Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly cool websearch, 1 question which Kaspersky log do I need to send?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Grantyy

Grantyy

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 January 2009 - 09:21 PM

Hi there :) - I have used the Kaspersky online scanner and both critical systems and my computer turned up nothing, although the second scan was running for 1hour 40mins and still not finished so i ended it until a better time, when I ran it again it took a few seconds?
Here's my problem I have re-installed my computer to factory settings using my medion installation disk 4 times now, wiping the C drive and reinstalling windows, the problem could be within my D drive were I keep my back up stuff although I have scanned this drive many times using AVG8, Avira, Spybot to name a few and they all come back clean, when I first started having problems AVG was finding Cool websearch which I understand can be notoriously difficult to remove and also about 15-20 cookies which seem impossible to get rid of eg Doubleclick, Revsci, also AVG reports MSNportal.112.2o7(1) upon opening MSN, Is this just a feature of AVG or is MSN portal similar to doubleclick etc, these cookies (Doubleclick etc) are always present despite the reinstall and found by AVG as a threat, It seems if this is a virus it will allow me to view the internet although slower than normal but once I start downloading at high speed (eg a film) every time I reach max speed the connection is cut and bottles slowly down to 0 then disconnects before doing the same over and over which makes it impossible to download.
Upon each re-install I have attempted to download AVG as fast as I could yet before I get chance to do anything my computer accesses the internet for no apparent reason which appears to me to be the virus's basic leftover hidden files downloading additional information in order to re-install itself on the computer, therefore the last time I disconnected the internet went into safe mode then re-connected which seemed ok (no flashing modem lights) I downloaded the above anti virus programmes which found various threats which I removed I then searched the net for help and did some manual removal in the registry and I appear to have stopped the downloading but these cookie notices are appearing every other time I open a webpage then when i press remove threat AVG says specified file not found.
I have 2 questions firstly could my D drive be holding the virus and keeping it safe from my reinstalls also there is an E drive listed as recover but I am not sure if that is a windows back up or what, My second question, is the re-install I do with my support disc as thorough as the old way of formatting the drive as I am not sure these are the same and cant really remember how to install using my windows software as the other way is so simple, :thumbup2: thank you for your time here is the requested log file


DDS (Ver_09-01-19.01) - NTFSx86
Run by Grantyy at 20:56:14.43 on 29/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.427 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Grantyy\Desktop\DownLLL\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.aldi.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.aldi.co.uk/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R265 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibne.exe /fu "c:\windows\temp\E_S81.tmp" /EF "HKCU"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CmUCRRun] c:\windows\system32\CmUCReye.exe
mRun: [MedionVFD] "c:\program files\medion info display\MdionLCM.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] "c:\program files\home cinema\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\program files\home cinema\powercinema\PCMService.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &AOL Toolbar search
IE: &Google Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-16 11840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-15 26824]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826112]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-16 52032]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2005-10-19 72320]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-16 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-16 151297]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-15 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-15 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-15 76040]
S0 rseb;rseb; [x]

=============== Created Last 30 ================

2009-01-22 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2009-01-22 19:13 49,152 a------- c:\windows\system32\E_DCINST.DLL
2009-01-22 19:13 75,264 a------- c:\windows\system32\E_FLBBNE.DLL
2009-01-22 19:13 62,976 a------- c:\windows\system32\E_FD4BBNE.DLL
2009-01-22 19:08 <DIR> --d----- c:\program files\EPSON
2009-01-22 19:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-01-21 11:46 324 a------- c:\docume~1\grantyy\applic~1\wklnhst.dat
2009-01-20 01:23 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-01-20 01:23 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-01-20 01:23 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-01-20 01:23 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-01-20 01:23 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-01-20 01:21 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2009-01-20 01:20 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-01-20 01:14 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 01:14 <DIR> --d----- c:\windows\Logs
2009-01-19 22:12 1,409 a------- c:\windows\QTFont.for
2009-01-19 22:12 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-17 09:18 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-17 03:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-16 21:35 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-16 21:35 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-16 21:34 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-16 21:33 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-16 21:33 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 21:29 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-01-16 21:29 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-01-16 21:29 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-16 21:29 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-01-16 20:35 <DIR> --d----- c:\program files\Avira
2009-01-16 20:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-16 20:02 <DIR> --d----- c:\program files\Lavasoft
2009-01-16 17:07 <DIR> --d----- c:\windows\ERUNT
2009-01-16 17:00 <DIR> --d----- C:\SDFix
2009-01-16 16:49 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 16:35 <DIR> --d----- c:\program files\Safer Networking
2009-01-16 15:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-16 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-16 15:50 <DIR> --d----- c:\program files\Trend Micro
2009-01-15 23:59 <DIR> --d----- c:\windows\pss
2009-01-15 22:11 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-15 22:04 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-15 22:04 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 22:03 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-15 22:03 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-15 22:03 <DIR> --d----- c:\docume~1\grantyy\applic~1\AVGTOOLBAR
2009-01-15 22:03 <DIR> --d----- c:\program files\AVG
2009-01-15 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-15 21:31 73,728 a------- c:\windows\ALCFDRTM.EXE
2009-01-15 21:31 <DIR> --dsh--- c:\documents and settings\grantyy\UserData
2009-01-15 21:31 <DIR> --d----- c:\documents and settings\Grantyy
2009-01-15 21:31 <DIR> --d----- c:\docume~1\grantyy\applic~1\You've Got Pictures Screensaver
2009-01-15 21:31 <DIR> --d----- c:\docume~1\grantyy\applic~1\AOL
2009-01-15 21:19 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-15 21:19 61,056 a------- c:\windows\system32\drivers\ohci1394.sys
2009-01-15 21:19 53,248 a------- c:\windows\system32\drivers\1394bus.sys
2009-01-15 21:19 6,400 a------- c:\windows\system32\drivers\enum1394.sys

==================== Find3M ====================

2008-12-11 11:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2005-10-19 10:21 8 ---shr-- c:\windows\system32\C72AA29016.sys
2005-10-19 10:21 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:56:31.90 ===============

Attached Files


Edited by Grantyy, 29 January 2009 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:01 AM

Posted 30 January 2009 - 03:00 AM

Hi,

There's really nothing suspicious here...

I am very sorry to hear that you have reinstalled Windows because your AVG was detecting the doubleclick tracking cookie on the MSN portal again and again.

Please don't worry about tracking cookies. You'll always get them and they will always return. This just depends what sites you visit.
Everyone has them. They are present on the MSN startpage, Yahoo startpage...
You may also want to read next:
http://www.mvps.org/winhelp2002/cookies.htm

If you want to manage your cookies you can use next programs:

For Internet explorer: CookieWall

For Firefox: CookieSafe

Keep in mind that you're not supposed to block every cookie, because some cookies are required.
Most people don't use an additional cookie manager, because it may be annoying in some cases to manually filter all cookies in the beginning, so they clean their cookies once in a while via the "clean cookies" option in their browser settings.

Edited to add... I notice from your log that there's more than 1 Antivirus installed. Avira and AVG
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Edited by miekiemoes, 30 January 2009 - 03:02 AM.
multiple AV

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Grantyy

Grantyy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 01 February 2009 - 02:43 PM

:thumbup2: Hi I may need some help still - Ok so I deleted my other Anti-virus progs and stopped the cookie scanning, As soon as I did I got an update notification from AVG which I did and then a I was asked to install XP service pack 3 then an update for media player which I agreed to both, I had not agreed because I thought maybe one of these could have been a fake download, I also allowed the registry changes that spybot notified me of about 5-6 in all mostly because of these updates? , a couple of them were something like TRsomething and mentioned remote access which could have been to do with updates maybe and I guessed since nothing strange was found in my last log file that these were likely to be needed,now one day later I have had the internet disconnection message twice which I was getting regularly before I re-installed my computer, the reason I believe this could be due to a virus is that since I did the reinstall I have had a lot of security in place but as soon as I drop some of this security and allow the updates and registry changes I am having connection problems again and am unable to download any media as every time I attempt to download at high speed the connection is reset?? does anybody have any ideas if this is a virus and if not what could be causing it, I am with Virgin media and before these problems have received a very reliable service , the only other thing I have done is turn off the phishing filter due to the slow loading web pages and not long after I got the message in the status bar that there is no local area connection, limited or no connectivity, I then need to reset my modem and my computer to get back connected, it seems to me that I may have stopped something taking control after the reinstall as I went into safe mode and removed whatever the anti-virus progs found, I also removed some toolbar stuff from the registry but now I have dropped my security I am experiencing the very problems that have caused me to be suspicious before and reinstall, as I said these connection problems have appeared once I removed my security and allowed the downloads, when I do re-install these tracking cookies are in the system which I find strange as all I have done is go to C-net to download AVG which pulled up a lot of tracking cookies and a couple of threats- Thanks for your time

#4 Grantyy

Grantyy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 01 February 2009 - 02:50 PM

Could somebody please scan this and I guess if there are still no threats I am stuck, a folder has appeared on the desktop AOL saved PFC could be something my GF pressed but I do not use AOL and thought I had deleted it from my PC - Thanks


DDS (Ver_09-01-19.01) - NTFSx86
Run by Grantyy at 19:42:09.57 on 01/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.526 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Grantyy\Desktop\DownLLL\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.aldi.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.aldi.co.uk/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R265 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibne.exe /fu "c:\windows\temp\E_S81.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CmUCRRun] c:\windows\system32\CmUCReye.exe
mRun: [MedionVFD] "c:\program files\medion info display\MdionLCM.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] "c:\program files\home cinema\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\program files\home cinema\powercinema\PCMService.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &AOL Toolbar search
IE: &Google Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-15 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-15 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-15 107272]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2005-10-19 72320]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-15 903960]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-15 298264]
S0 rseb;rseb; [x]

=============== Created Last 30 ================

2009-01-31 17:38 <DIR> --d----- c:\documents and settings\grantyy\Phone Browser
2009-01-31 17:16 <DIR> --d----- c:\program files\common files\Nokia
2009-01-31 17:16 13,312 a------- c:\windows\system32\drivers\nmwcdcm.sys
2009-01-31 17:16 13,312 a------- c:\windows\system32\drivers\nmwcdcj.sys
2009-01-31 17:16 8,704 a------- c:\windows\system32\drivers\nmwcdc.sys
2009-01-31 17:16 127,488 a------- c:\windows\system32\drivers\nmwcd.sys
2009-01-31 17:16 30,720 a------- c:\windows\system32\nmwcdcocls.dll
2009-01-31 17:16 4,608 a------- c:\windows\system32\nmwcdlog.dll
2009-01-31 17:16 50,688 a------- c:\windows\system32\nmwcdcls.dll
2009-01-31 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-01-31 17:15 <DIR> --d----- c:\program files\common files\PCSuite
2009-01-31 17:15 <DIR> --d----- c:\program files\Nokia
2009-01-31 15:24 <DIR> --d----- c:\windows\system32\scripting
2009-01-31 15:24 <DIR> --d----- c:\windows\l2schemas
2009-01-31 15:24 <DIR> --d----- c:\windows\system32\en
2009-01-31 15:24 <DIR> --d----- c:\windows\system32\bits
2009-01-31 15:20 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-31 15:14 <DIR> --d----- c:\windows\EHome
2009-01-31 01:48 2 a------- c:\windows\msoffice.ini
2009-01-30 18:50 <DIR> --d----- c:\program files\AnalogX
2009-01-30 04:04 <DIR> --d----- C:\Poker
2009-01-30 03:20 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-30 03:19 <DIR> --d----- C:\ae7937f647cb345caf2bd7e6c6a542
2009-01-30 03:18 <DIR> --d----- C:\2ba2ee850be67c8b7681207f
2009-01-30 03:17 <DIR> --d----- C:\cd30cb597cabb48acff47653ecf2
2009-01-22 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2009-01-22 19:13 49,152 a------- c:\windows\system32\E_DCINST.DLL
2009-01-22 19:13 75,264 a------- c:\windows\system32\E_FLBBNE.DLL
2009-01-22 19:13 62,976 a------- c:\windows\system32\E_FD4BBNE.DLL
2009-01-22 19:08 <DIR> --d----- c:\program files\EPSON
2009-01-22 19:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-01-21 11:46 324 a------- c:\docume~1\grantyy\applic~1\wklnhst.dat
2009-01-20 01:23 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-01-20 01:23 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-01-20 01:23 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-01-20 01:23 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-01-20 01:23 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-01-20 01:21 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2009-01-20 01:20 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-01-20 01:14 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 01:14 <DIR> --d----- c:\windows\Logs
2009-01-19 22:12 1,409 a------- c:\windows\QTFont.for
2009-01-19 22:12 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-17 09:30 25,471 -------- c:\windows\system32\drivers\watv10nt.sys
2009-01-17 09:30 22,271 -------- c:\windows\system32\drivers\watv06nt.sys
2009-01-17 09:30 11,935 -------- c:\windows\system32\drivers\wadv11nt.sys
2009-01-17 09:30 11,871 -------- c:\windows\system32\drivers\wadv09nt.sys
2009-01-17 09:30 11,807 -------- c:\windows\system32\drivers\wadv07nt.sys
2009-01-17 09:30 11,295 -------- c:\windows\system32\drivers\wadv08nt.sys
2009-01-17 09:28 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2009-01-16 21:35 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-16 21:35 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-16 21:34 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-16 21:34 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-16 21:34 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-16 21:33 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-16 21:33 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-16 21:33 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-16 21:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 21:32 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-16 21:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-16 21:32 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-16 21:29 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-01-16 21:29 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-01-16 21:29 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-16 21:29 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-01-16 20:02 <DIR> --d----- c:\program files\Lavasoft
2009-01-16 17:07 <DIR> --d----- c:\windows\ERUNT
2009-01-16 17:00 <DIR> --d----- C:\SDFix
2009-01-16 16:49 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 16:35 <DIR> --d----- c:\program files\Safer Networking
2009-01-16 15:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-16 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-16 15:50 <DIR> --d----- c:\program files\Trend Micro
2009-01-15 23:59 <DIR> --d----- c:\windows\pss
2009-01-15 22:11 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-15 22:04 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-15 22:04 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 22:03 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-15 22:03 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-15 22:03 <DIR> --d----- c:\docume~1\grantyy\applic~1\AVGTOOLBAR
2009-01-15 22:03 <DIR> --d----- c:\program files\AVG
2009-01-15 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-15 21:31 73,728 a------- c:\windows\ALCFDRTM.EXE
2009-01-15 21:31 <DIR> --dsh--- c:\documents and settings\grantyy\UserData
2009-01-15 21:31 <DIR> --d----- c:\documents and settings\Grantyy
2009-01-15 21:31 <DIR> --d----- c:\docume~1\grantyy\applic~1\You've Got Pictures Screensaver
2009-01-15 21:31 <DIR> --d----- c:\docume~1\grantyy\applic~1\AOL
2009-01-15 21:19 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-15 21:19 61,696 a------- c:\windows\system32\drivers\ohci1394.sys
2009-01-15 21:19 53,376 a------- c:\windows\system32\drivers\1394bus.sys
2009-01-15 21:19 6,400 a------- c:\windows\system32\drivers\enum1394.sys

==================== Find3M ====================

2009-01-31 15:26 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2005-10-19 10:21 8 ---shr-- c:\windows\system32\C72AA29016.sys
2005-10-19 10:21 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:42:33.65 ===============

Attached Files



#5 Grantyy

Grantyy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 01 February 2009 - 03:43 PM

I forgot to add also I was getting some advertising on ordinary web pages for a product called mysecuritycentre, I have also had quite a lot of emails about this software, maybe this is ordinary but I know that people do onfect your system and then offer the solution at a cost of course.
I am also having problems with pop ups which I want to appear for instance on a web page I want a footballers profile which should pop up in its own box but it used to be mooth now I have to click on another tab then go back to the page to get it to work, are these controlled by flash player or active X?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:01 AM

Posted 01 February 2009 - 04:15 PM

Hi,

There's nothing suspicious here. If you see ads on some pages, it doesn't mean that your computer is infected. If I visit the same page, I'll see the same ads as well. The ads are just present there and there's nothing you can do about it. This has nothing to do with the fact that your computer is infected.
The same goes for popups if you visit a certain page. If I would visit the same page, I would get the popup as well.
You may format and reinstall your computer for 50 times, if you visit the same page afterwards, you'll get the same popup, or you'll see the same ad, or you get the same tracking cookie.
This is the internet and that's how it goes. It would have been a problem if you get popups all the time while your browser is closed - but in your case, it's totally different.
As I explained, I would see the same ads or get the same popups if I visit the same page you are visiting.

So.. please don't be paranoid. :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:01 AM

Posted 05 February 2009 - 07:00 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users