Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected all the time and no antivirus spyware or windows updates


  • This topic is locked This topic is locked
2 replies to this topic

#1 prentle

prentle

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 06 February 2009 - 03:23 AM

Hello all, I can see you do a great job from other user posts.

Since yesterday I have had a problem similar to others on this thread. I think I have a dns changer but am not sure how to get rid of it. I have tried MBAM which found and removed a bunch of stuff and now I am trying adaware and superantispyware. I ran both of these last night and they found some tracking cookies and a piece of malware each, but still anytime I go to any valid antispyware sites, try to download updates for software or even windows update they are blocked.

I used to be able to run spybot S&D but now whenever I try to run it, it crashes. Also cannot run kaspersky online scan even when I run explorer as administrator, it cannot download updates to that either. I tried re-installing spybot but got the blue screen of doom with an internal kernel handle error I think it was.

I have attached hijack this report files. I hope you can help. BTW I have notice a lot of entries under regedit, HKLM\system\controlset001\services\tcpip\interfaces\parameters

There are controlset001 and controlset 003 as well as TCPIP and TCPIP6 (I have no idea if this is relevant.

I am running wired to a netgear wireless router too.

----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:30, on 06/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: D - {43C2C4FF-BE31-348A-B7A2-27E78625072E} - C:\Windows\system32\xwr37959.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {c721f265-e1cc-4e1b-a915-3d71cf2deccc} - (no file)
O2 - BHO: (no name) - {E3DCCBC9-B39B-4A2C-9BBA-11058A4D65DD} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; FDM; .NET CLR 1.1.4322; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\Windows\system32\dewozuzi.dll c:\windows\system32\doyafese.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vturr - vturr.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9630b7975f0af) (gupdate1c9630b7975f0af) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkma.exe (file missing)

--
End of file - 11125 bytes


-------------------------------------------------------------------------------------------------------------------

1.5
3Planesoft Screensaver Manager 1.2
7-Zip 4.60 beta
ACDSee Pro 2
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AGEIA GAME System Software 2.8.0
. ( )
America's Army Deploy Client
Armagetron Advanced 0.2.8.2.1.gcc
Ashampoo WinOptimizer 5.04
ASIO4ALL
Astro Gemini Screensaver Manager 1.2
AVG Free 8.0
Battle.net
BattleForge
Be Rich 1.00
BFME2 Widescreen Enhanced 1.0
BroadJump Client Foundation
Burnout™ Paradise The Ultimate Box
Caesar 3
Caesar IV
CCleaner (remove only)
CDisplay 1.8
City Life 2008
ClearSkinFX for Digital Cameras
coolplay
Creative Jukebox Driver
Creative MediaSource
Creative MediaSource AudioSync Plugin
Creative Zen Touch
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.6
Dream Aquarium
EA Download Manager
eMule
EPSON Photo Print
EPSON Scan
Everyday Shooter
Fallout 3
FaxRedist
Fraps (remove only)
Free Download Manager 2.0
Gears of War
Google Earth
Google Earth Plugin
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update
Google Updater
GTK+ 2.8.18-1 runtime environment
GtkRadiant 1.5.0
Guitar Pro 5.2
Haali Media Splitter
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Lost Coast
Harvest Massive Encounter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
HP Imaging Device Functions 9.0
HP My Display
HP Photosmart Cameras 9.0
HP Photosmart Essential 3.0
HP Solution Center 9.0
HP Update
Indeo Software
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 7
JFK Reloaded 1.1
king.com (remove only)
Koi Solitaire
Kong version 1.1.0
KrabbitWorld Labyrinth 1.18
Laxius Force Free Trial
LEGO Star Wars II
LEGO Batman
Lexmark 1200 Series
Lexmark Fax Solutions
Magic ISO Maker v5.4 (build 0251)
MCF Return To Ravenhearst 1.01
MediaCoderSE 0.5.1
Merv Griffins Crosswords
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Application Compatibility Database
Microsoft Windows Media Video 9 VCM
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mirror's Edge
Monster Trucks Nitro
Morrowind
MSI Live
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Mutant Storm
MySQL Connector/ODBC 3.51
Mystery PI: The New York Fortune Demo
neroxml
NetObjects Fusion 11.0
Neverwinter Nights 2
NVIDIA Drivers
NVIDIA PhysX
NVIDIA WDM Drivers
Oblivion
Oblivion mod manager 1.1.8
OpenAL
Overlord
Pando Media Booster
PDF Settings
Peggle (remove only)
Pharaoh
Pivot Software
Platypus
Power Tab Editor 1.7
PowerISO
Project64 1.6
ProtectDisc Driver, Version 11
Pyroblazer Demo
QuickTime
Rainbow Six 3: Gold
RealArcade
RealPlayer
Realtek AC'97 Audio
Recover My Files
RGSS-RTP Standard
Ricochet Infinity
Ricochet Lost Worlds
Rise of the Argonauts
Riva FLV Player
Rockstar Games Social Club
RotWK Widescreen Enhanced 1.0
S.T.A.L.K.E.R. - Clear Sky [v1.0007]
ScanToWeb
SDK
SecondLife (remove only)
Secret Maryo Chronicles
Security Update for Windows Media Encoder (KB954156)
SequoiaView
ShellExView
Shockwave
Sierra Utilities
SimCity 4
Smart Mod Manager
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Songsmith
Source Dedicated Server
Source SDK Base - Orange Box
Space Giraffe PC
Spybot - Search & Destroy
Spyware Terminator
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Stargate Empire at War
StarTopia
Steam
SUPERAntiSpyware Free Edition
SWF & FLV Player 3.0 (build 3.0.33.5106)
Synergy
System Requirements Lab
Tag - IGF Professional 2008
Team Fortress 2
Team Fortress 2 Dedicated Server
TES Construction Set
The Battle for Middle-earth ™ II
The GIMP 2.2.12
The Lord of the Rings - Conquest
The Lord of the Rings, The Rise of the Witch-king
THE SETTLERS - Rise of an Empire
The Typing of The Dead
Titan Quest
Titan Quest: Immortal Throne
Total Video Converter 3.02
Tower Bloxx Deluxe
ToyGolf Extreme
TQVault
TrackMania Nations Forever
Trials 2: Second Edition
Tribal Trouble
Ultimate Ride Disney Coaster
Ultra Fractal 4.04
UltraISO Premium V9.0
UltraStar Deluxe
Unity Web Player
USB GAME PAD
Viewpoint Media Player
Vista Codec Package
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
Visualboy Advance 1.6a
Vulture's
Vulture's Eye
Warhammer 40,000: Dawn of War II - Beta
WinAce Archiver
Windows Installer Clean Up
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinRAR archiver
WinUAE v0.8.8 R7
WinZip 11.2
World of Warcraft
X-Blades
XviD MPEG-4 Video Codec
Yahoo! Install Manager
Yahoo! Toolbar
Zombie Panic! Source
Zombie Shooter v 1.0
Zombpocalypse 0.9


---------------------------------------------------------------------------------------------------------------------------

StartupList report, 06/02/2009, 08:02:26
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18000)
* Using default options
==================================================

Running processes:

C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\conime.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
itype = "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
WinSys2 = C:\Windows\system32\startup.exe
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SpywareTerminator = "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
SoundMan = SOUNDMAN.EXE
NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Ad-Watch = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ehTray.exe = C:\Windows\ehome\ehTray.exe
Steam = "c:\program files\steam\steam.exe" -silent
igndlm.exe = C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
DAEMON Tools Lite = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
EA Core = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
RGSC = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Shockwave Updater = C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; FDM; .NET CLR 1.1.4322; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618)

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[not active]
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
FaxCenterServer = "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
hpqSRMon = C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
DT HPW = C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
lxczbmgr.exe = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
PivotSoftware = "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Ashampoo Core Tuner = "C:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe" -TRAY
SpywareTerminator = "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

[not active]
DAEMON Tools Lite = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
igndlm.exe = C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll,C:\Windows\system32\dewozuzi.dll c:\windows\system32\doyafese.dll

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\Windows\system32\xwr37959.dll (file missing) - {43C2C4FF-BE31-348A-B7A2-27E78625072E}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - {A057A204-BACC-4D26-9990-79A187E2698E}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
(no name) - (no file) - {c721f265-e1cc-4e1b-a915-3d71cf2deccc}
(no name) - (no file) - {E3DCCBC9-B39B-4A2C-9BBA-11058A4D65DD}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ad-Aware Update (Weekly).job
At2.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
Google Software Updater.job
GoogleUpdateTaskMachine.job

--------------------------------------------------

Enumerating Download Program Files:

[Facebook Photo Uploader 5]
InProcServer32 = C:\Windows\Downloaded Program Files\ImageUploader5.ocx
CODEBASE = http://upload.facebook.com/controls/Facebo...toUploader5.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\Windows\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\Windows\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/8/b...heckControl.cab

[System Requirements Lab Class]
InProcServer32 = C:\Windows\Downloaded Program Files\sysreqlab3.dll
CODEBASE = http://www.srtest.com/srl_bin/sysreqlab3.cab
OSD = C:\Windows\Downloaded Program Files\SysReqLab3.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\Windows\System32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[CDownloadCtrl Object]
InProcServer32 = C:\Program Files\Download Manager\DLMControl.dll
CODEBASE = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

[CTVUAxCtrl Object]
InProcServer32 = C:\Windows\Downloaded Program Files\npTVUAx.dll
CODEBASE = http://dl.tvunetworks.com/TVUAx.cab

[{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}]
CODEBASE = http://upload.facebook.com/controls/Facebo...toUploader2.cab

[Facebook Photo Uploader Control]
InProcServer32 = C:\Windows\Downloaded Program Files\FacebookPhotoUploader.ocx
CODEBASE = http://upload.facebook.com/controls/Facebo...otoUploader.cab

[{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}]
CODEBASE = http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
OSD = C:\Windows\Downloaded Program Files\SysReqLab2.osd

[GameLauncher Control]
InProcServer32 = C:\Windows\DOWNLO~1\GAMELA~1.OCX
CODEBASE = http://www.acclaim.com/cabs/acclaim_v5.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
CODEBASE = http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab

[Shockwave Flash Object]
InProcServer32 = C:\Windows\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\system32\wshbth.dll
NameSpace #6: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 12,490 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by prentle, 06 February 2009 - 03:29 AM.


BC AdBot (Login to Remove)

 


#2 prentle

prentle
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 07 February 2009 - 06:18 AM

This thread can be closed. I managed to fix the issue after multiple runs of malbytes antimalware and superantispyware. I did one run of each in normal mode, reboot, did the same again in safe mode, reboot and then again in normal mode. All gone %^)

Woot I can browse again.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:44 AM

Posted 07 February 2009 - 10:56 AM

Thanks for informing us.

Should you find other problems and you need it reopened, please contact a Forum Moderator.
Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

This thread is closed.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users