Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware.Ispynow [Closed]

Started by Jags777cmo , Dec 04 2008 11:18 AM

  • This topic is locked This topic is locked

#1
Jags777cmo
Posted 04 December 2008 - 11:18 AM

Jags777cmo

    Member

  • Member
  • PipPip
  • 12 posts
Hello. I've been having some trouble with the spyware.Ispynow malware that has seemed to hit quite a few people around here recently. I attempted many different fixes, including following the steps from this thread http://www.geekstogo...ow-t218898.html

I have also run malwarebytes, adaware, and have tried various other fixes with no luck thus far. My FireFox browser runs fine in safe mode, but will not load any pages in normal mode. It also continues to give me the popup wanting me to download some Spybot 2009 (obviously not real, didn't fall for that one). Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:04 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [winhpdrv] "C:\Documents and Settings\Chris\Application Data\Google\xtgoj6119471.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193194795285
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193199293561
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8485 bytes


Thanks in advance :)
  • 0

Advertisements

#2
Jags777cmo
Posted 04 December 2008 - 12:24 PM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Also, don't mean to bump, but these are the requests that seem to be asked for at first, so I'll go ahead and include the Malwarebytes log, as well as the DDS and attach.txt

Malwarebytes:

DDS (Version 1.0) - NTFSx86 NETWORK 
Run by Chris at 12:44:15.26 on Thu 12/04/2008
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2588 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Chris\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
uURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
dURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [winhpdrv] "c:\documents and settings\chris\application data\google\xtgoj6119471.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\program files\autobahn\mlb-nexdef-autobahn.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: *.line6.net
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2007-10-23 16640]
S1 TRIXX;TRIXX;\??\c:\program files\trixx\TRIXXDriver.sys [2005-8-16 15360]
S2 McAfee HackerWatch Service;McAfee HackerWatch Service;"c:\program files\common files\mcafee\hackerwatch\HWAPI.exe" [2008-12-3 554600]
S2 McLogManagerService;McAfee Log Manager;c:\progra~1\mcafee\msc\mclogsrv.exe [2008-12-3 178800]
S2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2008-12-3 473200]
S2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2008-12-3 231008]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-3 140864]
S2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-3 624208]
S2 mctskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee\msc\mctskshd.exe [2008-12-3 189552]
S2 mcusrmgr;McAfee User Manager;c:\progra~1\mcafee\msc\mcusrmgr.exe [2008-12-3 304752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-23 24652]
S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2005-9-28 27392]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2005-9-28 392448]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-4 38496]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-3 84744]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-3 33896]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-3 161768]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-12-3 31560]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-12-3 37800]

=============== Created Last 30 ================

2008-12-04 11:59	<DIR>	--d-----	c:\program files\Trend Micro
2008-12-04 11:26	<DIR>	a-dshr--	C:\cmdcons
2008-12-04 10:57	<DIR>	--d-----	c:\program files\Enigma Software Group
2008-12-04 00:49	<DIR>	--d-----	c:\docume~1\chris\applic~1\Malwarebytes
2008-12-04 00:21	15,504	a-------	c:\windows\system32\drivers\mbam.sys
2008-12-04 00:21	38,496	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:21	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware
2008-12-04 00:21	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-04 00:02	1,040	a-------	c:\windows\system32\Config.MPF
2008-12-03 18:31	<DIR>	--d-----	c:\program files\SiteAdvisor
2008-12-03 18:30	37,800	a-------	c:\windows\system32\drivers\mfesmfk.sys
2008-12-03 18:30	31,560	a-------	c:\windows\system32\drivers\mferkdk.sys
2008-12-03 18:30	33,896	a-------	c:\windows\system32\drivers\mfebopk.sys
2008-12-03 18:30	161,768	a-------	c:\windows\system32\drivers\mfehidk.sys
2008-12-03 18:30	84,744	a-------	c:\windows\system32\drivers\mfeavfk.sys
2008-12-03 18:30	104,024	a-------	c:\windows\system32\drivers\Mpfp.sys
2008-12-03 18:30	1,808	a-------	c:\windows\system32\subst.inf
2008-12-03 18:29	<DIR>	--d-----	c:\program files\McAfee.com
2008-12-03 18:29	<DIR>	--d-----	c:\program files\common files\McAfee
2008-12-03 18:29	<DIR>	--d-----	c:\program files\McAfee
2008-12-03 17:04	<DIR>	--d-----	c:\program files\common files\Wise Installation Wizard
2008-11-23 04:29	<DIR>	--d-----	c:\program files\common files\Software Update Utility
2008-11-23 04:29	<DIR>	--d-----	c:\program files\AIM Toolbar
2008-11-23 04:29	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\AIM Toolbar
2008-11-23 04:29	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\acccore
2008-11-15 15:24	333,824	-c------	c:\windows\system32\dllcache\srv.sys
2008-11-15 15:24	1,846,400	-c------	c:\windows\system32\dllcache\win32k.sys
2008-11-15 15:24	2,189,184	-c------	c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-15 15:24	2,145,280	-c------	c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-15 15:24	2,066,048	-c------	c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-15 15:24	2,023,936	-c------	c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-15 15:24	455,296	-c------	c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 15:24	337,408	-c------	c:\windows\system32\dllcache\netapi32.dll
2008-11-15 15:24	1,106,944	-c------	c:\windows\system32\dllcache\msxml3.dll
2008-11-15 10:48	<DIR>	--d-----	c:\documents and settings\chris\Graphics
2008-11-15 10:29	53,248	a-------	c:\windows\system32\CSVer.dll
2008-11-15 10:28	<DIR>	--d-----	C:\Intel
2008-11-15 10:25	<DIR>	--d-----	c:\documents and settings\chris\INFUpdate
2008-11-15 10:18	115,840	a-------	c:\windows\system32\drivers\Rtenicxp.sys
2008-11-15 10:18	9,728	a-------	c:\windows\system32\RtNicProp32.dll
2008-11-15 10:18	<DIR>	--d-----	c:\windows\OPTIONS
2008-11-15 10:18	<DIR>	--d-----	c:\program files\Realtek
2008-11-15 09:48	2,319,680	-----r--	c:\windows\system32\drivers\alcxwdm.sys
2008-11-15 09:48	156,672	-----r--	c:\windows\system32\RtlCPAPI.dll
2008-11-15 09:48	77,824	-----r--	c:\windows\soundman.exe
2008-11-15 09:48	40,960	-----r--	c:\windows\system32\ChCfg.exe
2008-11-15 09:48	9,389,568	-----r--	c:\windows\system32\RTLCPL.exe
2008-11-15 09:48	141,016	-----r--	c:\windows\system32\alsndmgr.wav
2008-11-15 09:48	18,726,912	-----r--	c:\windows\system32\alsndmgr.cpl
2008-11-15 09:48	294,912	-----r--	c:\windows\alcupd.exe
2008-11-15 09:48	200,704	-----r--	c:\windows\alcrmv.exe
2008-11-15 06:12	1,443	a-------	c:\windows\ATICIM.INI
2008-11-15 06:07	7,588	a-------	c:\windows\system32\d3d9caps.dat
2008-11-15 06:05	20,608	ac------	c:\windows\system32\dllcache\usbuhci.sys
2008-11-15 06:05	20,608	a-------	c:\windows\system32\drivers\usbuhci.sys
2008-11-15 06:05	54,164	a-------	c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05	54,164	a-------	c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05	64,900	a-------	c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx

==================== Find3M  ====================

2008-12-04 12:04	<DIR>	--d-----	c:\program files\Full Tilt Poker
2008-12-04 12:03	<DIR>	--d-----	c:\program files\lx_cats
2008-11-29 20:44	<DIR>	--d-----	c:\docume~1\chris\applic~1\BitTorrent
2008-11-23 04:29	<DIR>	--d-----	c:\program files\AIM6
2008-11-23 04:29	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Viewpoint
2008-11-20 19:03	<DIR>	--d-----	c:\program files\DivX
2008-10-28 17:36	823,296	a-------	c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36	823,296	a-------	c:\windows\system32\divx_xx07.dll
2008-10-28 17:35	815,104	a-------	c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35	802,816	a-------	c:\windows\system32\divx_xx11.dll
2008-10-28 17:35	684,032	a-------	c:\windows\system32\DivX.dll
2008-10-16 14:06	268,648	a-------	c:\windows\system32\mucltui.dll
2008-10-16 14:06	208,744	a-------	c:\windows\system32\muweb.dll
2008-09-30 16:43	1,286,152	a-------	c:\windows\system32\msxml4.dll
2008-09-25 03:03	524,288	a-------	c:\windows\system32\DivXsm.exe
2008-09-25 03:03	196,608	a-------	c:\windows\system32\dtu100.dll
2008-09-25 03:03	81,920	a-------	c:\windows\system32\dpl100.dll
2008-09-25 03:03	53,248	a-------	c:\windows\system32\dpuGUI10.dll
2008-09-25 03:03	593,920	a-------	c:\windows\system32\dpuGUI11.dll
2008-09-25 03:03	344,064	a-------	c:\windows\system32\dpus11.dll
2008-09-25 03:03	57,344	a-------	c:\windows\system32\dpv11.dll
2008-09-25 03:03	294,912	a-------	c:\windows\system32\dpu11.dll
2008-09-25 03:03	294,912	a-------	c:\windows\system32\dpu10.dll
2008-09-25 03:03	161,096	a-------	c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 16:57	3,596,288	a-------	c:\windows\system32\qt-dx331.dll
2008-09-19 16:55	1,044,480	a-------	c:\windows\system32\libdivx.dll
2008-09-19 16:55	200,704	a-------	c:\windows\system32\ssldivx.dll
2008-09-19 16:54	12,288	a-------	c:\windows\system32\DivXWMPExtType.dll
2008-09-15 07:12	1,846,400	a-------	c:\windows\system32\win32k.sys
2008-09-09 20:14	1,307,648	--------	c:\windows\system32\msxml6.dll
2008-05-19 15:28	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Last.fm
2008-04-18 02:39	<DIR>	--d-----	c:\docume~1\chris\applic~1\Ludia
2008-04-18 02:39	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Ludia
2008-04-18 02:38	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Trymedia
2008-02-14 01:25	<DIR>	--d-----	c:\docume~1\chris\applic~1\Line 6
2008-02-12 05:55	<DIR>	--d-----	c:\docume~1\chris\applic~1\Cakewalk
2008-02-11 12:46	<DIR>	--d-----	c:\docume~1\chris\applic~1\FaxCtr
2008-02-08 22:31	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\FaxCtr
2007-11-28 16:19	<DIR>	--d-----	c:\docume~1\chris\applic~1\BitTorrent DNA
2008-05-09 12:00	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat

============= FINISH: 12:44:36.82 ===============


DDS.txt:

DDS (Version 1.0) - NTFSx86 NETWORK 
Run by Chris at 12:44:15.26 on Thu 12/04/2008
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2588 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Chris\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
uURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
dURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [winhpdrv] "c:\documents and settings\chris\application data\google\xtgoj6119471.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\program files\autobahn\mlb-nexdef-autobahn.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: *.line6.net
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2007-10-23 16640]
S1 TRIXX;TRIXX;\??\c:\program files\trixx\TRIXXDriver.sys [2005-8-16 15360]
S2 McAfee HackerWatch Service;McAfee HackerWatch Service;"c:\program files\common files\mcafee\hackerwatch\HWAPI.exe" [2008-12-3 554600]
S2 McLogManagerService;McAfee Log Manager;c:\progra~1\mcafee\msc\mclogsrv.exe [2008-12-3 178800]
S2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2008-12-3 473200]
S2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2008-12-3 231008]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-3 140864]
S2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-3 624208]
S2 mctskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee\msc\mctskshd.exe [2008-12-3 189552]
S2 mcusrmgr;McAfee User Manager;c:\progra~1\mcafee\msc\mcusrmgr.exe [2008-12-3 304752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-23 24652]
S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2005-9-28 27392]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2005-9-28 392448]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-4 38496]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-3 84744]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-3 33896]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-3 161768]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-12-3 31560]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-12-3 37800]

=============== Created Last 30 ================

2008-12-04 11:59	<DIR>	--d-----	c:\program files\Trend Micro
2008-12-04 11:26	<DIR>	a-dshr--	C:\cmdcons
2008-12-04 10:57	<DIR>	--d-----	c:\program files\Enigma Software Group
2008-12-04 00:49	<DIR>	--d-----	c:\docume~1\chris\applic~1\Malwarebytes
2008-12-04 00:21	15,504	a-------	c:\windows\system32\drivers\mbam.sys
2008-12-04 00:21	38,496	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:21	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware
2008-12-04 00:21	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-04 00:02	1,040	a-------	c:\windows\system32\Config.MPF
2008-12-03 18:31	<DIR>	--d-----	c:\program files\SiteAdvisor
2008-12-03 18:30	37,800	a-------	c:\windows\system32\drivers\mfesmfk.sys
2008-12-03 18:30	31,560	a-------	c:\windows\system32\drivers\mferkdk.sys
2008-12-03 18:30	33,896	a-------	c:\windows\system32\drivers\mfebopk.sys
2008-12-03 18:30	161,768	a-------	c:\windows\system32\drivers\mfehidk.sys
2008-12-03 18:30	84,744	a-------	c:\windows\system32\drivers\mfeavfk.sys
2008-12-03 18:30	104,024	a-------	c:\windows\system32\drivers\Mpfp.sys
2008-12-03 18:30	1,808	a-------	c:\windows\system32\subst.inf
2008-12-03 18:29	<DIR>	--d-----	c:\program files\McAfee.com
2008-12-03 18:29	<DIR>	--d-----	c:\program files\common files\McAfee
2008-12-03 18:29	<DIR>	--d-----	c:\program files\McAfee
2008-12-03 17:04	<DIR>	--d-----	c:\program files\common files\Wise Installation Wizard
2008-11-23 04:29	<DIR>	--d-----	c:\program files\common files\Software Update Utility
2008-11-23 04:29	<DIR>	--d-----	c:\program files\AIM Toolbar
2008-11-23 04:29	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\AIM Toolbar
2008-11-23 04:29	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\acccore
2008-11-15 15:24	333,824	-c------	c:\windows\system32\dllcache\srv.sys
2008-11-15 15:24	1,846,400	-c------	c:\windows\system32\dllcache\win32k.sys
2008-11-15 15:24	2,189,184	-c------	c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-15 15:24	2,145,280	-c------	c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-15 15:24	2,066,048	-c------	c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-15 15:24	2,023,936	-c------	c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-15 15:24	455,296	-c------	c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 15:24	337,408	-c------	c:\windows\system32\dllcache\netapi32.dll
2008-11-15 15:24	1,106,944	-c------	c:\windows\system32\dllcache\msxml3.dll
2008-11-15 10:48	<DIR>	--d-----	c:\documents and settings\chris\Graphics
2008-11-15 10:29	53,248	a-------	c:\windows\system32\CSVer.dll
2008-11-15 10:28	<DIR>	--d-----	C:\Intel
2008-11-15 10:25	<DIR>	--d-----	c:\documents and settings\chris\INFUpdate
2008-11-15 10:18	115,840	a-------	c:\windows\system32\drivers\Rtenicxp.sys
2008-11-15 10:18	9,728	a-------	c:\windows\system32\RtNicProp32.dll
2008-11-15 10:18	<DIR>	--d-----	c:\windows\OPTIONS
2008-11-15 10:18	<DIR>	--d-----	c:\program files\Realtek
2008-11-15 09:48	2,319,680	-----r--	c:\windows\system32\drivers\alcxwdm.sys
2008-11-15 09:48	156,672	-----r--	c:\windows\system32\RtlCPAPI.dll
2008-11-15 09:48	77,824	-----r--	c:\windows\soundman.exe
2008-11-15 09:48	40,960	-----r--	c:\windows\system32\ChCfg.exe
2008-11-15 09:48	9,389,568	-----r--	c:\windows\system32\RTLCPL.exe
2008-11-15 09:48	141,016	-----r--	c:\windows\system32\alsndmgr.wav
2008-11-15 09:48	18,726,912	-----r--	c:\windows\system32\alsndmgr.cpl
2008-11-15 09:48	294,912	-----r--	c:\windows\alcupd.exe
2008-11-15 09:48	200,704	-----r--	c:\windows\alcrmv.exe
2008-11-15 06:12	1,443	a-------	c:\windows\ATICIM.INI
2008-11-15 06:07	7,588	a-------	c:\windows\system32\d3d9caps.dat
2008-11-15 06:05	20,608	ac------	c:\windows\system32\dllcache\usbuhci.sys
2008-11-15 06:05	20,608	a-------	c:\windows\system32\drivers\usbuhci.sys
2008-11-15 06:05	54,164	a-------	c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05	54,164	a-------	c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05	64,900	a-------	c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx

==================== Find3M  ====================

2008-12-04 12:04	<DIR>	--d-----	c:\program files\Full Tilt Poker
2008-12-04 12:03	<DIR>	--d-----	c:\program files\lx_cats
2008-11-29 20:44	<DIR>	--d-----	c:\docume~1\chris\applic~1\BitTorrent
2008-11-23 04:29	<DIR>	--d-----	c:\program files\AIM6
2008-11-23 04:29	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Viewpoint
2008-11-20 19:03	<DIR>	--d-----	c:\program files\DivX
2008-10-28 17:36	823,296	a-------	c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36	823,296	a-------	c:\windows\system32\divx_xx07.dll
2008-10-28 17:35	815,104	a-------	c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35	802,816	a-------	c:\windows\system32\divx_xx11.dll
2008-10-28 17:35	684,032	a-------	c:\windows\system32\DivX.dll
2008-10-16 14:06	268,648	a-------	c:\windows\system32\mucltui.dll
2008-10-16 14:06	208,744	a-------	c:\windows\system32\muweb.dll
2008-09-30 16:43	1,286,152	a-------	c:\windows\system32\msxml4.dll
2008-09-25 03:03	524,288	a-------	c:\windows\system32\DivXsm.exe
2008-09-25 03:03	196,608	a-------	c:\windows\system32\dtu100.dll
2008-09-25 03:03	81,920	a-------	c:\windows\system32\dpl100.dll
2008-09-25 03:03	53,248	a-------	c:\windows\system32\dpuGUI10.dll
2008-09-25 03:03	593,920	a-------	c:\windows\system32\dpuGUI11.dll
2008-09-25 03:03	344,064	a-------	c:\windows\system32\dpus11.dll
2008-09-25 03:03	57,344	a-------	c:\windows\system32\dpv11.dll
2008-09-25 03:03	294,912	a-------	c:\windows\system32\dpu11.dll
2008-09-25 03:03	294,912	a-------	c:\windows\system32\dpu10.dll
2008-09-25 03:03	161,096	a-------	c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 16:57	3,596,288	a-------	c:\windows\system32\qt-dx331.dll
2008-09-19 16:55	1,044,480	a-------	c:\windows\system32\libdivx.dll
2008-09-19 16:55	200,704	a-------	c:\windows\system32\ssldivx.dll
2008-09-19 16:54	12,288	a-------	c:\windows\system32\DivXWMPExtType.dll
2008-09-15 07:12	1,846,400	a-------	c:\windows\system32\win32k.sys
2008-09-09 20:14	1,307,648	--------	c:\windows\system32\msxml6.dll
2008-05-19 15:28	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Last.fm
2008-04-18 02:39	<DIR>	--d-----	c:\docume~1\chris\applic~1\Ludia
2008-04-18 02:39	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Ludia
2008-04-18 02:38	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Trymedia
2008-02-14 01:25	<DIR>	--d-----	c:\docume~1\chris\applic~1\Line 6
2008-02-12 05:55	<DIR>	--d-----	c:\docume~1\chris\applic~1\Cakewalk
2008-02-11 12:46	<DIR>	--d-----	c:\docume~1\chris\applic~1\FaxCtr
2008-02-08 22:31	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\FaxCtr
2007-11-28 16:19	<DIR>	--d-----	c:\docume~1\chris\applic~1\BitTorrent DNA
2008-05-09 12:00	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat

============= FINISH: 12:44:36.82 ===============

Attached Files


  • 0

#3
sage5
Posted 04 December 2008 - 06:05 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Jags777cmo,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
SDFix

Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save it as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


Please, also post the MBAM (Malwarebytes AntiMalware) log. You seem to have posted the DDS log twice.

Cheers,

sage5
  • 0

#4
Jags777cmo
Posted 04 December 2008 - 11:48 PM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you Sage5. Turns out, the only way I can even access the internet is in Safe Mode with Networking, so that part wasn't so bad :) I'll attach the SDFix report, and paste the Malwarebytes report here (guess I did post the wrong thing before, eh? haha).

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1460
Windows 5.1.2600 Service Pack 3

12/4/2008 1:23:31 PM
mbam-log-2008-12-04 (13-23-31).txt

Scan type: Full Scan (A:\|C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 154569
Time elapsed: 39 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


  • 0

#5
sage5
Posted 05 December 2008 - 01:07 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Down load ComboFix from one of these locations:
Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.
  • 0

#6
Jags777cmo
Posted 05 December 2008 - 01:41 AM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Done. Here it is:

ComboFix 08-12-04.04 - Chris 2008-12-05 2:30:47.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2630 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 00:31 . 2008-12-05 00:31 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-05 00:30 . 2008-12-05 00:30 <DIR> d-------- c:\windows\ERUNT
2008-12-05 00:28 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-12-04 11:59 . 2008-12-04 11:59 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 10:57 . 2008-12-04 10:57 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-04 00:49 . 2008-12-04 00:49 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2008-12-04 00:21 . 2008-12-04 01:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 00:21 . 2008-12-04 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 00:21 . 2008-12-04 00:21 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-04 00:21 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:21 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 00:02 . 2008-12-05 01:07 1,040 --a------ c:\windows\system32\Config.MPF
2008-12-03 18:31 . 2008-12-03 18:31 <DIR> d-------- c:\program files\SiteAdvisor
2008-12-03 18:31 . 2008-12-03 18:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SiteAdvisor
2008-12-03 18:30 . 2006-07-14 00:09 161,768 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-03 18:30 . 2006-07-17 21:56 104,024 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-03 18:30 . 2006-07-08 15:46 84,744 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-03 18:30 . 2006-07-14 00:10 37,800 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-03 18:30 . 2006-07-14 00:09 33,896 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-03 18:30 . 2006-07-14 00:09 31,560 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-03 18:30 . 2006-07-27 16:45 1,808 --a------ c:\windows\system32\subst.inf
2008-12-03 18:29 . 2008-12-03 18:29 <DIR> d-------- c:\program files\McAfee.com
2008-12-03 18:29 . 2008-12-03 18:31 <DIR> d-------- c:\program files\McAfee
2008-12-03 18:29 . 2008-12-03 18:30 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-03 18:28 . 2008-12-03 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-03 17:04 . 2008-12-03 17:04 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 16:19 . 2008-12-03 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6
2008-12-03 16:19 . 2008-12-03 16:21 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6
2008-12-03 15:32 . 2008-12-03 15:32 <DIR> d-------- c:\documents and settings\Administrator
2008-11-23 04:29 . 2008-11-23 04:29 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2008-11-23 04:29 . 2008-11-23 04:29 <DIR> d-------- c:\program files\AIM Toolbar
2008-11-23 04:29 . 2008-11-23 04:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-11-23 04:29 . 2008-11-23 04:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-15 15:24 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-15 15:24 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-15 15:24 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-15 15:24 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-15 15:24 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-15 15:24 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-15 15:24 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 15:24 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-15 15:24 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-15 10:48 . 2008-11-15 10:48 <DIR> d-------- c:\documents and settings\Chris\Graphics
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Intel
2008-11-15 10:29 . 2007-07-26 16:15 53,248 --a------ c:\windows\system32\CSVer.dll
2008-11-15 10:28 . 2008-11-15 10:28 <DIR> d-------- C:\Intel
2008-11-15 10:25 . 2008-11-15 10:25 <DIR> d-------- c:\documents and settings\Chris\INFUpdate
2008-11-15 10:18 . 2008-11-15 10:18 <DIR> d-------- c:\windows\OPTIONS
2008-11-15 10:18 . 2008-11-15 10:18 <DIR> d-------- c:\program files\Realtek
2008-11-15 10:18 . 2008-11-15 10:18 <DIR> d-------- c:\documents and settings\Chris\Application Data\InstallShield
2008-11-15 10:18 . 2008-10-16 14:00 115,840 --a------ c:\windows\system32\drivers\Rtenicxp.sys
2008-11-15 10:18 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2008-11-15 09:48 . 2005-05-18 18:17 18,726,912 -r------- c:\windows\system32\alsndmgr.cpl
2008-11-15 09:48 . 2005-05-18 18:15 9,389,568 -r------- c:\windows\system32\RTLCPL.exe
2008-11-15 09:48 . 2005-05-18 20:50 2,319,680 -r------- c:\windows\system32\drivers\alcxwdm.sys
2008-11-15 09:48 . 2005-02-03 18:13 294,912 -r------- c:\windows\alcupd.exe
2008-11-15 09:48 . 2005-03-02 23:21 200,704 -r------- c:\windows\alcrmv.exe
2008-11-15 09:48 . 2004-09-07 17:23 156,672 -r------- c:\windows\system32\RtlCPAPI.dll
2008-11-15 09:48 . 2002-02-05 16:54 141,016 -r------- c:\windows\system32\alsndmgr.wav
2008-11-15 09:48 . 2005-05-17 21:48 77,824 -r------- c:\windows\soundman.exe
2008-11-15 09:48 . 2005-05-18 16:38 40,960 -r------- c:\windows\system32\ChCfg.exe
2008-11-15 06:12 . 2008-11-15 06:12 1,443 --a------ c:\windows\ATICIM.INI
2008-11-15 06:07 . 2008-12-05 01:14 7,588 --a------ c:\windows\system32\d3d9caps.dat
2008-11-15 06:05 . 2008-12-05 01:07 64,900 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05 . 2008-12-05 01:07 54,164 --a------ c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05 . 2008-12-05 01:07 54,164 --a------ c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2008-11-15 06:05 . 2008-04-14 00:15 20,608 --a------ c:\windows\system32\drivers\usbuhci.sys
2008-11-15 06:05 . 2008-04-14 00:15 20,608 --a--c--- c:\windows\system32\dllcache\usbuhci.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 07:31 --------- d-----w c:\program files\Full Tilt Poker
2008-12-05 06:04 --------- d-----w c:\program files\lx_cats
2008-12-04 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-30 01:44 --------- d-----w c:\documents and settings\Chris\Application Data\BitTorrent
2008-11-23 09:29 --------- d-----w c:\program files\AIM6
2008-11-23 09:29 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-23 09:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-21 00:03 --------- d-----w c:\program files\DivX
2008-11-16 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-15 15:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 08:01 --------- d-----w c:\program files\QuickTime
2008-11-15 08:00 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-02 22:36 1,208 ----a-w c:\documents and settings\Chris\Application Data\wklnhst.dat
2008-05-09 17:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
2008-10-07 14:09 1275176 --a------ c:\program files\AIM Toolbar\aimtb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{61539ecd-cc67-4437-a03c-9aaccbd14326}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"winhpdrv"="c:\documents and settings\Chris\Application Data\Google\xtgoj6119471.exe" [2008-12-03 121856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256]
"CTHelper"="CTHELPER.EXE" [2006-05-23 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-23 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
MLB.TV NexDef Plug-in.lnk - c:\program files\Autobahn\mlb-nexdef-autobahn.exe [2008-03-30 799496]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Autobahn\\mlb-nexdef-autobahn.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\DRIVERS\nvcchflt.sys [2007-10-23 16640]
S1 TRIXX;TRIXX;\??\c:\program files\TRIXX\TRIXXDriver.sys [2005-08-16 15360]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-23 24652]
S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2005-09-28 27392]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys [2005-09-28 392448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a103a1c8-9df7-11dc-bda1-806d6172696f}]
\shell\play\Command - "c:\program files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-14 04:42]

2008-12-04 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2006-07-21 16:01]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\AIM Toolbar\aimtb.dll
Trusted Zone: *.line6.net
FireFox -: Profile - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\np32dsw.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\nprjplug.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\NPSWF32.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\BitTorrent_DNA\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 02:33:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-05 2:34:55
ComboFix-quarantined-files.txt 2008-12-05 07:34:19

Pre-Run: 42,539,372,544 bytes free
Post-Run: 42,525,196,288 bytes free

274 --- E O F --- 2008-11-16 08:03:26


  • 0

#7
sage5
Posted 05 December 2008 - 06:22 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Jags777cmo,


That is looking pretty good now.
Can you do an online scan as a check.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")

Edited by sage5, 05 December 2008 - 07:05 PM.

  • 0

#8
Jags777cmo
Posted 08 December 2008 - 12:38 AM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry it took me so long to reply, I was out of town all weekend. I tried to run the Kaspersky online scanner three times, but sadly every time I ran it, it would get to roughly 75% and then crash my firefox browser. Is there any way to combat this? It is recognizing 8 or so problems before it gets to the crash point, so it seems like it is what I need to run to get back on track. Again, thank you :)
  • 0

#9
sage5
Posted 08 December 2008 - 06:26 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Can you try running that scan using Internet Explorer?
If it still won't run, we can try something else.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Read the FAQ and information about Supported Browsers
  • Click the Start Scanning button
  • If you get a Security warning, or the Information Bar at the top of the IE7 page flashes, Allow permission for the ActiveX to run
  • click the Accept button
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy & Paste the entire report into a new Notepad file, saved as C:\ f_secure.txt

  • 0

#10
Jags777cmo
Posted 08 December 2008 - 03:45 PM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Using IE to run the Kaspersky scan worked, so I'll go ahead and attach that now. I'm going to run the other one just in case though, and I'll post those results if it finishes before I hear back.

Attached Files


  • 0

Advertisements

#11
Jags777cmo
Posted 08 December 2008 - 04:35 PM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the F-Secure report as well.

Attached Files


  • 0

#12
sage5
Posted 08 December 2008 - 08:13 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Jags777cmo,

Please download the following & save to your Desktop:
OTMoveIt3 by OldTimer.

These are all targetted by Kaspersky

C:\Program Files\RealVNC\VNC4\vncconfig.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe


Question: Do you use the VNC Free Edition 4.1.2 listed in your Add/Remove Programs list?
If so, perhaps you should be looking for an alternative.
If not, uninstall it & add the following text:

C:\Program Files\RealVNC

to the text in the Code box below, under :Files


Run OTMoveIt3:
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winhpdrv"=-

:Files
C:\Documents and Settings\Chris\My Documents\My Videos\Cakewalk.Music.Creator.v3.0
C:\Documents and Settings\Chris\Application Data\Google
C:\Documents and Settings\Chris\Desktop\Games\Windower-3.3\B\Paf\Celeb-Local\estellafest.exe
C:\Documents and Settings\Chris\Desktop\Games\Windower-3.3\New Briefcase\Paf\New Folder\Pic\estellafest.exe
C:\Program Files\filesubmit\estellafest.zip
C:\Program Files\themexp\oswdvaz118.exe
C:\Program Files\themexp\VVSNInst.exe
C:\WINDOWS\system32\actsrv.exe

:Commands

[Purity]
[EmptyTemp]
[Start Explorer]
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Cheers,

sage5

Edited by sage5, 08 December 2008 - 08:16 PM.

  • 0

#13
Jags777cmo
Posted 08 December 2008 - 09:14 PM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here are the files copied from the Green box from the OTMoveIt3 program.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhpdrv deleted successfully.
========== FILES ==========
C:\Documents and Settings\Chris\My Documents\My Videos\Cakewalk.Music.Creator.v3.0\Crack moved successfully.
C:\Documents and Settings\Chris\My Documents\My Videos\Cakewalk.Music.Creator.v3.0 moved successfully.
C:\Documents and Settings\Chris\Application Data\Google\T-Scan moved successfully.
C:\Documents and Settings\Chris\Application Data\Google\GoogleEarth moved successfully.
C:\Documents and Settings\Chris\Application Data\Google moved successfully.
C:\Documents and Settings\Chris\Desktop\Games\Windower-3.3\B\Paf\Celeb-Local\estellafest.exe moved successfully.
C:\Documents and Settings\Chris\Desktop\Games\Windower-3.3\New Briefcase\Paf\New Folder\Pic\estellafest.exe moved successfully.
C:\Program Files\filesubmit\estellafest.zip moved successfully.
C:\Program Files\themexp\oswdvaz118.exe moved successfully.
C:\Program Files\themexp\VVSNInst.exe moved successfully.
File/Folder C:\WINDOWS\system32\actsrv.exe not found.
File/Folder C:\Program Files\RealVNC\VNC4\vncconfig.exe not found.
File/Folder C:\Program Files\RealVNC\VNC4\vncviewer.exe not found.
File/Folder C:\Program Files\RealVNC\VNC4\winvnc4.exe not found.
File/Folder C:\Program Files\RealVNC not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_hN20nprCCZM1QNlIxQhy scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_221210

Files moved on Reboot...
File C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_hN20nprCCZM1QNlIxQhy not found!
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\v6nc26ys.default\XUL.mfl moved successfully.


Edited by Jags777cmo, 08 December 2008 - 09:24 PM.

  • 0

#14
sage5
Posted 09 December 2008 - 01:46 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Jags777cmo

I think we can now safely call this one Clean. So we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Time for some housekeeping:
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
    Posted Image

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5

Edited by sage5, 09 December 2008 - 01:48 AM.

  • 0

#15
Jags777cmo
Posted 09 December 2008 - 04:32 AM

Jags777cmo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Alright Sage, things are looking better and better here, but I still have one more problem. I still can only connect to the internet in Safe Mode with Networking for some reason. I did a little research to see if I could solve this on my own, but with no such luck. The spyware.ispynow problem appears to be gone (I don't get the annoying popup anymore, which makes me happy) but I still can't figure this one out. When I run IE/Firefox it refuses to load the page, and any other program that requires connecting to the net also will not perform that action. Any suggestions?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP