indy666

Members
  • Content Count

    43
  • Joined

  • Last visited

Community Reputation

0 Neutral

About indy666

  • Rank
    Advanced Member
  1. This is my HJT log, my computer seems to be running slower than normal and freezing a lot. No viruses are being picked up, so was wondering if someone would be able to look through my log and see if there is something else there? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:56:06, on 09/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28177.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Program Files\ProtectService\ProtectService.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 10853 bytes
  2. Hi, everything seems to be running fine now. Do you still want me to do the scan?
  3. ComboFix 09-03-10.03 - Namrita 2009-03-12 16:59:53.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.192 [GMT 0:00] Running from: c:\documents and settings\Namrita\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Namrita\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\common files\system\dedcpetc_ne32.dll c:\windows\system32\webhits.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DEDCPETC_NE -------\Legacy_STRECOG -------\Legacy_WEBHITS -------\Service_dedcpetc_ne -------\Service_strecog -------\Service_webhits ((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 ))))))))))))))))))))))))))))))) . 2009-03-12 00:56 . 2009-03-12 00:57 <DIR> d-------- C:\Rooter$ 2009-03-11 14:30 . 2009-03-11 14:32 <DIR> d-------- c:\documents and settings\Namrita\.SunDownloadManager 2009-03-09 23:43 . 2009-03-09 23:43 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-09 23:43 . 2009-03-09 23:43 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-09 23:30 . 2009-03-09 23:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-09 23:30 . 2009-03-09 23:30 <DIR> d-------- c:\documents and settings\Namrita\Application Data\Malwarebytes 2009-03-09 23:30 . 2009-03-09 23:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-09 23:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-09 23:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-09 01:22 . 2009-03-09 01:22 578,560 --a------ c:\windows\system32\dllcache\user32.dll 2009-03-09 01:11 . 2009-03-11 14:15 <DIR> d-------- c:\windows\ERUNT 2009-03-07 20:28 . 2009-03-07 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Fighter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-12 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki 2009-03-11 14:19 --------- d-----w c:\program files\Java 2009-03-10 14:09 --------- d-----w c:\program files\DivX 2009-03-10 14:08 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-10 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-02-05 01:20 36,360 ----a-w c:\documents and settings\Namrita\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816] "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-22 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-11-21 1044480] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-02 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Namrita\\Local Settings\\Application Data\\1629770540.exe"= . Contents of the 'Scheduled Tasks' folder 2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway uInternet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80 uInternet Settings,ProxyOverride = ;*.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: {5DB3E30D-7EC0-401D-83D9-F6C17722408A} = 195.62.37.19,192.168.1.254 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-12 17:04:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1016) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe c:\program files\Apoint\ApntEx.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-03-12 17:08:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-12 17:07:55 ComboFix2.txt 2009-03-09 17:56:22 Pre-Run: 37,439,979,520 bytes free Post-Run: 37,495,824,384 bytes free 149 --- E O F --- 2009-03-11 15:19:08
  4. Its the first two results which come up for every search on google which seem to be causing the problem. the 1st link, links to http://www.blinkx.com/category/news?adid=0...B924BC1&p=1 while the 2nd link always links to a different add or survey. heres the rooter log: Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3 C:\ [Fixed] - NTFS - (Total:73155 Mo/Free:3044 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) 12/03/2009| 0:56 ----------------------\\ Processes.. --Locked-- [system Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\Ati2evxx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe ---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe ---------- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe ---------- C:\WINDOWS\system32\Ati2evxx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---------- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ---------- C:\Program Files\Bonjour\mDNSResponder.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\Kontiki\KService.exe ---------- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe ---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\webhits.exe ---------- C:\WINDOWS\system32\wbem\wmiprvse.exe ---------- C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe ---------- C:\WINDOWS\System32\alg.exe ---------- C:\Program Files\Apoint\Apoint.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe ---------- C:\Program Files\Dell\Media Experience\DMXLauncher.exe ---------- C:\WINDOWS\system32\dla\tfswctrl.exe ---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ---------- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ---------- C:\WINDOWS\system32\rundll32.exe ---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe ---------- C:\Program Files\QuickTime\QTTask.exe ---------- C:\Program Files\iTunes\iTunesHelper.exe ---------- C:\WINDOWS\system32\wscntfy.exe ---------- C:\Program Files\DellSupport\DSAgnt.exe ---------- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe ---------- C:\WINDOWS\system32\ctfmon.exe ---------- C:\Program Files\Apoint\Apntex.exe ---------- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ---------- C:\Program Files\Digital Line Detect\DLG.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\iPod\bin\iPodService.exe ---------- C:\Program Files\internet explorer\iexplore.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! ----------------------\\ Cracks & Keygens.. C:\DOCUME~1\Namrita\Local Settings\Temporary Internet Files\Content.IE5\J14B8UTJ\topmafia_safecracker_bg[1].jpg C:\DOCUME~1\Namrita\Local Settings\Temporary Internet Files\Content.IE5\MVXOBV4H\topmafia_safecracker_bg[1].jpg 1 - "C:\Rooter$\Rooter_1.txt" - 12/03/2009| 0:57 ----------------------\\ Scan completed at 0:57 Attach.txt DDS.txt
  5. GooredFix v1.91 by jpshortstuff Log created at 17:36 on 11/03/2009 running Option #1 (Namrita) Firefox version [unable to determine] =====Suspect Goored Entries===== =====Dumping Registry Values=====
  6. Hi, thank you for the help. There still seems to be a little issue with my internet explorer. Some sites dont load properly, and my google is still messed up. My searches are coming up, but with different links, and I am being redirected to different sites.
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:39:02, on 11/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\webhits.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kontiki\KHost.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5DB3E30D-7EC0-401D-83D9-F6C17722408A}: NameServer = 195.62.37.19,192.168.1.254 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SmartTag Recognizer (strecog) - Unknown owner - C:\WINDOWS\system32\strecog.exe (file missing) O23 - Service: Indexing Service Webhits Monitor (webhits) - Unknown owner - C:\WINDOWS\system32\webhits.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9144 bytes
  8. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:45, on 10/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\webhits.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Documents and Settings\Namrita\Local Settings\Application Data\1629770540.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Kontiki\KHost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [1200033090] C:\Documents and Settings\Namrita\Local Settings\Application Data\1629770540.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [1200033090] C:\Documents and Settings\Namrita\Local Settings\Application Data\1629770540.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5DB3E30D-7EC0-401D-83D9-F6C17722408A}: NameServer = 195.62.37.19,192.168.1.254 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SmartTag Recognizer (strecog) - Unknown owner - C:\WINDOWS\system32\strecog.exe (file missing) O23 - Service: Indexing Service Webhits Monitor (webhits) - Unknown owner - C:\WINDOWS\system32\webhits.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9572 bytes
  9. Malwarebytes' Anti-Malware 1.34 Database version: 1829 Windows 5.1.2600 Service Pack 3 09/03/2009 23:37:42 mbam-log-2009-03-09 (23-37-42).txt Scan type: Quick Scan Objects scanned: 64862 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1702984e-7f76-458b-a33a-a7b32a0dcc72} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) scan.txt
  10. I keep gettin 'spyware fighter' pop ups. Also, I cannot shut my computer down. I have to keep hold of the power button for it to switch off. I dont currently have access to the removable drives which are used on this laptop. sorry. heres the report. ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43241ce8-8c5b-11dc-a30a-001422dc6808}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60bd5f6c-c280-11db-a196-0013ce8c9db2}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a61880-def5-11dc-a398-001422dc6808}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ab7a84-c7ae-11dc-a371-001422dc6808}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf06f54-7261-11da-9eee-00038a000015}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de9d18b-5c20-11da-9ebf-00038a000015}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca369ba7-6e85-11db-a0c8-001422dc6808}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d97a80fe-42f1-11dd-a45d-001422dc6808}\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15877e-8157-11dc-a2f3-001422dc6808}\\ not found. ========== FILES ========== File/Folder c:\documents and settings\Namrita\delself.bat not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Namrita\LOCALS~1\Temp\~DF7DCF.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Namrita\LOCALS~1\Temp\~DFE997.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Namrita\LOCALS~1\Temp\~DFE9A2.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_328.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03092009_200425 Files moved on Reboot... C:\DOCUME~1\Namrita\LOCALS~1\Temp\~DF7DCF.tmp moved successfully. C:\DOCUME~1\Namrita\LOCALS~1\Temp\~DFE997.tmp moved successfully. C:\DOCUME~1\Namrita\LOCALS~1\Temp\~DFE9A2.tmp moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_328.dat moved successfully.
  11. ComboFix 09-03-06.02 - Namrita 2009-03-09 17:47:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.257 [GMT 0:00] Running from: c:\documents and settings\Namrita\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Namrita\Application Data\IUpd721 c:\documents and settings\Namrita\Application Data\IUpd721\Logs\scns.log c:\windows\system32\hxrpsoxw.ini c:\windows\system32\ijajvhbx.ini c:\windows\system32\jknVDJjl.ini c:\windows\system32\jknVDJjl.ini2 c:\windows\system32\karna.dat c:\windows\system32\waibchcq.ini . ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))))) . 2009-03-09 09:54 . <DIR> c:\windows\LastGood.Tmp 2009-03-09 01:22 . 2009-03-09 01:22 578,560 --a------ c:\windows\system32\dllcache\user32.dll 2009-03-09 01:11 . 2009-03-09 01:11 <DIR> d-------- c:\windows\ERUNT 2009-03-09 01:05 . 2009-03-09 01:43 <DIR> d-------- C:\SDFix 2009-03-07 20:28 . 2009-03-07 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Fighter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-09 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki 2009-03-09 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-02-05 01:20 36,360 ----a-w c:\documents and settings\Namrita\Application Data\GDIPFONTCACHEV1.DAT 2009-01-30 20:04 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-10-09 20:54 154 ----a-w c:\documents and settings\Namrita\delself.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-01-24 7094272] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "1200033090"="c:\documents and settings\Namrita\Local Settings\Application Data\1629770540.exe" [2009-03-07 873984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816] "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-22 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304] "1200033090"="c:\documents and settings\Namrita\Local Settings\Application Data\1629770540.exe" [2009-03-07 873984] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-11-21 1044480] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-07-29 499773] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-02 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-12-06 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-30 20:04 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Namrita\\Local Settings\\Application Data\\1629770540.exe"= "c:\\WINDOWS\\explorer.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-11 325128] R1 dedcpetc_ne;dedcpetc_ne;c:\program files\Common Files\System\dedcpetc_ne32.dll [2009-01-20 27136] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 298264] R2 webhits;Indexing Service Webhits Monitor;c:\windows\system32\webhits.exe [2008-08-14 131072] S2 strecog;SmartTag Recognizer;c:\windows\system32\strecog.exe --> c:\windows\system32\strecog.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43241ce8-8c5b-11dc-a30a-001422dc6808}] \Shell\AutoRun\command - E:\xn1i9x.com \Shell\explore\Command - E:\xn1i9x.com \Shell\open\Command - E:\xn1i9x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60bd5f6c-c280-11db-a196-0013ce8c9db2}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\l.exe \Shell\Open\Command - Recycled\l.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a61880-def5-11dc-a398-001422dc6808}] \Shell\AutoRun\command - F:\b.com \Shell\explore\Command - F:\b.com \Shell\open\Command - F:\b.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ab7a84-c7ae-11dc-a371-001422dc6808}] \Shell\AutoRun\command - E:\xn1i9x.com \Shell\explore\Command - E:\xn1i9x.com \Shell\open\Command - E:\xn1i9x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf06f54-7261-11da-9eee-00038a000015}] \Shell\AutoRun\command - xn1i9x.com \Shell\explore\Command - xn1i9x.com \Shell\open\Command - xn1i9x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de9d18b-5c20-11da-9ebf-00038a000015}] \Shell\AutoRun\command - E:\xn1i9x.com \Shell\explore\Command - E:\xn1i9x.com \Shell\open\Command - E:\xn1i9x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca369ba7-6e85-11db-a0c8-001422dc6808}] \Shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d97a80fe-42f1-11dd-a45d-001422dc6808}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\l.exe \Shell\Open\Command - Recycled\l.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15877e-8157-11dc-a2f3-001422dc6808}] \Shell\AutoRun\command - E:\xn1i9x.com \Shell\explore\Command - E:\xn1i9x.com \Shell\open\Command - E:\xn1i9x.com . Contents of the 'Scheduled Tasks' folder 2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . - - - - ORPHANS REMOVED - - - - BHO-{4D05B5C0-8E69-4D3D-A9E3-14A03E77A64F} - c:\windows\system32\ljJDVnkj.dll HKLM-Run-NI.UWFX6_0001_N69M1503 - c:\documents and settings\Namrita\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\WinFixer2006FreeInstall[1].exe HKLM-Run-{3d550b1d-df77-c6af-b114-79227566229b} - c:\windows\system32\oipxjevbpdxp.dll SSODL-ComChk-{08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - c:\program files\dhahmac\ComChk.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway uInternet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80 uInternet Settings,ProxyOverride = ;*.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: {5DB3E30D-7EC0-401D-83D9-F6C17722408A} = 195.62.37.19,192.168.1.254 . . ------- File Associations ------- . . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 17:51:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1016) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Kontiki\KService.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\system32\rundll32.exe c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe c:\program files\Apoint\ApntEx.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-03-09 17:56:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-09 17:56:16 Pre-Run: 35,553,341,440 bytes free Post-Run: 35,593,129,984 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 207 --- E O F --- 2009-03-09 10:18:49
  12. Here is the report... SDFix: Version 1.240 Run by Namrita on 09/03/2009 at 01:24 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Resetting AppInit_DLLs value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\Program Files\akl\akl.dll - Deleted C:\Program Files\akl\akl.exe - Deleted C:\Program Files\akl\uninstall.exe - Deleted C:\Program Files\akl\unsetup.exe - Deleted C:\Program Files\GetPack\dictame.gz - Deleted C:\Program Files\GetPack\trgtame.gz - Deleted C:\Program Files\iCheck\iCheck.exe - Deleted C:\Program Files\iCheck\Uninstall.exe - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\DOCUME~1\Namrita\LOCALS~1\Temp\Binaries1.cab2 - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\b148.exe - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted C:\DOCUME~1\Namrita\LOCALS~1\Temp\removalfile.bat - Deleted C:\autorun.PNF - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\system32\akttzn.exe - Deleted C:\WINDOWS\system32\anticipator.dll - Deleted C:\WINDOWS\system32\awtoolb.dll - Deleted C:\WINDOWS\system32\bdn.com - Deleted C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted C:\WINDOWS\system32\dpcproxy.exe - Deleted C:\WINDOWS\system32\emesx.dll - Deleted C:\WINDOWS\system32\[email protected]@@k.dll - Deleted C:\WINDOWS\system32\hoproxy.dll - Deleted C:\WINDOWS\system32\hxiwlgpm.dat - Deleted C:\WINDOWS\system32\hxiwlgpm.exe - Deleted C:\WINDOWS\system32\medup012.dll - Deleted C:\WINDOWS\system32\medup020.dll - Deleted C:\WINDOWS\system32\msgp.exe - Deleted C:\WINDOWS\system32\msnbho.dll - Deleted C:\WINDOWS\system32\mssecu.exe - Deleted C:\WINDOWS\system32\msvchost.exe - Deleted C:\WINDOWS\system32\mtr2.exe - Deleted C:\WINDOWS\system32\mwin32.exe - Deleted C:\WINDOWS\system32\netode.exe - Deleted C:\WINDOWS\system32\newsd32.exe - Deleted C:\WINDOWS\system32\pac.txt - Deleted C:\WINDOWS\system32\ps1.exe - Deleted C:\WINDOWS\system32\psof1.exe - Deleted C:\WINDOWS\system32\psoft1.exe - Deleted C:\WINDOWS\system32\regc64.dll - Deleted C:\WINDOWS\system32\regm64.dll - Deleted C:\WINDOWS\system32\Rundl1.exe - Deleted C:\WINDOWS\system32\smp\msrc.exe - Deleted C:\WINDOWS\system32\sncntr.exe - Deleted C:\WINDOWS\system32\ssurf022.dll - Deleted C:\WINDOWS\system32\ssvchost.com - Deleted C:\WINDOWS\system32\ssvchost.exe - Deleted C:\WINDOWS\system32\sysreq.exe - Deleted C:\WINDOWS\system32\taack.dat - Deleted C:\WINDOWS\system32\taack.exe - Deleted C:\WINDOWS\system32\temp#01.exe - Deleted C:\WINDOWS\system32\thun.dll - Deleted C:\WINDOWS\system32\thun32.dll - Deleted C:\WINDOWS\system32\VBIEWER.OCX - Deleted C:\WINDOWS\system32\vbsys2.dll - Deleted C:\WINDOWS\system32\vcatchpi.dll - Deleted C:\WINDOWS\system32\winlogonpc.exe - Deleted C:\WINDOWS\system32\winsystem.exe - Deleted C:\WINDOWS\system32\WINWGPX.EXE - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\winsystem.exe - Deleted Could Not Remove C:\WINDOWS\system32\karna.dat Folder C:\Program Files\akl - Removed Folder C:\Program Files\GetModule - Removed Folder C:\Program Files\GetPack - Removed Folder C:\Program Files\iCheck - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\Program Files\Mjcore - Removed Folder C:\Temp\xp34 - Removed Folder C:\WINDOWS\mslagent - Removed Folder C:\WINDOWS\system32\smp - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 01:39:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys081bc0553a] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys081bc0553a] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\WINDOWS\\winsbts.exe"="C:\\WINDOWS\\winsbts.exe:*:Enabled:Sunsys" "C:\\Documents and Settings\\Namrita\\Local Settings\\Application Data\\1629770540.exe"="C:\\Documents and Settings\\Namrita\\Local Settings\\Application Data\\1629770540.exe:*:Enabled:Sunsys" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files : C:\WINDOWS\system32\karna.dat Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 10 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 1 Jun 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak" Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Tue 8 Feb 2005 180,224 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL0004.tmp" Wed 9 Feb 2005 21,504 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL0005.tmp" Wed 9 Feb 2005 247,296 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL0006.tmp" Sat 29 Jan 2005 248,320 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL0153.tmp" Sat 29 Jan 2005 250,880 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL1939.tmp" Thu 10 Feb 2005 257,024 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL3131.tmp" Tue 8 Feb 2005 180,224 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL3164.tmp" Sat 29 Jan 2005 242,176 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL3762.tmp" Fri 28 Jan 2005 242,176 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL4051.tmp" Thu 10 Feb 2005 247,808 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Cwk's!\~WRL4092.tmp" Wed 10 Jan 2007 105,472 A..H. --- "C:\Documents and Settings\Namrita\My Documents\Indy's Work\BDM\~WRL2446.tmp" Tue 14 Nov 2006 44,032 A..H. --- "C:\Documents and Settings\Namrita\My Documents\Indy's Work\Indy\~WRL0005.tmp" Tue 21 Nov 2006 44,544 A..H. --- "C:\Documents and Settings\Namrita\My Documents\Indy's Work\Indy\~WRL3663.tmp" Wed 10 May 2006 4,348 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Music\License Backup\drmv1key.bak" Wed 31 May 2006 20 A..H. --- "C:\Documents and Settings\Namrita\My Documents\My Music\License Backup\drmv1lic.bak" Wed 10 May 2006 400 A.SH. --- "C:\Documents and Settings\Namrita\My Documents\My Music\License Backup\drmv2key.bak" Mon 10 Dec 2007 37,376 ...H. --- "C:\Documents and Settings\Namrita\My Documents\Year 3\Theories of Rights\~WRL1276.tmp" Mon 10 Dec 2007 37,376 ...H. --- "C:\Documents and Settings\Namrita\My Documents\Year 3\Theories of Rights\~WRL2226.tmp" Mon 10 Dec 2007 36,352 ...H. --- "C:\Documents and Settings\Namrita\My Documents\Year 3\Theories of Rights\~WRL3157.tmp" Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Namrita\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp" Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Namrita\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp" Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Namrita\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp" Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Namrita\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp" Wed 19 Sep 2007 8 A..H. --- "C:\Documents and Settings\Namrita\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp" Finished!
  13. Hi, my laptop is having some serious issues. Any search I try on google doesnt work properly, every link I click on re directs me to other pages, im also getting loads of pop ups. Please help... Heres my HiJack This log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:37:02, on 08/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\webhits.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Documents and Settings\Namrita\Local Settings\Application Data\1629770540.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Kontiki\KHost.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) O2 - BHO: (no name) - {1702984E-7F76-458B-A33A-A7B32A0DCC72} - C:\WINDOWS\system32\nnnkJBSm.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {4D05B5C0-8E69-4D3D-A9E3-14A03E77A64F} - C:\WINDOWS\system32\ljJDVnkj.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NI.UWFX6_0001_N69M1503] "C:\Documents and Settings\Namrita\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\WinFixer2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{3d550b1d-df77-c6af-b114-79227566229b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\oipxjevbpdxp.dll" DllStub O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [1200033090] C:\Documents and Settings\Namrita\Local Settings\Application Data\1629770540.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [GetPack22] "C:\Program Files\GetPack\GetPack22.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe" O4 - HKCU\..\Run: [1200033090] C:\Documents and Settings\Namrita\Local Settings\Application Data\1629770540.exe O4 - HKCU\..\Policies\Explorer\Run: [buUFsC6nkc] C:\Documents and Settings\All Users\Application Data\bylkjafk\rkjqzeja.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5DB3E30D-7EC0-401D-83D9-F6C17722408A}: NameServer = 195.62.37.19,192.168.1.254 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: nnnkJBSm - nnnkJBSm.dll (file missing) O21 - SSODL: ComChk - {08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - C:\Program Files\dhahmac\ComChk.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SmartTag Recognizer (strecog) - Unknown owner - C:\WINDOWS\system32\strecog.exe (file missing) O23 - Service: Indexing Service Webhits Monitor (webhits) - Unknown owner - C:\WINDOWS\system32\webhits.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12557 bytes
  14. People who have asked for help after I have created my thread, are getting help before me. Im not sure what the rules are for gettin help, but can someone please atleast reply in the thread and let me know if I've done something wrong, or if something missing, which is the reason for no replies? Also, if there are any other websites which are similar to this, where I can get help? Thank you
  15. Is anyone able to offer any help? I asked for help once before, however the person helping me stopped halfway through the process, so im not sure if my computer is ok now, or if there are still any issues.