shed some light on this problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:43, on 23/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5761 bytes




DDS (Ver_09-12-01.01) - NTFSx86
Run by Toshiba at 17:01:56.47 on 23/11/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.971 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Toshiba\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\program files\opera\program\plugins\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\mrs8s1d2.default\
FF - component: c:\users\toshiba\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin2.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin3.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin4.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin5.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin6.dll
FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-12 114768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-12 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-12 138680]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-12 352920]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]

=============== Created Last 30 ================

2009-12-13 22:13:24 0 d-----w- c:\windows\pss
2009-12-13 22:07:29 0 d-----w- c:\program files\CCleaner
2009-12-12 03:02:07 0 d-----w- c:\windows\CheckSur
2009-12-12 03:00:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 03:00:51 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 03:00:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 18:34:36 87608 ----a-w- c:\users\toshiba\appdata\roaming\inst.exe
2009-12-10 18:34:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-10 18:34:36 47360 ----a-w- c:\users\toshiba\appdata\roaming\pcouffin.sys
2009-12-10 18:32:31 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-10 18:32:31 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 18:30:53 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 12:20:22 108032 --sha-r- c:\windows\system32\emdmgmtx.dll
2009-12-07 21:33:21 0 d-----w- c:\programdata\Lexmark 2600 Series
2009-12-05 22:27:04 0 d-----w- c:\programdata\WorldWinner.com
2009-12-01 18:52:44 0 d-----w- c:\programdata\Vso
2009-11-30 23:54:18 0 d-----w- c:\programdata\vsosdk
2009-11-29 20:03:59 0 d-----w- c:\program files\VSO
2009-11-29 18:15:48 0 d-----w- c:\program files\DivX
2009-11-28 18:28:35 0 d-----w- c:\program files\WinAVI Video Converter 9.0
2009-11-25 03:01:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:56:27 63 ----a-w- c:\users\toshiba\jagex_runescape_preferences2.dat
2009-11-24 23:52:18 38 ----a-w- c:\users\toshiba\jagex_runescape_preferences.dat
2009-11-24 23:52:05 0 d-----w- c:\windows\.jagex_cache_32
2009-11-24 22:51:20 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:51:19 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 22:51:14 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-23 15:56:32 0 d-----w- c:\program files\Trend Micro
2009-11-19 23:52:27 0 d-----w- c:\programdata\DivoGames
2009-11-19 23:47:39 0 d-----w- C:\games
2009-11-19 22:48:12 74752 ----a-w- c:\windows\system32\newdev.exe
2009-11-19 22:48:12 468992 ----a-w- c:\windows\system32\newdev.dll
2009-11-19 22:47:52 3374 ----a-w- c:\windows\system32\RacUR.xml
2009-11-19 22:47:52 153 ----a-w- c:\windows\system32\RacUREx.xml
2009-11-19 03:23:49 0 d-----w- c:\users\toshiba\appdata\roaming\FaxCtr
2009-11-18 22:38:51 739 ----a-w- c:\windows\XMLEditor4.INI
2009-11-18 22:33:53 0 d-----w- c:\programdata\ACD Systems
2009-11-18 22:33:53 0 d-----w- c:\program files\common files\ACD Systems
2009-11-18 22:33:53 0 d-----w- c:\program files\ACD Systems
2009-11-18 21:44:45 0 d-----w- c:\users\toshiba\appdata\roaming\Lexmark Productivity Studio
2009-11-18 15:45:31 0 d-----w- c:\programdata\Lx_cats
2009-11-18 15:44:04 0 d-----w- C:\logs
2009-11-18 15:41:56 77304 ----a-w- c:\windows\system32\lxdnprpr.chm
2009-11-18 15:41:53 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-11-18 15:39:09 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2009-11-18 15:39:09 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2009-11-18 15:38:49 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-11-18 15:38:49 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2009-11-18 15:38:49 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2009-11-18 15:38:49 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2009-11-18 15:38:49 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2009-11-18 15:38:49 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-11-18 15:38:49 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2009-11-18 15:38:47 0 d-----w- c:\programdata\FaxCtr
2009-11-18 15:38:39 0 d-----w- c:\program files\Lexmark Fax Solutions
2009-11-18 15:38:12 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-11-18 15:37:13 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-11-18 15:37:12 0 d-----w- c:\program files\Lexmark Toolbar
2009-11-18 15:37:04 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2009-11-18 15:37:04 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2009-11-18 15:37:03 44 ----a-w- c:\windows\system32\lxdnrwrd.ini
2009-11-18 15:36:35 0 d-----w- c:\program files\Lexmark 2600 Series
2009-11-18 00:19:08 4 ----a-w- c:\windows\system32\wnsm2i.rdb
2009-11-18 00:18:10 0 d-----w- c:\users\toshiba\appdata\roaming\SpaceMonger
2009-11-18 00:18:10 0 d-----w- c:\program files\SpaceMonger
2009-11-17 21:59:43 0 d-----w- c:\users\toshiba\appdata\roaming\Thinstall
2009-11-17 20:37:36 0 d-----w- c:\program files\common files\Windows Live
2009-11-17 19:19:35 69 ----a-w- c:\windows\NeroDigital.ini
2009-11-15 20:58:31 0 d-----w- c:\users\toshiba\appdata\roaming\LimeWire
2009-11-15 20:58:15 0 d-----w- c:\program files\LimeWire
2009-11-15 20:38:38 483328 ----a-w- c:\windows\system32\actskn45.ocx
2009-11-15 19:53:40 0 d-----w- c:\users\toshiba\appdata\roaming\Malwarebytes
2009-11-15 19:53:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 19:53:35 0 d-----w- c:\programdata\Malwarebytes
2009-11-15 19:53:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 19:53:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 10:23:40 57667 ----a-w- c:\windows\system32\ieuinit.inf
2009-11-15 03:09:29 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-11-15 03:09:29 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-15 03:09:28 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2009-11-15 03:09:27 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-11-15 03:09:27 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-11-15 03:09:27 11264 ----a-w- c:\windows\system32\icardres.dll
2009-11-15 03:09:25 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-11-15 03:09:22 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-15 03:01:29 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-11-15 03:01:25 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-15 03:01:25 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-11-15 03:01:11 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-11-15 03:01:04 83968 ----a-w- c:\windows\system32\mscories.dll
2009-11-14 23:42:34 890953 ----a-w- c:\windows\HSCagl1.ini
2009-11-14 23:27:29 86016 ----a-w- c:\windows\unvise32.exe
2009-11-14 23:27:06 0 d---a-r- c:\program files\Mystical
2009-11-14 23:21:27 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-14 23:21:27 1409 ----a-w- c:\windows\QTFont.for
2009-11-14 12:06:36 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-11-14 12:06:34 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-11-14 12:06:19 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-11-14 11:44:54 30081012 ----a-w- C:\bbbbbb.PSD
2009-11-14 10:39:00 0 d-----w- c:\programdata\FLEXnet
2009-11-14 10:38:18 0 d-----w- c:\program files\Topaz Labs
2009-11-14 10:32:15 0 d-----w- c:\users\toshiba\appdata\roaming\Pictographics
2009-11-14 10:32:01 0 d-----w- c:\program files\Ps Plugins
2009-11-13 21:10:36 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 21:10:01 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 21:09:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-13 21:09:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 00:10:28 4096 ----a-w- c:\windows\d3dx.dat
2009-11-13 00:09:40 0 d-----w- c:\program files\Sandlot
2009-11-12 23:42:59 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-12 23:23:41 0 d-----w- c:\windows\Panther
2009-11-12 23:23:28 8192 --s-a-r- C:\BOOTSECT.BAK
2009-11-12 23:23:27 333203 --sha-r- C:\bootmgr
2009-11-12 23:23:26 0 d-sh--w- C:\Boot
2009-11-12 23:10:50 0 d-----w- c:\users\toshiba\appdata\roaming\IDM
2009-11-12 23:10:47 0 d-----w- c:\program files\Internet Download Manager
2009-11-12 22:58:21 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-12 21:31:20 0 d-----w- c:\users\toshiba\appdata\roaming\DMCache
2009-11-12 20:12:34 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-11-12 20:12:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-12 20:12:33 9728 ----a-w- c:\windows\system32\lsass.exe
2009-11-12 20:12:33 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-12 20:12:33 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-11-12 20:12:33 270848 ----a-w- c:\windows\system32\schannel.dll
2009-11-12 20:12:33 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-12 17:50:13 0 d-----w- c:\programdata\CyberLink
2009-11-12 17:49:33 24064 ------w- c:\windows\system32\msxml3a.dll
2009-11-12 17:47:14 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-12 17:47:08 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-11-12 17:47:07 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-11-12 17:47:03 2868224 ----a-w- c:\windows\system32\mf.dll
2009-11-12 17:46:28 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-12 17:46:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-11-12 17:46:23 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-11-12 17:46:15 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-12 17:46:15 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-12 17:46:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-11-12 17:46:05 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-11-12 17:46:01 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-11-12 17:46:01 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-11-12 17:45:57 269312 ----a-w- c:\windows\system32\es.dll
2009-11-12 17:45:55 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-11-12 17:45:29 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-12 17:45:28 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-11-12 17:45:26 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-12 17:45:23 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-11-12 17:45:23 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2009-11-12 17:45:23 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-11-12 17:43:40 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 17:42:58 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-11-12 17:42:58 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-11-12 17:42:58 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-11-12 17:42:47 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-11-12 17:42:47 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-11-12 17:41:16 0 d-----w- c:\programdata\Adobe
2009-11-12 17:38:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-12 17:37:04 0 d-----w- c:\programdata\Apple Computer
2009-11-12 17:37:04 0 d-----w- C:\_Programs
2009-11-12 17:35:45 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-12 17:34:33 0 d-----w- c:\program files\MSECache
2009-11-12 17:33:39 376 ----a-w- c:\windows\ODBC.INI
2009-11-12 17:33:36 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-11-12 17:33:04 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-11-12 17:32:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-12 17:32:27 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-12 17:32:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-11-12 17:32:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-12 17:32:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-12 17:32:18 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-12 17:30:30 0 d-----w- c:\windows\PCHEALTH
2009-11-12 17:29:18 0 d-----w- c:\programdata\Nero
2009-11-12 17:29:18 0 d-----w- c:\program files\Nero
2009-11-12 17:28:59 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-11-12 17:27:59 43256 ----a-w- c:\windows\system32\badge.bmp
2009-11-12 17:17:33 920088 ----a-w- c:\windows\system32\igxpun.exe
2009-11-12 17:17:33 0 d-----w- c:\windows\system32\x64
2009-11-12 17:17:31 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-11-12 17:17:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-12 17:16:56 0 d-----w- c:\program files\Synaptics
2009-11-12 17:16:06 0 d-----w- c:\program files\CONEXANT
2009-11-12 17:05:56 0 d-----w- c:\program files\Realtek
2009-11-12 17:05:35 0 d-----w- C:\lan-20080416141245
2009-11-12 16:28:56 0 d-----w- C:\SWSetup
2009-11-12 16:28:31 0 d-----w- C:\DRIVERS
2009-11-12 16:28:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2009-12-10 18:48:43 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-10 18:48:43 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 18:34:48 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-13 03:23:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-12 23:37:17 129784 ----a-w- c:\windows\system32\pxafs.dll
2009-11-12 23:37:16 116472 ----a-w- c:\windows\system32\pxcpyi64.exe
2009-11-12 23:37:15 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-12 23:37:15 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2009-10-05 12:47:12 11280384 ----a-w- c:\windows\system32\tliremask10.dll
2009-09-30 13:52:56 9916928 ----a-w- c:\windows\system32\tliadjust34.dll
2009-09-09 10:43:08 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2003-01-31 04:43:19 6065152 ----a-w- c:\program files\Mystical.exe
2003-01-30 19:20:26 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf
2001-07-17 16:15:08 66680 ----a-w- c:\program files\ARDS1.ttf

============= FINISH: 17:02:40.90 ===============
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/15/2009 7:52 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Hello and welcome to BG smile
 
 
to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt.
 
Please post this log in your next reply.
 
 
If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click http://download.eset.com/special/eos/esetsmartinstaller_enu.exe and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the below steps to run the scan.
Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt.
 
Please post this log in your next reply -> Along with a Superantispywaew log:
 
 Follow the instructions on the site. When downloaded, click on – Check for updates – Button.
Under Configuration and Preferences, click the Preferences button.
Click the
Scanning Control tab.
Under
Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.

When the scan have finished ->
Click Preferences . Click the Statistics/Logs tab .
Under
Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).
  • Save the logfile to desktop
  • Click close and close again to exit the program.
Reboot, if needed.
 
___________________

 
 
 


Please read:  Forum Rules
 

 

Back to Top
 

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/16/2009 11:21 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Hya,
I did as you suggested and the results of both scans are below:-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6b30629e0e04ea42874b98365827e34e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-25 01:15:36
# local_time=2009-11-25 01:15:36 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 120437 120437 0 0
# compatibility_mode=769 16775165 100 98 3804 195386183 36326 0
# compatibility_mode=5892 16776573 100 100 102750 96641357 0 0
# compatibility_mode=8192 67108863 100 0 115072 115072 0 0
# scanned=119665
# found=0
# cleaned=0
# scan_time=3106
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/24/2009 at 11:47 PM
Application Version : 4.31.1000
Core Rules Database Version : 4374
Trace Rules Database Version: 2214
Scan type       : Custom Scan
Total Scan Time : 05:53:57
Memory items scanned      : 565
Memory threats detected   : 0
Registry items scanned    : 6403
Registry threats detected : 2
File items scanned        : 633883
File threats detected     : 12
Trojan.Agent/Gen
 HKU\S-1-5-21-2478470916-2375115024-4100638468-1000\Software\NeoChronos
 HKU\S-1-5-21-2478470916-2375115024-4100638468-1000\Software\Margotte
Adware.Tracking Cookie
 C:\Documents and Settings\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Documents and Settings\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Documents and Settings\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Documents and Settings\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Documents and Settings\Toshiba\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Documents and Settings\Toshiba\Cookies\Low\toshiba@hitbox[2].txt
 C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Users\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Users\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Users\Toshiba\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Users\Toshiba\Cookies\Low\toshiba@hitbox[2].txt
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/16/2009 3:24 PM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Please download Combofix from:
 
 And save to the desktop.

Close all other browser windows.
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.



Please read:  Forum Rules
 

 

Back to Top
 

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/18/2009 12:59 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Hya,

I ran combofix and it hasn't redirected today, however, it is still acting a little bizzare and keeps coming up with cannot find page bumf and asking me to press F12 to disable proxy settings etc - which it has never asked me for before, however, after pressing F12 I checked enable proxy and then reverted back again, refreshed the page and it went to the web page I asked it for!

Anyway, this is the combo fix log file:-

ComboFix 09-12-16.01 - Toshiba 17/12/2009 10:14:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1235 [GMT 0:00]
Running from: c:\users\Toshiba\Documents\Downloads\Programs\KittyFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-17 10:21 . 2009-12-17 10:21 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2009-12-17 10:21 . 2009-12-17 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\program files\CCleaner
2009-12-13 07:53 . 2009-12-13 11:10 -------- d-----w- c:\users\Toshiba\AppData\Local\ojneid
2009-12-12 03:02 . 2009-12-12 03:02 -------- d-----w- c:\windows\CheckSur
2009-12-12 03:00 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 03:00 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 03:00 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 18:34 . 2009-12-10 18:48 47360 ----a-w- c:\users\Toshiba\AppData\Roaming\pcouffin.sys
2009-12-10 18:34 . 2009-12-10 18:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-10 18:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 18:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-10 18:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 12:20 . 2009-12-10 12:20 108032 --sha-r- c:\windows\system32\emdmgmtx.dll
2009-12-07 21:33 . 2009-12-07 21:33 -------- d-----w- c:\programdata\Lexmark 2600 Series
2009-12-05 22:27 . 2009-12-05 22:27 -------- d-----w- c:\programdata\WorldWinner.com
2009-12-05 16:56 . 2009-12-05 16:56 -------- d-----w- c:\windows\Sun
2009-12-01 18:52 . 2009-12-13 17:32 -------- d-----w- c:\programdata\Vso
2009-11-30 23:54 . 2009-11-30 23:54 -------- d-----w- c:\programdata\vsosdk
2009-11-30 23:21 . 2009-11-30 23:21 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DivX
2009-11-29 20:04 . 2009-12-13 17:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Vso
2009-11-29 20:03 . 2009-12-10 18:48 -------- d-----w- c:\program files\VSO
2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\users\Toshiba\AppData\Local\Google
2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\program files\Google
2009-11-29 18:15 . 2009-11-29 18:16 -------- d-----w- c:\program files\DivX
2009-11-29 18:07 . 2009-11-29 18:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\CyberLink
2009-11-28 18:29 . 2009-11-28 18:29 -------- d-----w- c:\users\Toshiba\AppData\Local\WinAVI
2009-11-28 18:28 . 2009-11-28 18:28 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2009-11-25 03:01 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:56 . 2009-11-29 11:22 63 ----a-w- c:\users\Toshiba\jagex_runescape_preferences2.dat
2009-11-24 23:52 . 2009-11-29 11:22 38 ----a-w- c:\users\Toshiba\jagex_runescape_preferences.dat
2009-11-24 23:52 . 2009-12-10 10:52 -------- d-----w- c:\windows\.jagex_cache_32
2009-11-24 22:51 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:51 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 17:38 . 2009-11-23 17:38 117760 ----a-w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-23 17:25 . 2009-11-23 17:25 -------- d-----w- c:\program files\ESET
2009-11-23 17:06 . 2009-11-23 17:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 17:06 . 2009-11-23 17:06 -------- d-----w- c:\program files\Java
2009-11-23 16:22 . 2009-11-23 16:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- c:\users\Toshiba\AppData\Local\Mozilla
2009-11-23 15:56 . 2009-11-23 15:56 -------- d-----w- c:\program files\Trend Micro
2009-11-19 23:52 . 2009-11-19 23:52 -------- d-----w- c:\programdata\DivoGames
2009-11-19 23:47 . 2009-11-19 23:47 -------- d-----w- C:\games
2009-11-19 22:48 . 2008-09-03 03:59 468992 ----a-w- c:\windows\system32\newdev.dll
2009-11-19 22:48 . 2008-09-03 03:58 74752 ----a-w- c:\windows\system32\newdev.exe
2009-11-19 03:23 . 2009-11-19 03:23 -------- d-----w- c:\users\Toshiba\AppData\Roaming\FaxCtr
2009-11-18 22:33 . 2009-11-18 22:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\programdata\ACD Systems
2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\program files\ACD Systems
2009-11-18 22:31 . 2009-11-18 22:31 -------- d-----w- c:\users\Toshiba\AppData\Local\Downloaded Installations
2009-11-18 21:44 . 2009-12-08 16:39 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Lexmark Productivity Studio
2009-11-18 15:45 . 2009-11-25 10:28 -------- d-----w- c:\programdata\Lx_cats
2009-11-18 15:44 . 2009-11-18 15:44 -------- d-----w- C:\logs
2009-11-18 15:43 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2009-11-18 15:41 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-11-18 15:39 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2009-11-18 15:39 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2009-11-18 15:38 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2009-11-18 15:38 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2009-11-18 15:38 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-11-18 15:38 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\programdata\FaxCtr
2009-11-18 15:38 . 2009-12-10 10:52 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-11-18 15:37 . 2007-06-28 13:52 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-11-18 15:37 . 2009-12-10 10:52 -------- d-----w- c:\program files\Lexmark Toolbar
2009-11-18 15:37 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2009-11-18 15:37 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\program files\SpaceMonger
2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SpaceMonger
2009-11-17 21:59 . 2009-11-17 21:59 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Thinstall
2009-11-17 20:37 . 2009-11-17 20:37 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-16 23:54 . 2009-11-12 21:31 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DMCache
2009-12-14 12:06 . 2009-11-15 20:58 -------- d-----w- c:\users\Toshiba\AppData\Roaming\LimeWire
2009-12-12 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 10:52 . 2009-11-14 10:39 -------- d-----w- c:\programdata\FLEXnet
2009-12-10 10:52 . 2009-11-18 15:36 -------- d-----w- c:\program files\Lexmark 2600 Series
2009-12-01 09:38 . 2009-11-12 15:33 1356 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat
2009-11-29 18:06 . 2009-11-12 17:50 -------- d-----w- c:\programdata\CyberLink
2009-11-24 23:09 . 2009-11-12 21:09 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 18:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 18:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 18:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 18:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 03:22 . 2009-11-12 15:34 80792 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-19 03:21 . 2009-11-12 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-18 00:10 . 2009-11-14 10:38 -------- d-----w- c:\program files\Topaz Labs
2009-11-15 20:58 . 2009-11-15 20:58 -------- d-----w- c:\program files\LimeWire
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\programdata\Malwarebytes
2009-11-14 23:27 . 2009-11-14 23:27 -------- d---a-r- c:\program files\Mystical
2009-11-14 22:38 . 2009-11-14 22:25 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Alien Skin
2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\program files\Ps Plugins
2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Pictographics
2009-11-14 10:20 . 2009-11-12 23:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\IDM
2009-11-13 09:01 . 2009-11-12 23:10 -------- d-----w- c:\program files\Internet Download Manager
2009-11-13 03:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-13 00:10 . 2009-11-13 00:10 4096 ----a-w- c:\windows\d3dx.dat
2009-11-13 00:09 . 2009-11-13 00:09 -------- d-----w- c:\program files\Sandlot
2009-11-12 23:43 . 2009-11-12 17:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 23:42 . 2009-11-12 23:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-12 23:39 . 2009-11-12 23:39 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-12 23:37 . 2009-11-12 23:37 129784 ----a-w- c:\windows\system32\pxafs.dll
2009-11-12 23:37 . 2009-11-12 23:37 116472 ----a-w- c:\windows\system32\pxcpyi64.exe
2009-11-12 23:37 . 2009-11-12 23:37 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-12 23:37 . 2009-11-12 23:37 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2009-11-12 23:11 . 2009-11-12 23:11 198064 ----a-w- c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-12 17:49 . 2009-11-12 17:48 -------- d-----w- c:\program files\CyberLink
2009-11-12 17:49 . 2009-11-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 17:48 . 2009-11-12 17:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-12 17:38 . 2009-11-12 17:38 -------- d-----w- c:\program files\Alwil Software
2009-11-12 17:37 . 2009-11-12 17:37 -------- d-----w- c:\programdata\Apple Computer
2009-11-12 17:34 . 2009-11-12 17:34 -------- d-----w- c:\program files\MSECache
2009-11-12 17:32 . 2009-11-12 17:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-12 17:30 . 2009-11-12 17:30 -------- d-----w- c:\program files\Microsoft.NET
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Nero
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Common Files\Nero
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\programdata\Nero
2009-11-12 17:17 . 2009-11-12 17:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\Synaptics
2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\CONEXANT
2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\program files\Realtek
2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\InstallShield
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\Intel
2009-11-12 16:28 . 2009-11-12 16:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-02 20:42 . 2009-11-12 17:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 12:47 . 2009-10-05 12:47 11280384 ----a-w- c:\windows\system32\tliremask10.dll
2009-09-30 13:52 . 2009-09-30 13:52 9916928 ----a-w- c:\windows\system32\tliadjust34.dll
2003-01-31 04:43 . 2003-01-20 13:07 6065152 ----a-w- c:\program files\Mystical.exe
2003-01-30 19:20 . 2003-01-20 13:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf
2001-07-17 16:15 . 2003-01-30 01:23 66680 ----a-w- c:\program files\ARDS1.ttf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3134896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 20:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-11-13 09:01 3134896 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 22:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2009-01-29 15:43 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 20:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\_programs\QuickTime Pro v7.4.1.14\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 15:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-23 17:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 08:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/11/2009 17:38 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/11/2009 17:38 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/11/2009 17:38 53328]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 02:23 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 23:07 98984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mrs8s1d2.default\
FF - component: c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin2.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin3.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin4.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin5.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin6.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 10:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-17 10:23:47
ComboFix-quarantined-files.txt 2009-12-17 10:23

Pre-Run: 66,959,011,840 bytes free
Post-Run: 66,905,452,544 bytes free

- - End Of File - - 6C23B138A173E42FF4693DEE0B27B916
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/18/2009 8:37 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Open notepad and copy/paste the bold text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop
 
Code:
Killall::
Snapshot::
Folder::
c:\users\Toshiba\AppData\Local\ojneid
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
 
 
 
 
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
 
 
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply


Please read:  Forum Rules
 

 

Back to Top
 

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/20/2009 3:11 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
ComboFix 09-12-16.01 - Toshiba 19/12/2009  23:59:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1033.18.2037.1255 [GMT 0:00]
Running from: c:\users\Toshiba\Desktop\KittyFix.exe
Command switches used :: c:\users\Toshiba\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((   Files Created from 2009-11-20 to 2009-12-20  )))))))))))))))))))))))))))))))
.
2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\program files\CCleaner
2009-12-13 07:53 . 2009-12-13 11:10 -------- d-----w- c:\users\Toshiba\AppData\Local\ojneid
2009-12-12 03:02 . 2009-12-12 03:02 -------- d-----w- c:\windows\CheckSur
2009-12-12 03:00 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 03:00 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 03:00 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 18:34 . 2009-12-10 18:48 47360 ----a-w- c:\users\Toshiba\AppData\Roaming\pcouffin.sys
2009-12-10 18:34 . 2009-12-10 18:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-10 18:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 18:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-10 18:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 12:20 . 2009-12-10 12:20 108032 --sha-r- c:\windows\system32\emdmgmtx.dll
2009-12-07 21:33 . 2009-12-07 21:33 -------- d-----w- c:\programdata\Lexmark 2600 Series
2009-12-05 22:27 . 2009-12-05 22:27 -------- d-----w- c:\programdata\WorldWinner.com
2009-12-05 16:56 . 2009-12-05 16:56 -------- d-----w- c:\windows\Sun
2009-12-01 18:52 . 2009-12-13 17:32 -------- d-----w- c:\programdata\Vso
2009-11-30 23:54 . 2009-11-30 23:54 -------- d-----w- c:\programdata\vsosdk
2009-11-30 23:21 . 2009-11-30 23:21 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DivX
2009-11-29 20:04 . 2009-12-13 17:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Vso
2009-11-29 20:03 . 2009-12-10 18:48 -------- d-----w- c:\program files\VSO
2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\users\Toshiba\AppData\Local\Google
2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\program files\Google
2009-11-29 18:15 . 2009-11-29 18:16 -------- d-----w- c:\program files\DivX
2009-11-29 18:07 . 2009-11-29 18:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\CyberLink
2009-11-28 18:29 . 2009-11-28 18:29 -------- d-----w- c:\users\Toshiba\AppData\Local\WinAVI
2009-11-28 18:28 . 2009-11-28 18:28 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2009-11-25 03:01 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:56 . 2009-11-29 11:22 63 ----a-w- c:\users\Toshiba\jagex_runescape_preferences2.dat
2009-11-24 23:52 . 2009-11-29 11:22 38 ----a-w- c:\users\Toshiba\jagex_runescape_preferences.dat
2009-11-24 23:52 . 2009-12-10 10:52 -------- d-----w- c:\windows\.jagex_cache_32
2009-11-24 22:51 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:51 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 17:38 . 2009-11-23 17:38 117760 ----a-w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-23 17:25 . 2009-11-23 17:25 -------- d-----w- c:\program files\ESET
2009-11-23 17:06 . 2009-11-23 17:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 17:06 . 2009-11-23 17:06 -------- d-----w- c:\program files\Java
2009-11-23 16:22 . 2009-11-23 16:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- c:\users\Toshiba\AppData\Local\Mozilla
2009-11-23 15:56 . 2009-11-23 15:56 -------- d-----w- c:\program files\Trend Micro
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 23:50 . 2009-11-12 21:31 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DMCache
2009-12-14 12:06 . 2009-11-15 20:58 -------- d-----w- c:\users\Toshiba\AppData\Roaming\LimeWire
2009-12-12 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 10:52 . 2009-11-18 15:37 -------- d-----w- c:\program files\Lexmark Toolbar
2009-12-10 10:52 . 2009-11-14 10:39 -------- d-----w- c:\programdata\FLEXnet
2009-12-10 10:52 . 2009-11-18 15:38 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-12-10 10:52 . 2009-11-18 15:36 -------- d-----w- c:\program files\Lexmark 2600 Series
2009-12-08 16:39 . 2009-11-18 21:44 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Lexmark Productivity Studio
2009-12-01 09:38 . 2009-11-12 15:33 1356 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat
2009-11-29 18:06 . 2009-11-12 17:50 -------- d-----w- c:\programdata\CyberLink
2009-11-25 10:28 . 2009-11-18 15:45 -------- d-----w- c:\programdata\Lx_cats
2009-11-24 23:09 . 2009-11-12 21:09 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 18:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 18:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 18:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 18:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 23:52 . 2009-11-19 23:52 -------- d-----w- c:\programdata\DivoGames
2009-11-19 03:23 . 2009-11-19 03:23 -------- d-----w- c:\users\Toshiba\AppData\Roaming\FaxCtr
2009-11-19 03:22 . 2009-11-12 15:34 80792 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-19 03:21 . 2009-11-12 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-18 22:34 . 2009-11-18 22:33 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\programdata\ACD Systems
2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\program files\ACD Systems
2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\programdata\FaxCtr
2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\program files\SpaceMonger
2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SpaceMonger
2009-11-18 00:10 . 2009-11-14 10:38 -------- d-----w- c:\program files\Topaz Labs
2009-11-17 21:59 . 2009-11-17 21:59 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Thinstall
2009-11-17 20:37 . 2009-11-17 20:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-15 20:58 . 2009-11-15 20:58 -------- d-----w- c:\program files\LimeWire
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\programdata\Malwarebytes
2009-11-14 23:27 . 2009-11-14 23:27 -------- d---a-r- c:\program files\Mystical
2009-11-14 22:38 . 2009-11-14 22:25 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Alien Skin
2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\program files\Ps Plugins
2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Pictographics
2009-11-14 10:20 . 2009-11-12 23:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\IDM
2009-11-13 09:01 . 2009-11-12 23:10 -------- d-----w- c:\program files\Internet Download Manager
2009-11-13 03:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-13 00:10 . 2009-11-13 00:10 4096 ----a-w- c:\windows\d3dx.dat
2009-11-13 00:09 . 2009-11-13 00:09 -------- d-----w- c:\program files\Sandlot
2009-11-12 23:43 . 2009-11-12 17:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 23:42 . 2009-11-12 23:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-12 23:39 . 2009-11-12 23:39 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-12 23:37 . 2009-11-12 23:37 129784 ----a-w- c:\windows\system32\pxafs.dll
2009-11-12 23:37 . 2009-11-12 23:37 116472 ----a-w- c:\windows\system32\pxcpyi64.exe
2009-11-12 23:37 . 2009-11-12 23:37 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-12 23:37 . 2009-11-12 23:37 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2009-11-12 23:11 . 2009-11-12 23:11 198064 ----a-w- c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-12 17:49 . 2009-11-12 17:48 -------- d-----w- c:\program files\CyberLink
2009-11-12 17:49 . 2009-11-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 17:48 . 2009-11-12 17:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-12 17:38 . 2009-11-12 17:38 -------- d-----w- c:\program files\Alwil Software
2009-11-12 17:37 . 2009-11-12 17:37 -------- d-----w- c:\programdata\Apple Computer
2009-11-12 17:34 . 2009-11-12 17:34 -------- d-----w- c:\program files\MSECache
2009-11-12 17:32 . 2009-11-12 17:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-12 17:30 . 2009-11-12 17:30 -------- d-----w- c:\program files\Microsoft.NET
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Nero
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Common Files\Nero
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\programdata\Nero
2009-11-12 17:17 . 2009-11-12 17:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\Synaptics
2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\CONEXANT
2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\program files\Realtek
2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\InstallShield
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\Intel
2009-11-12 16:28 . 2009-11-12 16:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-02 20:42 . 2009-11-12 17:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 12:47 . 2009-10-05 12:47 11280384 ----a-w- c:\windows\system32\tliremask10.dll
2009-09-30 13:52 . 2009-09-30 13:52 9916928 ----a-w- c:\windows\system32\tliadjust34.dll
2003-01-31 04:43 . 2003-01-20 13:07 6065152 ----a-w- c:\program files\Mystical.exe
2003-01-30 19:20 . 2003-01-20 13:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf
2001-07-17 16:15 . 2003-01-30 01:23 66680 ----a-w- c:\program files\ARDS1.ttf
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3134896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 20:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-11-13 09:01 3134896 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 22:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2009-01-29 15:43 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 20:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\_programs\QuickTime Pro v7.4.1.14\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 15:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-23 17:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 08:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/11/2009 17:38 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/11/2009 17:38 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/11/2009 17:38 53328]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 02:23 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 23:07 98984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ    HsfXAudioService
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mrs8s1d2.default\
FF - component: c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin2.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin3.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin4.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin5.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin6.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 00:06
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-20  00:09:34
ComboFix-quarantined-files.txt  2009-12-20 00:09
ComboFix2.txt  2009-12-17 10:23
Pre-Run: 67,066,880,000 bytes free
Post-Run: 67,042,795,520 bytes free
- - End Of File - - A410D90976EF90A704B16A3313676646
Back to Top
 

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/20/2009 3:14 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Doesnt seem to be redirecting, at the moment, however, when I google something and click on one of the links it keeps saying that page not found, so I press the refresh button and then it loads it okay - but I have to do this everytime.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/20/2009 8:16 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Ok. Please post new hijackthis log.


Please read:  Forum Rules
 

 

Back to Top
 

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/20/2009 6:50 PM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Hya, I did run hijack this but it did flash up a memo with regards to a host domain and something about Hijack This not being able to delete something and if this happens then I am to run Hjt as administrator???  Anyway, I ran hjt and the post is below.  Thanks!
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:43, on 23/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -   - C:\Windows\system32\lxdncoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5761 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/21/2009 9:51 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Rightclick on hijackthis -run as admin. Fix:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: ::1 localhost

 
Reboot, and tell how things are running now ?


Please read:  Forum Rules
 

 

Back to Top
 

The Banshee
New Member


Date Joined Aug 2007
Total Posts : 7
 
   Posted 12/22/2009 12:44 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Hya,
 
I did as you instructed and initially after reboot Opera went straight onto the webpage I requested with no problems, however, when I tried a totally different webpage request/search and tried opening that one it resorted back to saying that the page could not be found blah blah blah so I double clicked again on the link it was saying could not be found and it actually did go to that page!  I tried then on Mozzilla and when I clicked on a search link it said that it could not open the specific webpage but when I looked at the address it was actually one of these redirect web addresses so I have now totally uninstalled Mozilla.  I then tried IE and it just did the same  as described earlier but did open the page after clicking on the refresh button when it told me the server or address could not be found! 
 
I then ran another HJT scan and R1 had reappeared!!!  So I removed it again but did not reboot and the following is the scan result.
 
webpLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:54, on 21/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -   - C:\Windows\system32\lxdncoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4443 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/22/2009 9:53 AM (GMT +3)    Quote: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLAAlert an admin about: KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
Ok.
 
 
Open notepad and copy/paste the bold text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop
 
Code:
Killall::
Snapshot::
Killall::
Snapshot::
Dirlook::
c:\users\Toshiba\AppData\Local\ojneid
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
 
 
[IMG]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/IMG]
 
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
 
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply


Please read:  Forum Rules
 

 

Back to Top
 
New Topic Post reply to : KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA Printable version of : KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA
 
Forum Information
Currently it is Wednesday, July 30, 2014 6:09 PM (GMT +3)
There are a total of 60,529 posts in 13,304 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36191 registered members. Please welcome our newest member, EddieMayo.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads