KEEP BEING REDIRECTED TO DIFFERENT WEBSITES - VIRUS AFFECTING OPERA AND MOZILLA

Posted 12/14/2009 5:17 PM
#80952
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
Whenever I try and go to a web page I keep getting redirected to different webpages - have googled this and tried the many different routines advised but the problem persists and it is becoming difficult to get to any page that I am trying to. I have run Malwarebytes, Avast, CCleaner and DDS and all are coming back clean. Could somebody take a look at the HJT and DDS log and shed some light on this problem. <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 17:16:43, on 23/11/2009 <br/>Platform: Windows Vista SP1 (WinNT 6.00.1905) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18865) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Windows\System32\hkcmd.exe <br/>C:\Windows\System32\igfxpers.exe <br/>C:\Program Files\Alwil Software\Avast4\ashDisp.exe <br/>C:\Program Files\Lexmark 2600 Series\lxdnmon.exe <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <br/>C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe <br/>C:\Program Files\Internet Download Manager\IDMan.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Windows Sidebar\sidebar.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Program Files\Internet Download Manager\IEMonitor.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Windows\system32\NOTEPAD.EXE <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll <br/>O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll <br/>O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide <br/>O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s <br/>O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') <br/>O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm <br/>O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm <br/>O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O13 - Gopher Prefix: <br/>O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe <br/>O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe <br/> <br/>-- <br/>End of file - 5761 bytes <br/> <br/> <br/> <br/> <br/>DDS (Ver_09-12-01.01) - NTFSx86 <br/>Run by Toshiba at 17:01:56.47 on 23/11/2009 <br/>Internet Explorer: 8.0.6001.18865 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.971 [GMT 0:00] <br/> <br/>SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\Windows\system32\wininit.exe <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Windows\system32\svchost.exe -k rpcss <br/>C:\Windows\System32\svchost.exe -k secsvcs <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Windows\system32\svchost.exe -k GPSvcGroup <br/>C:\Windows\system32\SLsvc.exe <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\rundll32.exe <br/>C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe <br/>C:\Windows\system32\svchost.exe -k HsfXAudioService <br/>C:\Windows\system32\lxdncoms.exe <br/>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted <br/>C:\Program Files\CyberLink\Shared Files\RichVideo.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Windows\System32\svchost.exe -k WerSvcGroup <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Windows\System32\igfxpers.exe <br/>C:\Program Files\Alwil Software\Avast4\ashDisp.exe <br/>C:\Program Files\Lexmark 2600 Series\lxdnmon.exe <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <br/>C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe <br/>C:\Program Files\Internet Download Manager\IDMan.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Windows Sidebar\sidebar.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Program Files\Internet Download Manager\IEMonitor.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Windows\system32\WUDFHost.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Windows\system32\msiexec.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Users\Toshiba\Downloads\dds.scr <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = hxxp://google/ <br/>uInternet Settings,ProxyServer = http=127.0.0.1:5555 <br/>uInternet Settings,ProxyOverride = <local> <br/>BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll <br/>BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll <br/>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll <br/>TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll <br/>uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe <br/>uRunOnce: [FlashPlayerUpdate] c:\program files\opera\program\plugins\NPSWF32_FlashUtil.exe -p <br/>mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide <br/>mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe <br/>mRun: [IgfxTray] c:\windows\system32\igfxtray.exe <br/>mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe <br/>mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s <br/>mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript <br/>mPolicies-system: EnableLUA = 0 (0x0) <br/>mPolicies-system: EnableUIADesktopToggle = 0 (0x0) <br/>IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm <br/>IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm <br/>IE: Download with IDM - c:\program files\internet download manager\IEExt.htm <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL <br/>LSP: c:\windows\system32\idmmbc.dll <br/>Notify: igfxcui - igfxdev.dll <br/> <br/>================= FIREFOX =================== <br/> <br/>FF - ProfilePath - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\mrs8s1d2.default\ <br/>FF - component: c:\users\toshiba\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin2.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin3.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin4.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin5.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin6.dll <br/>FF - plugin: c:\_programs\quicktime pro v7.4.1.14\plugins\npqtplugin7.dll <br/>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ <br/> <br/>---- FIREFOX POLICIES ---- <br/>c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-12 114768] <br/>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-12 20560] <br/>R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-12 53328] <br/>R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-12 138680] <br/>R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504] <br/>R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] <br/>R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-12 254040] <br/>R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-12 352920] <br/>R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648] <br/>S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2009-12-13 22:13:24 0 d-----w- c:\windows\pss <br/>2009-12-13 22:07:29 0 d-----w- c:\program files\CCleaner <br/>2009-12-12 03:02:07 0 d-----w- c:\windows\CheckSur <br/>2009-12-12 03:00:54 24064 ----a-w- c:\windows\system32\nshhttp.dll <br/>2009-12-12 03:00:51 411136 ----a-w- c:\windows\system32\drivers\http.sys <br/>2009-12-12 03:00:51 31232 ----a-w- c:\windows\system32\httpapi.dll <br/>2009-12-10 18:34:36 87608 ----a-w- c:\users\toshiba\appdata\roaming\inst.exe <br/>2009-12-10 18:34:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys <br/>2009-12-10 18:34:36 47360 ----a-w- c:\users\toshiba\appdata\roaming\pcouffin.sys <br/>2009-12-10 18:32:31 281600 ----a-w- c:\windows\system32\raschap.dll <br/>2009-12-10 18:32:31 244224 ----a-w- c:\windows\system32\rastls.dll <br/>2009-12-10 18:30:53 378368 ----a-w- c:\windows\system32\winhttp.dll <br/>2009-12-10 12:20:22 108032 --sha-r- c:\windows\system32\emdmgmtx.dll <br/>2009-12-07 21:33:21 0 d-----w- c:\programdata\Lexmark 2600 Series <br/>2009-12-05 22:27:04 0 d-----w- c:\programdata\WorldWinner.com <br/>2009-12-01 18:52:44 0 d-----w- c:\programdata\Vso <br/>2009-11-30 23:54:18 0 d-----w- c:\programdata\vsosdk <br/>2009-11-29 20:03:59 0 d-----w- c:\program files\VSO <br/>2009-11-29 18:15:48 0 d-----w- c:\program files\DivX <br/>2009-11-28 18:28:35 0 d-----w- c:\program files\WinAVI Video Converter 9.0 <br/>2009-11-25 03:01:01 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2009-11-24 23:56:27 63 ----a-w- c:\users\toshiba\jagex_runescape_preferences2.dat <br/>2009-11-24 23:52:18 38 ----a-w- c:\users\toshiba\jagex_runescape_preferences.dat <br/>2009-11-24 23:52:05 0 d-----w- c:\windows\.jagex_cache_32 <br/>2009-11-24 22:51:20 1399296 ----a-w- c:\windows\system32\msxml6.dll <br/>2009-11-24 22:51:19 1257472 ----a-w- c:\windows\system32\msxml3.dll <br/>2009-11-24 22:51:14 714240 ----a-w- c:\windows\system32\timedate.cpl <br/>2009-11-23 15:56:32 0 d-----w- c:\program files\Trend Micro <br/>2009-11-19 23:52:27 0 d-----w- c:\programdata\DivoGames <br/>2009-11-19 23:47:39 0 d-----w- C:\games <br/>2009-11-19 22:48:12 74752 ----a-w- c:\windows\system32\newdev.exe <br/>2009-11-19 22:48:12 468992 ----a-w- c:\windows\system32\newdev.dll <br/>2009-11-19 22:47:52 3374 ----a-w- c:\windows\system32\RacUR.xml <br/>2009-11-19 22:47:52 153 ----a-w- c:\windows\system32\RacUREx.xml <br/>2009-11-19 03:23:49 0 d-----w- c:\users\toshiba\appdata\roaming\FaxCtr <br/>2009-11-18 22:38:51 739 ----a-w- c:\windows\XMLEditor4.INI <br/>2009-11-18 22:33:53 0 d-----w- c:\programdata\ACD Systems <br/>2009-11-18 22:33:53 0 d-----w- c:\program files\common files\ACD Systems <br/>2009-11-18 22:33:53 0 d-----w- c:\program files\ACD Systems <br/>2009-11-18 21:44:45 0 d-----w- c:\users\toshiba\appdata\roaming\Lexmark Productivity Studio <br/>2009-11-18 15:45:31 0 d-----w- c:\programdata\Lx_cats <br/>2009-11-18 15:44:04 0 d-----w- C:\logs <br/>2009-11-18 15:41:56 77304 ----a-w- c:\windows\system32\lxdnprpr.chm <br/>2009-11-18 15:41:53 348160 ----a-w- c:\windows\system32\lxdncoin.dll <br/>2009-11-18 15:39:09 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL <br/>2009-11-18 15:39:09 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL <br/>2009-11-18 15:38:49 98345 ----a-w- c:\windows\system32\IMHOST32.DLL <br/>2009-11-18 15:38:49 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL <br/>2009-11-18 15:38:49 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL <br/>2009-11-18 15:38:49 53248 ----a-w- c:\windows\system32\lxf3oem.dll <br/>2009-11-18 15:38:49 49152 ----a-w- c:\windows\system32\IM31IMG.DIL <br/>2009-11-18 15:38:49 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL <br/>2009-11-18 15:38:49 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL <br/>2009-11-18 15:38:47 0 d-----w- c:\programdata\FaxCtr <br/>2009-11-18 15:38:39 0 d-----w- c:\program files\Lexmark Fax Solutions <br/>2009-11-18 15:38:12 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint <br/>2009-11-18 15:37:13 1645320 ----a-w- c:\windows\system32\gdiplus.dll <br/>2009-11-18 15:37:12 0 d-----w- c:\program files\Lexmark Toolbar <br/>2009-11-18 15:37:04 17064 ----a-w- c:\windows\system32\lxdnwupd.exe <br/>2009-11-18 15:37:04 102400 ----a-w- c:\windows\system32\lxdnwupd.dll <br/>2009-11-18 15:37:03 44 ----a-w- c:\windows\system32\lxdnrwrd.ini <br/>2009-11-18 15:36:35 0 d-----w- c:\program files\Lexmark 2600 Series <br/>2009-11-18 00:19:08 4 ----a-w- c:\windows\system32\wnsm2i.rdb <br/>2009-11-18 00:18:10 0 d-----w- c:\users\toshiba\appdata\roaming\SpaceMonger <br/>2009-11-18 00:18:10 0 d-----w- c:\program files\SpaceMonger <br/>2009-11-17 21:59:43 0 d-----w- c:\users\toshiba\appdata\roaming\Thinstall <br/>2009-11-17 20:37:36 0 d-----w- c:\program files\common files\Windows Live <br/>2009-11-17 19:19:35 69 ----a-w- c:\windows\NeroDigital.ini <br/>2009-11-15 20:58:31 0 d-----w- c:\users\toshiba\appdata\roaming\LimeWire <br/>2009-11-15 20:58:15 0 d-----w- c:\program files\LimeWire <br/>2009-11-15 20:38:38 483328 ----a-w- c:\windows\system32\actskn45.ocx <br/>2009-11-15 19:53:40 0 d-----w- c:\users\toshiba\appdata\roaming\Malwarebytes <br/>2009-11-15 19:53:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-11-15 19:53:35 0 d-----w- c:\programdata\Malwarebytes <br/>2009-11-15 19:53:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-11-15 19:53:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-11-15 10:23:40 57667 ----a-w- c:\windows\system32\ieuinit.inf <br/>2009-11-15 03:09:29 97800 ----a-w- c:\windows\system32\infocardapi.dll <br/>2009-11-15 03:09:29 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll <br/>2009-11-15 03:09:28 37384 ----a-w- c:\windows\system32\infocardcpl.cpl <br/>2009-11-15 03:09:27 622080 ----a-w- c:\windows\system32\icardagt.exe <br/>2009-11-15 03:09:27 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll <br/>2009-11-15 03:09:27 11264 ----a-w- c:\windows\system32\icardres.dll <br/>2009-11-15 03:09:25 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll <br/>2009-11-15 03:09:22 326160 ----a-w- c:\windows\system32\PresentationHost.exe <br/>2009-11-15 03:01:29 96760 ----a-w- c:\windows\system32\dfshim.dll <br/>2009-11-15 03:01:25 41984 ----a-w- c:\windows\system32\netfxperf.dll <br/>2009-11-15 03:01:25 282112 ----a-w- c:\windows\system32\mscoree.dll <br/>2009-11-15 03:01:11 158720 ----a-w- c:\windows\system32\mscorier.dll <br/>2009-11-15 03:01:04 83968 ----a-w- c:\windows\system32\mscories.dll <br/>2009-11-14 23:42:34 890953 ----a-w- c:\windows\HSCagl1.ini <br/>2009-11-14 23:27:29 86016 ----a-w- c:\windows\unvise32.exe <br/>2009-11-14 23:27:06 0 d---a-r- c:\program files\Mystical <br/>2009-11-14 23:21:27 54156 ---ha-w- c:\windows\QTFont.qfn <br/>2009-11-14 23:21:27 1409 ----a-w- c:\windows\QTFont.for <br/>2009-11-14 12:06:36 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll <br/>2009-11-14 12:06:34 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll <br/>2009-11-14 12:06:19 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll <br/>2009-11-14 11:44:54 30081012 ----a-w- C:\bbbbbb.PSD <br/>2009-11-14 10:39:00 0 d-----w- c:\programdata\FLEXnet <br/>2009-11-14 10:38:18 0 d-----w- c:\program files\Topaz Labs <br/>2009-11-14 10:32:15 0 d-----w- c:\users\toshiba\appdata\roaming\Pictographics <br/>2009-11-14 10:32:01 0 d-----w- c:\program files\Ps Plugins <br/>2009-11-13 21:10:36 2421760 ----a-w- c:\windows\system32\wucltux.dll <br/>2009-11-13 21:10:01 87552 ----a-w- c:\windows\system32\wudriver.dll <br/>2009-11-13 21:09:45 33792 ----a-w- c:\windows\system32\wuapp.exe <br/>2009-11-13 21:09:45 171608 ----a-w- c:\windows\system32\wuwebv.dll <br/>2009-11-13 00:10:28 4096 ----a-w- c:\windows\d3dx.dat <br/>2009-11-13 00:09:40 0 d-----w- c:\program files\Sandlot <br/>2009-11-12 23:42:59 0 d-----w- c:\program files\common files\Macrovision Shared <br/>2009-11-12 23:23:41 0 d-----w- c:\windows\Panther <br/>2009-11-12 23:23:28 8192 --s-a-r- C:\BOOTSECT.BAK <br/>2009-11-12 23:23:27 333203 --sha-r- C:\bootmgr <br/>2009-11-12 23:23:26 0 d-sh--w- C:\Boot <br/>2009-11-12 23:10:50 0 d-----w- c:\users\toshiba\appdata\roaming\IDM <br/>2009-11-12 23:10:47 0 d-----w- c:\program files\Internet Download Manager <br/>2009-11-12 22:58:21 306688 ----a-w- c:\windows\IsUninst.exe <br/>2009-11-12 21:31:20 0 d-----w- c:\users\toshiba\appdata\roaming\DMCache <br/>2009-11-12 20:12:34 499712 ----a-w- c:\windows\system32\kerberos.dll <br/>2009-11-12 20:12:34 175104 ----a-w- c:\windows\system32\wdigest.dll <br/>2009-11-12 20:12:33 9728 ----a-w- c:\windows\system32\lsass.exe <br/>2009-11-12 20:12:33 72704 ----a-w- c:\windows\system32\secur32.dll <br/>2009-11-12 20:12:33 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys <br/>2009-11-12 20:12:33 270848 ----a-w- c:\windows\system32\schannel.dll <br/>2009-11-12 20:12:33 1256448 ----a-w- c:\windows\system32\lsasrv.dll <br/>2009-11-12 17:50:13 0 d-----w- c:\programdata\CyberLink <br/>2009-11-12 17:49:33 24064 ------w- c:\windows\system32\msxml3a.dll <br/>2009-11-12 17:47:14 213504 ----a-w- c:\windows\system32\msv1_0.dll <br/>2009-11-12 17:47:08 72192 ----a-w- c:\windows\system32\drivers\pacer.sys <br/>2009-11-12 17:47:07 15360 ----a-w- c:\windows\system32\pacerprf.dll <br/>2009-11-12 17:47:03 2868224 ----a-w- c:\windows\system32\mf.dll <br/>2009-11-12 17:46:28 71680 ----a-w- c:\windows\system32\atl.dll <br/>2009-11-12 17:46:25 296960 ----a-w- c:\windows\system32\gdi32.dll <br/>2009-11-12 17:46:23 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys <br/>2009-11-12 17:46:15 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe <br/>2009-11-12 17:46:15 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2009-11-12 17:46:09 2066432 ----a-w- c:\windows\system32\mstscax.dll <br/>2009-11-12 17:46:05 160256 ----a-w- c:\windows\system32\wkssvc.dll <br/>2009-11-12 17:46:01 562176 ----a-w- c:\windows\system32\msdtcprx.dll <br/>2009-11-12 17:46:01 38912 ----a-w- c:\windows\system32\xolehlp.dll <br/>2009-11-12 17:45:57 269312 ----a-w- c:\windows\system32\es.dll <br/>2009-11-12 17:45:55 303616 ----a-w- c:\windows\system32\wmpeffects.dll <br/>2009-11-12 17:45:29 428544 ----a-w- c:\windows\system32\EncDec.dll <br/>2009-11-12 17:45:28 217088 ----a-w- c:\windows\system32\psisrndr.ax <br/>2009-11-12 17:45:26 293376 ----a-w- c:\windows\system32\psisdecd.dll <br/>2009-11-12 17:45:23 80896 ----a-w- c:\windows\system32\MSNP.ax <br/>2009-11-12 17:45:23 57856 ----a-w- c:\windows\system32\MSDvbNP.ax <br/>2009-11-12 17:45:23 177664 ----a-w- c:\windows\system32\mpg2splt.ax <br/>2009-11-12 17:43:40 2035712 ----a-w- c:\windows\system32\win32k.sys <br/>2009-11-12 17:42:58 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll <br/>2009-11-12 17:42:58 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll <br/>2009-11-12 17:42:58 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll <br/>2009-11-12 17:42:47 147456 ----a-w- c:\windows\system32\Faultrep.dll <br/>2009-11-12 17:42:47 125952 ----a-w- c:\windows\system32\wersvc.dll <br/>2009-11-12 17:41:16 0 d-----w- c:\programdata\Adobe <br/>2009-11-12 17:38:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys <br/>2009-11-12 17:37:04 0 d-----w- c:\programdata\Apple Computer <br/>2009-11-12 17:37:04 0 d-----w- C:\_Programs <br/>2009-11-12 17:35:45 195456 ------w- c:\windows\system32\MpSigStub.exe <br/>2009-11-12 17:34:33 0 d-----w- c:\program files\MSECache <br/>2009-11-12 17:33:39 376 ----a-w- c:\windows\ODBC.INI <br/>2009-11-12 17:33:36 28040 ----a-w- c:\windows\system32\mdimon.dll <br/>2009-11-12 17:33:04 443392 ----a-w- c:\windows\system32\win32spl.dll <br/>2009-11-12 17:32:28 310784 ----a-w- c:\windows\system32\unregmp2.exe <br/>2009-11-12 17:32:27 7680 ----a-w- c:\windows\system32\spwmp.dll <br/>2009-11-12 17:32:27 4096 ----a-w- c:\windows\system32\msdxm.ocx <br/>2009-11-12 17:32:27 4096 ----a-w- c:\windows\system32\dxmasf.dll <br/>2009-11-12 17:32:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL <br/>2009-11-12 17:32:18 0 d-----w- c:\program files\Microsoft ActiveSync <br/>2009-11-12 17:30:30 0 d-----w- c:\windows\PCHEALTH <br/>2009-11-12 17:29:18 0 d-----w- c:\programdata\Nero <br/>2009-11-12 17:29:18 0 d-----w- c:\program files\Nero <br/>2009-11-12 17:28:59 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys <br/>2009-11-12 17:27:59 43256 ----a-w- c:\windows\system32\badge.bmp <br/>2009-11-12 17:17:33 920088 ----a-w- c:\windows\system32\igxpun.exe <br/>2009-11-12 17:17:33 0 d-----w- c:\windows\system32\x64 <br/>2009-11-12 17:17:31 319456 ----a-w- c:\windows\system32\difxapi.dll <br/>2009-11-12 17:17:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf <br/>2009-11-12 17:16:56 0 d-----w- c:\program files\Synaptics <br/>2009-11-12 17:16:06 0 d-----w- c:\program files\CONEXANT <br/>2009-11-12 17:05:56 0 d-----w- c:\program files\Realtek <br/>2009-11-12 17:05:35 0 d-----w- C:\lan-20080416141245 <br/>2009-11-12 16:28:56 0 d-----w- C:\SWSetup <br/>2009-11-12 16:28:31 0 d-----w- C:\DRIVERS <br/>2009-11-12 16:28:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf <br/> <br/>==================== Find3M ==================== <br/> <br/>2009-12-10 18:48:43 86016 ----a-w- c:\windows\inf\infstrng.dat <br/>2009-12-10 18:48:43 51200 ----a-w- c:\windows\inf\infpub.dat <br/>2009-12-10 18:34:48 86016 ----a-w- c:\windows\inf\infstor.dat <br/>2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll <br/>2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll <br/>2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2009-11-13 03:23:26 665600 ----a-w- c:\windows\inf\drvindex.dat <br/>2009-11-12 23:37:17 129784 ----a-w- c:\windows\system32\pxafs.dll <br/>2009-11-12 23:37:16 116472 ----a-w- c:\windows\system32\pxcpyi64.exe <br/>2009-11-12 23:37:15 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys <br/>2009-11-12 23:37:15 118520 ----a-w- c:\windows\system32\pxinsi64.exe <br/>2009-10-05 12:47:12 11280384 ----a-w- c:\windows\system32\tliremask10.dll <br/>2009-09-30 13:52:56 9916928 ----a-w- c:\windows\system32\tliadjust34.dll <br/>2009-09-09 10:43:08 210352 ----a-w- c:\windows\system32\idmmbc.dll <br/>2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll <br/>2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll <br/>2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll <br/>2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini <br/>2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat <br/>2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat <br/>2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat <br/>2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat <br/>2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat <br/>2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat <br/>2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat <br/>2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat <br/>2003-01-31 04:43:19 6065152 ----a-w- c:\program files\Mystical.exe <br/>2003-01-30 19:20:26 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf <br/>2001-07-17 16:15:08 66680 ----a-w- c:\program files\ARDS1.ttf <br/> <br/>============= FINISH: 17:02:40.90 ===============
Posted 12/15/2009 4:52 AM
#80979
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello and welcome to BG :smile: <br/> <br/> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Please go to [color=#0000ff>http://www.eset.com/onlinescan/</FONT>[/url]<?xml:namespace]<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>to perform an online scan. Please use Internet Explorer as it uses ActiveX.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) this box: YES, I accept the Terms of Use.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click on the Start button next to it.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>When prompted to run ActiveX. click Yes.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>You will be asked to install an ActiveX. Click Install.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once installed, the scanner will be initialized.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>After the scanner is initialized, click Start.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) Remove found threats box.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) Scan unwanted applications.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click on Scan.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>It will start scanning. Please be patient.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Please post this log in your next reply.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>http://download.eset.com/special/eos/esetsmartinstaller_enu.exe[/color]<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB> and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the below steps to run the scan.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) this box: YES, I accept the Terms of Use.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click on the Start button next to it.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>When prompted to run ActiveX. click Yes.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>You will be asked to install an ActiveX. Click Install.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once installed, the scanner will be initialized.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>After the scanner is initialized, click Start.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) Remove found threats box.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) Scan unwanted applications.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click on Scan.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>It will start scanning. Please be patient.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Please post this log in your next reply -> Along with a Superantispywaew log: <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Please run <FONT color=#222222>http://www.superantispyware.com/onlinescan.html<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB><SPAN style="mso-spacerun: yes"> Follow the instructions on the site. When downloaded, click on – Check for updates – Button.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Configuration and Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>, click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> button. <br/>Click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Scanning Control<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> tab. <br/>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Scanner Options<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> make sure the following are checked:<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Close browsers before scanning <br/>Scan for tracking cookies <br/>Terminate memory threats before quarantining. <br/>Ignore System Restore/Volume Information on ME and XP <br/>Please leave the others unchecked.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>On the main screen, under Scan for Harmful Software click Scan your computer. <br/>On the left check C:\Fixed Drive. <br/>On the right, under Complete Scan, choose Perform Complete Scan. <br/>Click Next to start the scan. Please be patient while it scans your computer. <br/>After the scan is complete a summary box will appear. Click OK. <br/>Make sure everything in the white box has a check next to it, then click Next. <br/>It will quarantine what it found and if it asks if you want to reboot, click <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: red; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>NO.<SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB> <BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>When the scan have finished -><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Click <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> . Click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Statistics/Logs tab<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> . <br/>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Scanner Logs<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> , double-click <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>SUPERAntiSpyware Scan Log<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB> . <br/>It will open in your default text editor (such as Notepad/Wordpad).<o:p></o:p> <br/> <br/><UL type=disc> <br/><LI style="LINE-HEIGHT: 160%; MARGIN: 0cm 0cm 0pt; COLOR: #222222; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Save the logfile to desktop<o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 160%; MARGIN: 0cm 0cm 0pt; COLOR: #222222; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Click close and close again to exit the program.<o:p></o:p></LI></UL> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB>Reboot, if needed.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>___________________<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 8.0pt" lang=EN-GB> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/16/2009 8:21 AM
#81021
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
Hya, <br/> <br/>I did as you suggested and the results of both scans are below:- <br/> <br/>[url=ESETSmartInstaller@High]ESETSmartInstaller@High[/url] as CAB hook log: <br/>OnlineScanner.ocx - registred OK <br/>[url=ESETSmartInstaller@High]ESETSmartInstaller@High[/url] as downloader log: <br/>all ok <br/># version=7 <br/># OnlineScannerApp.exe=1.0.0.1 <br/># OnlineScanner.ocx=1.0.0.6211 <br/># api_version=3.0.2 <br/># EOSSerial=6b30629e0e04ea42874b98365827e34e <br/># end=finished <br/># remove_checked=true <br/># archives_checked=true <br/># unwanted_checked=true <br/># unsafe_checked=false <br/># antistealth_checked=true <br/># utc_time=2009-11-25 01:15:36 <br/># local_time=2009-11-25 01:15:36 (+0000, GMT Standard Time) <br/># country="United Kingdom" <br/># lang=1033 <br/># osver=6.0.6001 NT Service Pack 1 <br/># compatibility_mode=512 16777215 100 0 120437 120437 0 0 <br/># compatibility_mode=769 16775165 100 98 3804 195386183 36326 0 <br/># compatibility_mode=5892 16776573 100 100 102750 96641357 0 0 <br/># compatibility_mode=8192 67108863 100 0 115072 115072 0 0 <br/># scanned=119665 <br/># found=0 <br/># cleaned=0 <br/># scan_time=3106 <br/> <br/> <br/>SUPERAntiSpyware Scan Log <br/>http://www.superantispyware.com <br/> <br/>Generated 11/24/2009 at 11:47 PM <br/> <br/>Application Version : 4.31.1000 <br/> <br/>Core Rules Database Version : 4374 <br/>Trace Rules Database Version: 2214 <br/> <br/>Scan type : Custom Scan <br/>Total Scan Time : 05:53:57 <br/> <br/>Memory items scanned : 565 <br/>Memory threats detected : 0 <br/>Registry items scanned : 6403 <br/>Registry threats detected : 2 <br/>File items scanned : 633883 <br/>File threats detected : 12 <br/> <br/>Trojan.Agent/Gen <br/> HKU\S-1-5-21-2478470916-2375115024-4100638468-1000\Software\NeoChronos <br/> HKU\S-1-5-21-2478470916-2375115024-4100638468-1000\Software\Margotte <br/> <br/>Adware.Tracking Cookie <br/> C:\Documents and Settings\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt <br/> C:\Documents and Settings\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt <br/> C:\Documents and Settings\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt <br/> C:\Documents and Settings\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt <br/> C:\Documents and Settings\Toshiba\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt <br/> C:\Documents and Settings\Toshiba\Cookies\Low\toshiba@hitbox[2].txt <br/> C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt <br/> C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt <br/> C:\Users\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt <br/> C:\Users\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt <br/> C:\Users\Toshiba\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt <br/> C:\Users\Toshiba\Cookies\Low\toshiba@hitbox[2].txt
Posted 12/16/2009 12:24 PM
#81022
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>Please download Combofix from:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#800080][3]http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe[/3][/color]<SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>And save to the desktop.<SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt" lang=EN>Close all other browser windows.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt" lang=EN> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Double-click on the combofix icon found on your desktop. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.<o:p></o:p></B> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt.<SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB> <SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>Post the contents of that log in your next reply <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB> <o:p></o:p> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA" lang=EN>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/17/2009 9:59 PM
#81088
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
Hya, <br/> <br/>I ran combofix and it hasn't redirected today, however, it is still acting a little bizzare and keeps coming up with cannot find page bumf and asking me to press F12 to disable proxy settings etc - which it has never asked me for before, however, after pressing F12 I checked enable proxy and then reverted back again, refreshed the page and it went to the web page I asked it for! <br/> <br/>Anyway, this is the combo fix log file:- <br/> <br/>ComboFix 09-12-16.01 - Toshiba 17/12/2009 10:14:08.2.2 - x86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1235 [GMT 0:00] <br/>Running from: c:\users\Toshiba\Documents\Downloads\Programs\KittyFix.exe <br/>SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} <br/>SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-12-17 10:21 . 2009-12-17 10:21 -------- d-----w- c:\users\Toshiba\AppData\Local\temp <br/>2009-12-17 10:21 . 2009-12-17 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\program files\CCleaner <br/>2009-12-13 07:53 . 2009-12-13 11:10 -------- d-----w- c:\users\Toshiba\AppData\Local\ojneid <br/>2009-12-12 03:02 . 2009-12-12 03:02 -------- d-----w- c:\windows\CheckSur <br/>2009-12-12 03:00 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll <br/>2009-12-12 03:00 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll <br/>2009-12-12 03:00 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys <br/>2009-12-10 18:34 . 2009-12-10 18:48 47360 ----a-w- c:\users\Toshiba\AppData\Roaming\pcouffin.sys <br/>2009-12-10 18:34 . 2009-12-10 18:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys <br/>2009-12-10 18:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll <br/>2009-12-10 18:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll <br/>2009-12-10 18:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll <br/>2009-12-10 12:20 . 2009-12-10 12:20 108032 --sha-r- c:\windows\system32\emdmgmtx.dll <br/>2009-12-07 21:33 . 2009-12-07 21:33 -------- d-----w- c:\programdata\Lexmark 2600 Series <br/>2009-12-05 22:27 . 2009-12-05 22:27 -------- d-----w- c:\programdata\WorldWinner.com <br/>2009-12-05 16:56 . 2009-12-05 16:56 -------- d-----w- c:\windows\Sun <br/>2009-12-01 18:52 . 2009-12-13 17:32 -------- d-----w- c:\programdata\Vso <br/>2009-11-30 23:54 . 2009-11-30 23:54 -------- d-----w- c:\programdata\vsosdk <br/>2009-11-30 23:21 . 2009-11-30 23:21 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DivX <br/>2009-11-29 20:04 . 2009-12-13 17:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Vso <br/>2009-11-29 20:03 . 2009-12-10 18:48 -------- d-----w- c:\program files\VSO <br/>2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\users\Toshiba\AppData\Local\Google <br/>2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\program files\Google <br/>2009-11-29 18:15 . 2009-11-29 18:16 -------- d-----w- c:\program files\DivX <br/>2009-11-29 18:07 . 2009-11-29 18:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\CyberLink <br/>2009-11-28 18:29 . 2009-11-28 18:29 -------- d-----w- c:\users\Toshiba\AppData\Local\WinAVI <br/>2009-11-28 18:28 . 2009-11-28 18:28 -------- d-----w- c:\program files\WinAVI Video Converter 9.0 <br/>2009-11-25 03:01 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2009-11-24 23:56 . 2009-11-29 11:22 63 ----a-w- c:\users\Toshiba\jagex_runescape_preferences2.dat <br/>2009-11-24 23:52 . 2009-11-29 11:22 38 ----a-w- c:\users\Toshiba\jagex_runescape_preferences.dat <br/>2009-11-24 23:52 . 2009-12-10 10:52 -------- d-----w- c:\windows\.jagex_cache_32 <br/>2009-11-24 22:51 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll <br/>2009-11-24 22:51 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll <br/>2009-11-23 17:38 . 2009-11-23 17:38 117760 ----a-w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard <br/>2009-11-23 17:25 . 2009-11-23 17:25 -------- d-----w- c:\program files\ESET <br/>2009-11-23 17:06 . 2009-11-23 17:06 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-11-23 17:06 . 2009-11-23 17:06 -------- d-----w- c:\program files\Java <br/>2009-11-23 16:22 . 2009-11-23 16:22 0 ----a-w- c:\windows\nsreg.dat <br/>2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- c:\users\Toshiba\AppData\Local\Mozilla <br/>2009-11-23 15:56 . 2009-11-23 15:56 -------- d-----w- c:\program files\Trend Micro <br/>2009-11-19 23:52 . 2009-11-19 23:52 -------- d-----w- c:\programdata\DivoGames <br/>2009-11-19 23:47 . 2009-11-19 23:47 -------- d-----w- C:\games <br/>2009-11-19 22:48 . 2008-09-03 03:59 468992 ----a-w- c:\windows\system32\newdev.dll <br/>2009-11-19 22:48 . 2008-09-03 03:58 74752 ----a-w- c:\windows\system32\newdev.exe <br/>2009-11-19 03:23 . 2009-11-19 03:23 -------- d-----w- c:\users\Toshiba\AppData\Roaming\FaxCtr <br/>2009-11-18 22:33 . 2009-11-18 22:34 -------- d-----w- c:\program files\Common Files\ACD Systems <br/>2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\programdata\ACD Systems <br/>2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\program files\ACD Systems <br/>2009-11-18 22:31 . 2009-11-18 22:31 -------- d-----w- c:\users\Toshiba\AppData\Local\Downloaded Installations <br/>2009-11-18 21:44 . 2009-12-08 16:39 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Lexmark Productivity Studio <br/>2009-11-18 15:45 . 2009-11-25 10:28 -------- d-----w- c:\programdata\Lx_cats <br/>2009-11-18 15:44 . 2009-11-18 15:44 -------- d-----w- C:\logs <br/>2009-11-18 15:43 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll <br/>2009-11-18 15:41 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll <br/>2009-11-18 15:39 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL <br/>2009-11-18 15:39 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL <br/>2009-11-18 15:38 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL <br/>2009-11-18 15:38 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll <br/>2009-11-18 15:38 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL <br/>2009-11-18 15:38 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL <br/>2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\programdata\FaxCtr <br/>2009-11-18 15:38 . 2009-12-10 10:52 -------- d-----w- c:\program files\Lexmark Fax Solutions <br/>2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint <br/>2009-11-18 15:37 . 2007-06-28 13:52 1645320 ----a-w- c:\windows\system32\gdiplus.dll <br/>2009-11-18 15:37 . 2009-12-10 10:52 -------- d-----w- c:\program files\Lexmark Toolbar <br/>2009-11-18 15:37 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe <br/>2009-11-18 15:37 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll <br/>2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\program files\SpaceMonger <br/>2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SpaceMonger <br/>2009-11-17 21:59 . 2009-11-17 21:59 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Thinstall <br/>2009-11-17 20:37 . 2009-11-17 20:37 -------- d-----w- c:\program files\Common Files\Windows Live <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-12-16 23:54 . 2009-11-12 21:31 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DMCache <br/>2009-12-14 12:06 . 2009-11-15 20:58 -------- d-----w- c:\users\Toshiba\AppData\Roaming\LimeWire <br/>2009-12-12 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail <br/>2009-12-10 10:52 . 2009-11-14 10:39 -------- d-----w- c:\programdata\FLEXnet <br/>2009-12-10 10:52 . 2009-11-18 15:36 -------- d-----w- c:\program files\Lexmark 2600 Series <br/>2009-12-01 09:38 . 2009-11-12 15:33 1356 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat <br/>2009-11-29 18:06 . 2009-11-12 17:50 -------- d-----w- c:\programdata\CyberLink <br/>2009-11-24 23:09 . 2009-11-12 21:09 -------- d-----w- c:\program files\Opera <br/>2009-11-21 06:40 . 2009-12-10 18:31 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2009-11-21 06:34 . 2009-12-10 18:31 71680 ----a-w- c:\windows\system32\iesetup.dll <br/>2009-11-21 06:34 . 2009-12-10 18:31 109056 ----a-w- c:\windows\system32\iesysprep.dll <br/>2009-11-21 04:59 . 2009-12-10 18:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2009-11-19 03:22 . 2009-11-12 15:34 80792 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT <br/>2009-11-19 03:21 . 2009-11-12 17:47 -------- d-----w- c:\program files\Microsoft Silverlight <br/>2009-11-18 00:10 . 2009-11-14 10:38 -------- d-----w- c:\program files\Topaz Labs <br/>2009-11-15 20:58 . 2009-11-15 20:58 -------- d-----w- c:\program files\LimeWire <br/>2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes <br/>2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\programdata\Malwarebytes <br/>2009-11-14 23:27 . 2009-11-14 23:27 -------- d---a-r- c:\program files\Mystical <br/>2009-11-14 22:38 . 2009-11-14 22:25 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Alien Skin <br/>2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\program files\Ps Plugins <br/>2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Pictographics <br/>2009-11-14 10:20 . 2009-11-12 23:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\IDM <br/>2009-11-13 09:01 . 2009-11-12 23:10 -------- d-----w- c:\program files\Internet Download Manager <br/>2009-11-13 03:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat <br/>2009-11-13 00:10 . 2009-11-13 00:10 4096 ----a-w- c:\windows\d3dx.dat <br/>2009-11-13 00:09 . 2009-11-13 00:09 -------- d-----w- c:\program files\Sandlot <br/>2009-11-12 23:43 . 2009-11-12 17:41 -------- d-----w- c:\program files\Common Files\Adobe <br/>2009-11-12 23:42 . 2009-11-12 23:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared <br/>2009-11-12 23:39 . 2009-11-12 23:39 -------- d-----w- c:\windows\Fonts\Fonts <br/>2009-11-12 23:37 . 2009-11-12 23:37 129784 ----a-w- c:\windows\system32\pxafs.dll <br/>2009-11-12 23:37 . 2009-11-12 23:37 116472 ----a-w- c:\windows\system32\pxcpyi64.exe <br/>2009-11-12 23:37 . 2009-11-12 23:37 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys <br/>2009-11-12 23:37 . 2009-11-12 23:37 118520 ----a-w- c:\windows\system32\pxinsi64.exe <br/>2009-11-12 23:11 . 2009-11-12 23:11 198064 ----a-w- c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll <br/>2009-11-12 17:49 . 2009-11-12 17:48 -------- d-----w- c:\program files\CyberLink <br/>2009-11-12 17:49 . 2009-11-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-11-12 17:48 . 2009-11-12 17:48 -------- d-----w- c:\program files\Common Files\InstallShield <br/>2009-11-12 17:38 . 2009-11-12 17:38 -------- d-----w- c:\program files\Alwil Software <br/>2009-11-12 17:37 . 2009-11-12 17:37 -------- d-----w- c:\programdata\Apple Computer <br/>2009-11-12 17:34 . 2009-11-12 17:34 -------- d-----w- c:\program files\MSECache <br/>2009-11-12 17:32 . 2009-11-12 17:32 -------- d-----w- c:\program files\Microsoft ActiveSync <br/>2009-11-12 17:30 . 2009-11-12 17:30 -------- d-----w- c:\program files\Microsoft.NET <br/>2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Nero <br/>2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Common Files\Nero <br/>2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\programdata\Nero <br/>2009-11-12 17:17 . 2009-11-12 17:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf <br/>2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\Synaptics <br/>2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\CONEXANT <br/>2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\program files\Realtek <br/>2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\InstallShield <br/>2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\Intel <br/>2009-11-12 16:28 . 2009-11-12 16:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf <br/>2009-11-02 20:42 . 2009-11-12 17:35 195456 ------w- c:\windows\system32\MpSigStub.exe <br/>2009-10-05 12:47 . 2009-10-05 12:47 11280384 ----a-w- c:\windows\system32\tliremask10.dll <br/>2009-09-30 13:52 . 2009-09-30 13:52 9916928 ----a-w- c:\windows\system32\tliadjust34.dll <br/>2003-01-31 04:43 . 2003-01-20 13:07 6065152 ----a-w- c:\program files\Mystical.exe <br/>2003-01-30 19:20 . 2003-01-20 13:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf <br/>2001-07-17 16:15 . 2003-01-30 01:23 66680 ----a-w- c:\program files\ARDS1.ttf <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] <br/>"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3134896] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/> <br/>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] <br/>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] <br/>2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] <br/>@="Service" <br/> <br/>[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] <br/>path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk <br/>backup=c:\windows\pss\LimeWire On Startup.lnk.Startup <br/>backupExtension=.Startup <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] <br/>2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] <br/>2008-02-11 20:13 166424 ----a-w- c:\windows\System32\hkcmd.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] <br/>2009-11-13 09:01 3134896 ----a-w- c:\program files\Internet Download Manager\IDMan.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] <br/>2006-12-05 22:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon] <br/>2009-01-29 15:43 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe] <br/>2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] <br/>2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] <br/>2008-02-11 20:13 133656 ----a-w- c:\windows\System32\igfxpers.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] <br/>2008-01-31 23:13 385024 ----a-w- c:\_programs\QuickTime Pro v7.4.1.14\QTTask.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] <br/>2006-11-23 15:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] <br/>2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] <br/>2009-11-23 17:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] <br/>2009-11-23 08:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] <br/>2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] <br/>2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/11/2009 17:38 114768] <br/>R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968] <br/>R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480] <br/>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/11/2009 17:38 20560] <br/>R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/11/2009 17:38 53328] <br/>R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 02:23 21504] <br/>R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] <br/>R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648] <br/>S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 23:07 98984] <br/>S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>HsfXAudioService REG_MULTI_SZ HsfXAudioService <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.google.co.uk/ <br/>uInternet Settings,ProxyServer = http=127.0.0.1:5555 <br/>uInternet Settings,ProxyOverride = <local> <br/>IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm <br/>IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm <br/>IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>LSP: c:\windows\system32\idmmbc.dll <br/>FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mrs8s1d2.default\ <br/>FF - component: c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin2.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin3.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin4.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin5.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin6.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin7.dll <br/>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-12-17 10:21 <br/>Windows 6.0.6001 Service Pack 1 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>. <br/>Completion time: 2009-12-17 10:23:47 <br/>ComboFix-quarantined-files.txt 2009-12-17 10:23 <br/> <br/>Pre-Run: 66,959,011,840 bytes free <br/>Post-Run: 66,905,452,544 bytes free <br/> <br/>- - End Of File - - 6C23B138A173E42FF4693DEE0B27B916
Posted 12/18/2009 5:37 AM
#81101
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Open notepad and copy/paste the bold text in the codebox below into it:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Name the file as CFScript <br/>and Save it on the desktop<o:p></o:p> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: silver; FONT-SIZE: 7.5pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/>Code: <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>Killall::<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>Snapshot::<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>Folder::<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>c:\users\Toshiba\AppData\Local\ojneid<SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>DDS:: <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>uInternet Settings,ProxyServer = http=127.0.0.1:5555 <br/>uInternet Settings,ProxyOverride = <local><o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>User image <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/20/2009 12:11 AM
#81166
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
ComboFix 09-12-16.01 - Toshiba 19/12/2009 23:59:44.4.2 - x86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1255 [GMT 0:00] <br/>Running from: c:\users\Toshiba\Desktop\KittyFix.exe <br/>Command switches used :: c:\users\Toshiba\Desktop\CFScript.txt <br/>SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} <br/>SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} <br/>. <br/>((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Toshiba\AppData\Local\temp <br/>2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Public\AppData\Local\temp <br/>2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\program files\CCleaner <br/>2009-12-13 07:53 . 2009-12-13 11:10 -------- d-----w- c:\users\Toshiba\AppData\Local\ojneid <br/>2009-12-12 03:02 . 2009-12-12 03:02 -------- d-----w- c:\windows\CheckSur <br/>2009-12-12 03:00 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll <br/>2009-12-12 03:00 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll <br/>2009-12-12 03:00 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys <br/>2009-12-10 18:34 . 2009-12-10 18:48 47360 ----a-w- c:\users\Toshiba\AppData\Roaming\pcouffin.sys <br/>2009-12-10 18:34 . 2009-12-10 18:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys <br/>2009-12-10 18:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll <br/>2009-12-10 18:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll <br/>2009-12-10 18:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll <br/>2009-12-10 12:20 . 2009-12-10 12:20 108032 --sha-r- c:\windows\system32\emdmgmtx.dll <br/>2009-12-07 21:33 . 2009-12-07 21:33 -------- d-----w- c:\programdata\Lexmark 2600 Series <br/>2009-12-05 22:27 . 2009-12-05 22:27 -------- d-----w- c:\programdata\WorldWinner.com <br/>2009-12-05 16:56 . 2009-12-05 16:56 -------- d-----w- c:\windows\Sun <br/>2009-12-01 18:52 . 2009-12-13 17:32 -------- d-----w- c:\programdata\Vso <br/>2009-11-30 23:54 . 2009-11-30 23:54 -------- d-----w- c:\programdata\vsosdk <br/>2009-11-30 23:21 . 2009-11-30 23:21 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DivX <br/>2009-11-29 20:04 . 2009-12-13 17:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Vso <br/>2009-11-29 20:03 . 2009-12-10 18:48 -------- d-----w- c:\program files\VSO <br/>2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\users\Toshiba\AppData\Local\Google <br/>2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\program files\Google <br/>2009-11-29 18:15 . 2009-11-29 18:16 -------- d-----w- c:\program files\DivX <br/>2009-11-29 18:07 . 2009-11-29 18:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\CyberLink <br/>2009-11-28 18:29 . 2009-11-28 18:29 -------- d-----w- c:\users\Toshiba\AppData\Local\WinAVI <br/>2009-11-28 18:28 . 2009-11-28 18:28 -------- d-----w- c:\program files\WinAVI Video Converter 9.0 <br/>2009-11-25 03:01 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2009-11-24 23:56 . 2009-11-29 11:22 63 ----a-w- c:\users\Toshiba\jagex_runescape_preferences2.dat <br/>2009-11-24 23:52 . 2009-11-29 11:22 38 ----a-w- c:\users\Toshiba\jagex_runescape_preferences.dat <br/>2009-11-24 23:52 . 2009-12-10 10:52 -------- d-----w- c:\windows\.jagex_cache_32 <br/>2009-11-24 22:51 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll <br/>2009-11-24 22:51 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll <br/>2009-11-23 17:38 . 2009-11-23 17:38 117760 ----a-w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com <br/>2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard <br/>2009-11-23 17:25 . 2009-11-23 17:25 -------- d-----w- c:\program files\ESET <br/>2009-11-23 17:06 . 2009-11-23 17:06 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-11-23 17:06 . 2009-11-23 17:06 -------- d-----w- c:\program files\Java <br/>2009-11-23 16:22 . 2009-11-23 16:22 0 ----a-w- c:\windows\nsreg.dat <br/>2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- c:\users\Toshiba\AppData\Local\Mozilla <br/>2009-11-23 15:56 . 2009-11-23 15:56 -------- d-----w- c:\program files\Trend Micro <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-12-19 23:50 . 2009-11-12 21:31 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DMCache <br/>2009-12-14 12:06 . 2009-11-15 20:58 -------- d-----w- c:\users\Toshiba\AppData\Roaming\LimeWire <br/>2009-12-12 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail <br/>2009-12-10 10:52 . 2009-11-18 15:37 -------- d-----w- c:\program files\Lexmark Toolbar <br/>2009-12-10 10:52 . 2009-11-14 10:39 -------- d-----w- c:\programdata\FLEXnet <br/>2009-12-10 10:52 . 2009-11-18 15:38 -------- d-----w- c:\program files\Lexmark Fax Solutions <br/>2009-12-10 10:52 . 2009-11-18 15:36 -------- d-----w- c:\program files\Lexmark 2600 Series <br/>2009-12-08 16:39 . 2009-11-18 21:44 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Lexmark Productivity Studio <br/>2009-12-01 09:38 . 2009-11-12 15:33 1356 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat <br/>2009-11-29 18:06 . 2009-11-12 17:50 -------- d-----w- c:\programdata\CyberLink <br/>2009-11-25 10:28 . 2009-11-18 15:45 -------- d-----w- c:\programdata\Lx_cats <br/>2009-11-24 23:09 . 2009-11-12 21:09 -------- d-----w- c:\program files\Opera <br/>2009-11-21 06:40 . 2009-12-10 18:31 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2009-11-21 06:34 . 2009-12-10 18:31 71680 ----a-w- c:\windows\system32\iesetup.dll <br/>2009-11-21 06:34 . 2009-12-10 18:31 109056 ----a-w- c:\windows\system32\iesysprep.dll <br/>2009-11-21 04:59 . 2009-12-10 18:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2009-11-19 23:52 . 2009-11-19 23:52 -------- d-----w- c:\programdata\DivoGames <br/>2009-11-19 03:23 . 2009-11-19 03:23 -------- d-----w- c:\users\Toshiba\AppData\Roaming\FaxCtr <br/>2009-11-19 03:22 . 2009-11-12 15:34 80792 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT <br/>2009-11-19 03:21 . 2009-11-12 17:47 -------- d-----w- c:\program files\Microsoft Silverlight <br/>2009-11-18 22:34 . 2009-11-18 22:33 -------- d-----w- c:\program files\Common Files\ACD Systems <br/>2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\programdata\ACD Systems <br/>2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\program files\ACD Systems <br/>2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\programdata\FaxCtr <br/>2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint <br/>2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\program files\SpaceMonger <br/>2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SpaceMonger <br/>2009-11-18 00:10 . 2009-11-14 10:38 -------- d-----w- c:\program files\Topaz Labs <br/>2009-11-17 21:59 . 2009-11-17 21:59 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Thinstall <br/>2009-11-17 20:37 . 2009-11-17 20:37 -------- d-----w- c:\program files\Common Files\Windows Live <br/>2009-11-15 20:58 . 2009-11-15 20:58 -------- d-----w- c:\program files\LimeWire <br/>2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes <br/>2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\programdata\Malwarebytes <br/>2009-11-14 23:27 . 2009-11-14 23:27 -------- d---a-r- c:\program files\Mystical <br/>2009-11-14 22:38 . 2009-11-14 22:25 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Alien Skin <br/>2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\program files\Ps Plugins <br/>2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Pictographics <br/>2009-11-14 10:20 . 2009-11-12 23:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\IDM <br/>2009-11-13 09:01 . 2009-11-12 23:10 -------- d-----w- c:\program files\Internet Download Manager <br/>2009-11-13 03:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat <br/>2009-11-13 00:10 . 2009-11-13 00:10 4096 ----a-w- c:\windows\d3dx.dat <br/>2009-11-13 00:09 . 2009-11-13 00:09 -------- d-----w- c:\program files\Sandlot <br/>2009-11-12 23:43 . 2009-11-12 17:41 -------- d-----w- c:\program files\Common Files\Adobe <br/>2009-11-12 23:42 . 2009-11-12 23:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared <br/>2009-11-12 23:39 . 2009-11-12 23:39 -------- d-----w- c:\windows\Fonts\Fonts <br/>2009-11-12 23:37 . 2009-11-12 23:37 129784 ----a-w- c:\windows\system32\pxafs.dll <br/>2009-11-12 23:37 . 2009-11-12 23:37 116472 ----a-w- c:\windows\system32\pxcpyi64.exe <br/>2009-11-12 23:37 . 2009-11-12 23:37 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys <br/>2009-11-12 23:37 . 2009-11-12 23:37 118520 ----a-w- c:\windows\system32\pxinsi64.exe <br/>2009-11-12 23:11 . 2009-11-12 23:11 198064 ----a-w- c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll <br/>2009-11-12 17:49 . 2009-11-12 17:48 -------- d-----w- c:\program files\CyberLink <br/>2009-11-12 17:49 . 2009-11-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-11-12 17:48 . 2009-11-12 17:48 -------- d-----w- c:\program files\Common Files\InstallShield <br/>2009-11-12 17:38 . 2009-11-12 17:38 -------- d-----w- c:\program files\Alwil Software <br/>2009-11-12 17:37 . 2009-11-12 17:37 -------- d-----w- c:\programdata\Apple Computer <br/>2009-11-12 17:34 . 2009-11-12 17:34 -------- d-----w- c:\program files\MSECache <br/>2009-11-12 17:32 . 2009-11-12 17:32 -------- d-----w- c:\program files\Microsoft ActiveSync <br/>2009-11-12 17:30 . 2009-11-12 17:30 -------- d-----w- c:\program files\Microsoft.NET <br/>2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Nero <br/>2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Common Files\Nero <br/>2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\programdata\Nero <br/>2009-11-12 17:17 . 2009-11-12 17:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf <br/>2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\Synaptics <br/>2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\CONEXANT <br/>2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\program files\Realtek <br/>2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\InstallShield <br/>2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\Intel <br/>2009-11-12 16:28 . 2009-11-12 16:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf <br/>2009-11-02 20:42 . 2009-11-12 17:35 195456 ------w- c:\windows\system32\MpSigStub.exe <br/>2009-10-05 12:47 . 2009-10-05 12:47 11280384 ----a-w- c:\windows\system32\tliremask10.dll <br/>2009-09-30 13:52 . 2009-09-30 13:52 9916928 ----a-w- c:\windows\system32\tliadjust34.dll <br/>2003-01-31 04:43 . 2003-01-20 13:07 6065152 ----a-w- c:\program files\Mystical.exe <br/>2003-01-30 19:20 . 2003-01-20 13:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf <br/>2001-07-17 16:15 . 2003-01-30 01:23 66680 ----a-w- c:\program files\ARDS1.ttf <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] <br/>"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3134896] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/> <br/>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] <br/>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] <br/>2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] <br/>@="Service" <br/> <br/>[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] <br/>path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk <br/>backup=c:\windows\pss\LimeWire On Startup.lnk.Startup <br/>backupExtension=.Startup <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] <br/>2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] <br/>2008-02-11 20:13 166424 ----a-w- c:\windows\System32\hkcmd.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] <br/>2009-11-13 09:01 3134896 ----a-w- c:\program files\Internet Download Manager\IDMan.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] <br/>2006-12-05 22:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon] <br/>2009-01-29 15:43 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe] <br/>2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] <br/>2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] <br/>2008-02-11 20:13 133656 ----a-w- c:\windows\System32\igfxpers.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] <br/>2008-01-31 23:13 385024 ----a-w- c:\_programs\QuickTime Pro v7.4.1.14\QTTask.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] <br/>2006-11-23 15:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] <br/>2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] <br/>2009-11-23 17:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] <br/>2009-11-23 08:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] <br/>2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] <br/>2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/11/2009 17:38 114768] <br/>R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968] <br/>R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480] <br/>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/11/2009 17:38 20560] <br/>R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/11/2009 17:38 53328] <br/>R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 02:23 21504] <br/>R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] <br/>R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648] <br/>S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 23:07 98984] <br/>S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>HsfXAudioService REG_MULTI_SZ HsfXAudioService <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.google.co.uk/ <br/>uInternet Settings,ProxyServer = http=127.0.0.1:5555 <br/>uInternet Settings,ProxyOverride = <local> <br/>IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm <br/>IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm <br/>IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>LSP: c:\windows\system32\idmmbc.dll <br/>FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mrs8s1d2.default\ <br/>FF - component: c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin2.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin3.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin4.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin5.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin6.dll <br/>FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin7.dll <br/>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-12-20 00:06 <br/>Windows 6.0.6001 Service Pack 1 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>. <br/>Completion time: 2009-12-20 00:09:34 <br/>ComboFix-quarantined-files.txt 2009-12-20 00:09 <br/>ComboFix2.txt 2009-12-17 10:23 <br/> <br/>Pre-Run: 67,066,880,000 bytes free <br/>Post-Run: 67,042,795,520 bytes free <br/> <br/>- - End Of File - - A410D90976EF90A704B16A3313676646
Posted 12/20/2009 12:14 AM
#81167
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
Doesnt seem to be redirecting, at the moment, however, when I google something and click on one of the links it keeps saying that page not found, so I press the refresh button and then it loads it okay - but I have to do this everytime.
Posted 12/20/2009 5:16 AM
#81172
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Please post new hijackthis log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/20/2009 3:50 PM
#81184
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
Hya, I did run hijack this but it did flash up a memo with regards to a host domain and something about Hijack This not being able to delete something and if this happens then I am to run Hjt as administrator??? Anyway, I ran hjt and the post is below. Thanks! <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 17:16:43, on 23/11/2009 <br/>Platform: Windows Vista SP1 (WinNT 6.00.1905) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18865) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Windows\System32\hkcmd.exe <br/>C:\Windows\System32\igfxpers.exe <br/>C:\Program Files\Alwil Software\Avast4\ashDisp.exe <br/>C:\Program Files\Lexmark 2600 Series\lxdnmon.exe <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <br/>C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe <br/>C:\Program Files\Internet Download Manager\IDMan.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Windows Sidebar\sidebar.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Program Files\Internet Download Manager\IEMonitor.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Windows\system32\NOTEPAD.EXE <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll <br/>O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll <br/>O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide <br/>O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s <br/>O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') <br/>O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm <br/>O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm <br/>O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O13 - Gopher Prefix: <br/>O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe <br/>O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe <br/> <br/>-- <br/>End of file - 5761 bytes
Posted 12/21/2009 6:51 AM
#81203
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Rightclick on hijackthis -run as admin. Fix: <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 <br/>O1 - Hosts: ::1 localhost <br/> <br/><b> <br/> <br/></b> <br/>Reboot, and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/21/2009 9:44 PM
#81219
User avatar

The Banshee Member

Date Joined Nov 2016
Total Posts: 7
Hya, <br/> <br/> <br/>I did as you instructed and initially after reboot Opera went straight onto the webpage I requested with no problems, however, when I tried a totally different webpage request/search and tried opening that one it resorted back to saying that the page could not be found blah blah blah so I double clicked again on the link it was saying could not be found and it actually did go to that page! I tried then on Mozzilla and when I clicked on a search link it said that it could not open the specific webpage but when I looked at the address it was actually one of these redirect web addresses so I have now totally uninstalled Mozilla. I then tried IE and it just did the same as described earlier but did open the page after clicking on the refresh button when it told me the server or address could not be found! <br/> <br/> <br/>I then ran another HJT scan and R1 had reappeared!!! So I removed it again but did not reboot and the following is the scan result. <br/> <br/> <br/> <br/>webpLogfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 21:37:54, on 21/12/2009 <br/>Platform: Windows Vista SP1 (WinNT 6.00.1905) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18865) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Program Files\Alwil Software\Avast4\ashDisp.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Internet Download Manager\IDMan.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Program Files\Internet Download Manager\IEMonitor.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll <br/>O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll <br/>O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot <br/>O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm <br/>O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm <br/>O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe <br/>O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe <br/> <br/>-- <br/>End of file - 4443 bytes
Posted 12/22/2009 6:53 AM
#81248
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-US; mso-bidi-font-size: 12.0pt" lang=EN-US> <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Open notepad and copy/paste the bold text in the codebox below into it:<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Name the file as CFScript <br/>and Save it on the desktop<o:p></o:p> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: silver; FONT-SIZE: 7.5pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/>Code: <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>Killall::<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>Snapshot::<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt">Killall::<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt">Snapshot::<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt">Dirlook::<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>c:\users\Toshiba\AppData\Local\ojneid<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>DDS:: <br/>uInternet Settings,ProxyServer = http=127.0.0.1:5555 <br/>uInternet Settings,ProxyOverride = <local><o:p></o:p> <br/> <br/><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>User image<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 6:58 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.