Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crazy New I.E. errors


  • This topic is locked This topic is locked
1 reply to this topic

#1 mas3d

mas3d

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 26 November 2008 - 02:01 AM

As stated in the topic description: I use firefox, but internet explorer keeps opening with pop-ups and sponsored links on the left hand side of the google search bar. These sponsored links don't link to any site and shut down ie abrubtly. Very weird, I'm assuming it's got to be some type of malware.

I'm not exactly a fan of i.e. and primarily use firefox for viewing, yet I am trying to work on my portfolio and have been using i.e. to cross check my css styles(if it works in i.e. it works anywhere amirite?) Any and all information would be greatly appreciated. I'm willing to take all reasonable directions necessary to fix this problem. Luckily, I can still use this machine, however I'm in a financial crunch and this is my only source to the internet so I'd like to fix any and all problems you guys can find.

I'm writing this while I wait for the kapersky scanner to finish up however I'm looking at my hijack log and have no effing idea what these 2 files are:

O2 - BHO: adzgalore - {127bb432-a9ca-0bd0-0614-4dab48b3fe12} - C:\WINNT\system32\nsw67B.dll
O2 - BHO: mysidesearch search enhancer - {3D7187C5-E80D-DD68-0F53-3AD233E7A279} - C:\WINNT\system32\pamifogahftkhwce.dll

That's just a quick glance at what I've noticed wrong, however... there is probably a lot more in here that a trained eye can find. My experience with registry editing is very limited and I have a feeling I will need a lot of help with this.







My RSIT log file is as follows:
Logfile of random's system information tool 1.04 (written by random/random)
Run by tomas at 2008-11-25 23:31:51
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 28 GB (91%) free of 31 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:05 PM, on 11/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\website_html\mysql\bin\mysqld-nt.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
E:\RSIT\RSIT.exe
C:\Program Files\trend micro\tomas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: adzgalore - {127bb432-a9ca-0bd0-0614-4dab48b3fe12} - C:\WINNT\system32\nsw67B.dll
O2 - BHO: mysidesearch search enhancer - {3D7187C5-E80D-DD68-0F53-3AD233E7A279} - C:\WINNT\system32\pamifogahftkhwce.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: cpmsky browser enhancer - {C9FA5522-15FE-0C54-96E9-EC6952254D14} - C:\WINNT\system32\danqgfbjnuf.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hikeofbttujqcj] C:\WINNT\System32\regsvr32.exe /s "C:\WINNT\system32\danqgfbjnuf.dll"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - E:\website_html\mysql\bin\mysqld-nt (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/tomas/My%20Documents/My%20Pictures/ss662.jpg

--
End of file - 4613 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{127bb432-a9ca-0bd0-0614-4dab48b3fe12}]
adzgalore - C:\WINNT\system32\nsw67B.dll [2008-11-17 554496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D7187C5-E80D-DD68-0F53-3AD233E7A279}]
mysidesearch search enhancer - C:\WINNT\system32\pamifogahftkhwce.dll [2008-11-19 600576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9FA5522-15FE-0C54-96E9-EC6952254D14}]
cpmsky browser enhancer - C:\WINNT\system32\danqgfbjnuf.dll [2008-11-18 325632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2003-06-19 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"NvCplDaemon"=C:\WINNT\System32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINNT\System32\NvMcTray.dll [2006-10-22 86016]
"CTHelper"=C:\WINNT\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINNT\system32\CTXFIHLP.EXE [2006-08-11 18944]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-25 136600]
"hikeofbttujqcj"=C:\WINNT\System32\regsvr32.exe [2003-06-19 11024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-13 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
C:\WINNT\system32\nwprovau.dll [2003-06-19 139536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\bittorrent\bittorrent.exe"="E:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-25 23:31:52 ----D---- C:\Program Files\trend micro
2008-11-25 23:31:51 ----D---- C:\rsit
2008-11-25 18:47:50 ----RD---- C:\WINNT\Offline Web Pages
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\sendmail.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\msieftp.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\ieakui.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\ieaksie.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\ieakeng.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\cryptdlg.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\corpol.dll
2008-11-25 18:32:53 ----A---- C:\WINNT\system32\comctl32.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\wininet.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\webcheck.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\urlmon.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\url.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\shlwapi.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\shfolder.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\shdocvw.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\shdoclc.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\pngfilt.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\occache.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\msrating.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\msidntld.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\msident.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\mshtmler.dll
2008-11-25 18:32:51 ----A---- C:\WINNT\system32\mshtmled.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\mshtml.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\mshta.exe
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\msencode.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\mlang.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\jsproxy.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\inseng.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\inetcplc.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\imgutil.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\iesetup.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\iepeers.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\iedkcs32.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\ie4uinit.exe
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\dxtrans.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\dxtmsft.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\digest.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\cdfview.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\browseui.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\browselc.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\advpack.dll
2008-11-25 18:32:50 ----A---- C:\WINNT\system32\actxprxy.dll
2008-11-25 17:53:46 ----A---- C:\ComboFix.txt
2008-11-25 17:47:37 ----A---- C:\WINNT\PSEXESVC.EXE
2008-11-25 17:45:14 ----A---- C:\WINNT\zip.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\VFIND.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\SWXCACLS.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\SWSC.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\SWREG.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\sed.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\NIRCMD.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\grep.exe
2008-11-25 17:45:14 ----A---- C:\WINNT\fdsv.exe
2008-11-25 17:44:09 ----D---- C:\WINNT\ERDNT
2008-11-25 17:44:09 ----D---- C:\Qoobox
2008-11-25 17:16:14 ----D---- C:\WINNT\Sun
2008-11-25 16:17:34 ----A---- C:\WINNT\system32\pamifogahftkhwce.dll-uninst.exe
2008-11-25 15:34:34 ----A---- C:\WINNT\system32\cont_adzgalore-remove.exe
2008-11-25 15:34:31 ----A---- C:\WINNT\system32\crnttsqyfer.exe
2008-11-25 15:30:11 ----D---- C:\Documents and Settings\tomas\Application Data\LimeWire
2008-11-25 15:29:07 ----A---- C:\WINNT\system32\javaws.exe
2008-11-25 15:29:07 ----A---- C:\WINNT\system32\javaw.exe
2008-11-25 15:29:07 ----A---- C:\WINNT\system32\java.exe
2008-11-25 15:29:07 ----A---- C:\WINNT\system32\deploytk.dll
2008-11-25 15:28:54 ----D---- C:\Program Files\Java
2008-11-25 15:24:29 ----D---- C:\Documents and Settings\tomas\Application Data\Sun
2008-11-25 03:30:59 ----HD---- C:\WINNT\PIF
2008-11-24 18:38:07 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-11-24 01:28:04 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-21 12:42:36 ----A---- C:\WINNT\system32\msvcr80.dll
2008-11-21 12:42:36 ----A---- C:\WINNT\system32\msvcp80.dll
2008-11-20 00:56:56 ----HD---- C:\Program Files\Uninstall Information
2008-11-20 00:56:56 ----D---- C:\WINNT\Windows Update Setup Files
2008-11-20 00:52:26 ----A---- C:\WINNT\Active Setup Log.txt
2008-11-20 00:52:26 ----A---- C:\WINNT\Active Setup Log.BAK
2008-11-20 00:52:22 ----A---- C:\Program Files\ie6setup.exe
2008-11-19 03:11:18 ----A---- C:\WINNT\system32\pamifogahftkhwce.dll
2008-11-18 08:02:38 ----A---- C:\WINNT\system32\danqgfbjnuf.dll
2008-11-17 03:39:34 ----A---- C:\WINNT\system32\nsw67B.dll
2008-11-16 18:20:13 ----D---- C:\Program Files\Common Files\NSV
2008-11-14 23:20:52 ----D---- C:\Documents and Settings\tomas\Application Data\FileZilla
2008-11-04 19:46:32 ----D---- C:\Documents and Settings\tomas\Application Data\Help
2008-11-04 02:18:05 ----A---- C:\WINNT\system32\snprfdll.dll
2008-11-04 02:18:05 ----A---- C:\WINNT\system32\smtpctrs.ini
2008-11-04 02:18:05 ----A---- C:\WINNT\system32\smtpctrs.dll
2008-11-04 02:18:05 ----A---- C:\WINNT\system32\smtpapi.dll
2008-11-04 02:18:04 ----A---- C:\WINNT\system32\rwnh.dll
2008-11-04 02:18:04 ----A---- C:\WINNT\system32\regtrace.exe
2008-11-04 02:18:04 ----A---- C:\WINNT\system32\ntfsdrct.ini
2008-11-04 02:18:04 ----A---- C:\WINNT\system32\fcachdll.dll
2008-11-04 02:18:04 ----A---- C:\WINNT\system32\dt_ctrl.dll
2008-11-04 02:18:04 ----A---- C:\WINNT\system32\adsiisex.dll
2008-11-03 21:36:40 ----AHD---- C:\Documents and Settings\All Users\Application Data\Cisco
2008-11-03 21:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco Aironet
2008-11-03 20:21:12 ----A---- C:\WINNT\system32\trace.dll
2008-11-03 20:21:12 ----A---- C:\WINNT\system32\iprip.dll
2008-11-03 20:21:11 ----A---- C:\WINNT\system32\simptcp.dll
2008-11-03 20:21:08 ----A---- C:\WINNT\system32\snmpmib.dll
2008-11-03 20:21:08 ----A---- C:\WINNT\system32\evntcmd.exe
2008-11-03 19:56:24 ----A---- C:\WINNT\ModemLog_Communications cable between two computers.txt

======List of files/folders modified in the last 1 months======

2008-11-25 23:31:52 ----RAD---- C:\Program Files
2008-11-25 23:31:52 ----AD---- C:\WINNT\system32
2008-11-25 23:28:39 ----D---- C:\Documents and Settings\tomas\Application Data\DNA
2008-11-25 23:13:25 ----D---- C:\Documents and Settings\tomas\Application Data\gtk-2.0
2008-11-25 22:59:52 ----AD---- C:\WINNT\Temp
2008-11-25 19:10:00 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 19:00:45 ----SD---- C:\Documents and Settings\tomas\Application Data\Microsoft
2008-11-25 19:00:45 ----AD---- C:\WINNT\system32\drivers
2008-11-25 19:00:45 ----AD---- C:\WINNT
2008-11-25 18:48:09 ----D---- C:\Program Files\DNA
2008-11-25 18:47:58 ----D---- C:\Program Files\Internet Explorer
2008-11-25 18:47:51 ----SD---- C:\WINNT\Downloaded Program Files
2008-11-25 18:47:42 ----D---- C:\WINNT\system32\NtmsData
2008-11-25 18:47:07 ----AD---- C:\WINNT\Debug
2008-11-25 18:46:40 ----SD---- C:\WINNT\Web
2008-11-25 18:46:40 ----D---- C:\Program Files\Outlook Express
2008-11-25 18:46:40 ----AD---- C:\WINNT\Help
2008-11-25 18:45:28 ----A---- C:\WINNT\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
2008-11-25 18:32:54 ----RASHDC---- C:\WINNT\system32\dllcache
2008-11-25 18:32:53 ----HD---- C:\WINNT\inf
2008-11-25 18:32:36 ----D---- C:\Program Files\Common Files\System
2008-11-25 18:32:36 ----D---- C:\Program Files\Common Files\Services
2008-11-25 17:51:19 ----N---- C:\WINNT\system.ini
2008-11-25 17:48:03 ----AD---- C:\WINNT\system32\config
2008-11-25 17:46:49 ----AD---- C:\WINNT\AppPatch
2008-11-25 17:46:49 ----AD---- C:\Program Files\Common Files
2008-11-25 17:45:34 ----A---- C:\WINNT\SchedLgU.Txt
2008-11-25 16:11:26 ----D---- C:\Documents and Settings\tomas\Application Data\BitTorrent
2008-11-25 15:29:11 ----SHD---- C:\WINNT\Installer
2008-11-24 22:56:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-24 20:56:10 ----D---- C:\Documents and Settings\tomas\Application Data\Macromedia
2008-11-24 20:04:29 ----D---- C:\Documents and Settings\tomas\Application Data\KompoZer
2008-11-24 17:50:44 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 13:18:57 ----AD---- C:\WINNT\security
2008-11-20 01:00:23 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2008-11-20 01:00:23 ----A---- C:\WINNT\OEWABLog.txt
2008-11-20 00:58:05 ----HD---- C:\WINNT\msdownld.tmp
2008-11-20 00:57:53 ----D---- C:\WINNT\RegisteredPackages
2008-11-20 00:56:58 ----AD---- C:\WINNT\Cursors
2008-11-19 16:15:56 ----A---- C:\WINNT\win.ini
2008-11-15 23:03:15 ----D---- C:\Documents and Settings\tomas\Application Data\U3
2008-11-04 02:18:05 ----D---- C:\WINNT\system32\inetsrv
2008-11-03 20:08:45 ----SHD---- C:\WINNT\CSC
2008-11-03 19:04:03 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R2 aswMon;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon.sys [2008-01-17 93264]
R2 tmcomm;tmcomm; \??\C:\WINNT\system32\drivers\tmcomm.sys []
R3 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINNT\System32\DRIVERS\fetnd5a.sys [2002-01-14 36864]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINNT\system32\drivers\msmpu401.sys [1999-09-25 2832]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2001-05-08 6032]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 viafilter;VIA USB Filter; C:\WINNT\System32\Drivers\viausb.sys [2002-07-30 9038]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINNT\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 TVICHW32;TVICHW32; \??\C:\WINNT\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINNT\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-25 152984]
R2 MySQL;MySQL; E:\website_html\mysql\bin\mysqld-nt --defaults-file=E:\website_html\mysql\my.ini MySQL []
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\System32\nvsvc32.exe [2006-10-22 159810]
R2 SimpTcp;Simple TCP/IP Services; C:\WINNT\System32\tcpsvcs.exe [2001-05-08 25360]
R2 SNMP;SNMP Service; C:\WINNT\System32\snmp.exe [2003-06-19 30480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 LPDSVC;TCP/IP Print Server; C:\WINNT\System32\tcpsvcs.exe [2001-05-08 25360]
S3 SNMPTRAP;SNMP Trap Service; C:\WINNT\System32\snmptrap.exe [2003-06-19 7952]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2001-05-08 7952]

-----------------EOF-----------------






My RSIT info file is as follows:
info.txt logfile of random's system information tool 1.04 2008-11-25 23:32:09

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINNT\System32\Macromed\Flash\uninstall_plugin.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Contextual Tool Adzgalore-->C:\WINNT\system32\cont_adzgalore-remove.exe
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
FileZilla Client 3.1.5-->E:\filezilla\FileZilla FTP Client\uninstall.exe
Free YouTube to Mp3 Converter version 3.1-->"E:\MP3_converter\Free YouTube to Mp3 Converter\unins000.exe"
Gimp 2.6.0-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySQL Server 5.0-->MsiExec.exe /I{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}
NTFS Undelete v0.93-->"E:\ntfsundelete\NTFS Undelete\unins000.exe"
NVIDIA Drivers-->C:\WINNT\System32\nvudisp.exe UninstallGUI
Recover My Files-->"E:\recovermyfiles\Recover My Files\unins000.exe"
RON Tool Cpmsky-->C:\WINNT\system32\crnttsqyfer.exe
Search Assistant Mysidesearch-->C:\WINNT\system32\pamifogahftkhwce.dll-uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows 2000 Service Pack 4-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------






Ok... I just finished the update for kaspersky and finally finished the scan. Kaspersky found no threats, but I know this can't be accurate, seriously...

I've also noticed that windows explorer has also started acting up in a peculiar manner. if I press ctrl+e then click a drive, the drive opens up in a new window. I know I haven't changed any setting related to this and it just happened today. It's something small but I believe it could be linked to:
O2 - BHO: cpmsky browser enhancer - {C9FA5522-15FE-0C54-96E9-EC6952254D14} - C:\WINNT\system32\danqgfbjnuf.dll

Everyone is probably asleep. I figure I'll hit the sack and check this topic when I wake up tomorrow ^_^.

--this problem is now affecting firefox as well. new tabs are opening up periodically linking to "automated-search.com" and one other site "premium-live-scan.com", I believe. It's definitely starting to show it's true colors. I'm going to leave my machine off and check this forum on my brother's computer until I get advice from an expert.--

Thanks,
Tomas

Edited by mas3d, 26 November 2008 - 05:41 AM.


BC AdBot (Login to Remove)

 


#2 mas3d

mas3d
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 27 November 2008 - 05:09 AM

bleh, now I remember why I always just backup and reformat whenever I get hit by a bug like this. problem solved, took me 3 hours but that's way better than wasting days pulling my hair out over this. ciao ^_^




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users