Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Domain Blocking + Ie_search_redirect + Disable Firefox.


  • This topic is locked This topic is locked
2 replies to this topic

#1 petekw

petekw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 08 July 2008 - 10:51 AM

:thumbsup: Thanks in advance for your expertise!!!

A quick overview of the Symptoms:

--It disabled Firefox - when I try to run FF, nothing happens in taskmanager. I got FF working again by renaming firefox.exe to firefox1.exe

--in IE, my Google search results are sabotaged with ad-links. See screenshot here: http://i26.tinypic.com/9vfmhf.jpg (look at the bottom bar where the link is displayed)

--my hosts file is fine ( I cannot see any changes beyond default using notepad), but somehow I still cannot access many anti-virus-related domains (including bleepingcomputer.com, kapersky.com, windowsupdate, Avast, trendmicro.com, etc.) I have been using a USB drive to transfer in anti-malware programs like Avast, DSS, etc to get around this.


I tried updating to IE7 and resetting the internet options settings, but that did nothing.

Ok, so Here is the HJ log I got after running DSS:
======================================
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-08 11:41:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-08 16:42:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:30 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINDOWS\system32\UAService7.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Administrator\Desktop\dss1.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [hcwemMON] hcwemMON.exe
O4 - HKLM\..\Run: [PMCRemote] D:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTuner] "D:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpeedFan.lnk = D:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: UltraVNC Server.lnk = D:\Program Files\UltraVNC\winvnc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141255320046
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6638D2EB-C456-4927-92B9-B5DA42166C32}: NameServer = 68.87.75.194,68.87.64.146
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

--
End of file - 6800 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - d:\windows\system32\giveio.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - d:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - d:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - d:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 speedfan - d:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - d:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 RivaTuner32 - d:\program files\rivatuner v2.09\rivatuner32.sys

S1 ATITool (ATITool Overclocking Utility) - d:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
S3 ATIAVAIW (ATI T200 Unified AVStream service) - d:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 dtscsi - d:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ENTECH - d:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - d:\windows\system32\drivers\lmouke.sys (file missing)
S3 NVR0Dev - d:\windows\nvoclock.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - d:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 sony_ssm.sys - d:\docume~1\admini~1\locals~1\temp\sony_ssm.sys (file missing)
S3 XTrapD12 - d:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UserAccess7 (SecuROM User Access Service (V7)) - d:\windows\system32\uaservice7.exe <Not Verified; Sony DADC Austria AG.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 12:11:06 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-06-30 23:36:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Activision
2008-06-30 23:36:25 0 d-------- D:\Documents and Settings\Administrator\Application Data\Activision
2008-06-30 19:51:17 0 d-------- D:\Program Files\PCHealthCenter
2008-06-17 20:26:46 0 d-------- D:\Documents and Settings\Administrator\Application Data\Logitech
2008-06-17 20:26:34 0 d-------- D:\Program Files\Common Files\LogiShared
2008-06-17 20:22:24 69632 --a------ D:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-17 20:22:24 110592 --a------ D:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-17 20:22:24 135168 --a------ D:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-17 20:22:24 163840 --a------ D:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-17 20:22:06 0 d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-06-17 20:21:42 0 d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-09 20:18:13 0 d-------- D:\Documents and Settings\All Users\Application Data\Codemasters


-- Find3M Report ---------------------------------------------------------------

2008-07-08 11:08:44 0 d-------- D:\Program Files\SpeedFan
2008-07-02 23:14:09 0 d---s---- D:\Program Files\Xfire
2008-07-02 21:07:29 0 d-------- D:\Documents and Settings\Administrator\Application Data\Xfire
2008-07-01 18:25:47 0 d-------- D:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-01 12:27:19 0 d-------- D:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-30 23:32:31 6810 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-30 20:58:46 0 d-------- D:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-29 19:54:55 0 d-------- D:\Documents and Settings\Administrator\Application Data\dvdcss
2008-06-17 20:26:34 0 d-------- D:\Program Files\Common Files
2008-06-17 20:26:17 0 d-------- D:\Program Files\Logitech
2008-06-17 20:26:16 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-06-17 20:22:39 0 d-------- D:\Program Files\Common Files\Logitech
2008-06-15 16:52:27 0 d-------- D:\Program Files\Java
2008-06-14 14:49:49 0 d-------- D:\Program Files\OpenAL
2008-06-09 00:05:07 0 d-------- D:\Documents and Settings\Administrator\Application Data\IGN_DLM
2008-06-04 21:57:18 0 d-------- D:\Program Files\RivaTuner v2.09
2008-05-10 17:08:10 0 d-------- D:\Documents and Settings\Administrator\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/27/2004 04:01 PM D:\WINDOWS\soundman.exe]
"CTHelper"="CTHELPER.EXE" [12/08/2005 12:06 PM D:\WINDOWS\CTHELPER.EXE]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 09:47 AM]
"hcwemMON"="hcwemMON.exe" [03/29/2007 04:22 PM D:\WINDOWS\hcwemMON.exe]
"PMCRemote"="D:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [02/12/2007 08:12 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"RivaTuner"="D:\Program Files\RivaTuner v2.09\RivaTuner.exe" [04/28/2008 01:25 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM D:\WINDOWS\KHALMNPR.Exe]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []
"updateMgr"="D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
SpeedFan.lnk - D:\Program Files\SpeedFan\speedfan.exe [2/28/2007 1:28:02 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [6/17/2008 8:22:23 PM]
UltraVNC Server.lnk - D:\Program Files\UltraVNC\winvnc.exe [3/21/2007 12:00:24 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=D:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=D:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"D:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
D:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
D:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
D:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"AVGEMS"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"CVPND"=2 (0x2)

*Newly Created Service* - SR



-- End of Deckard's System Scanner: finished at 2008-07-08 11:43:40 ------------

====================================================




What should I do next??

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:09 AM

Posted 31 July 2008 - 05:22 PM

Hello petekw,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:09 AM

Posted 12 August 2008 - 04:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users