Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ad4.doubleclicker.net redirect from FireFox


  • Please log in to reply
1 reply to this topic

#1 GermInUSA

GermInUSA

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 16 February 2009 - 09:00 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Alexander Ehrath at 17:58:33.35 on Mon 02/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.863 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\mysql\bin\mysqld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
c:\program files\idt\intelxpv_v52\wdm\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\VisualSVN Server\bin\httpd.exe
C:\Program Files\VisualSVN Server\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Alexander Ehrath\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {7ffbd773-f3a7-4f40-a6ce-4bd25c3a0a69} - c:\windows\system32\efcArSkj.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Start WingMan Profiler]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\ypager.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FFTI] c:\documents and settings\alexander ehrath\application data\mozilla\firefox\profiles\ez06ujtj.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\alexander ehrath\application data\mozilla\firefox\profiles/ez06ujtj.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ShowIcon_The Company_CRW Series Driver v1.16e056] "c:\program files\crw\shwicon.exe" -t"the company\CRW Series Driver v1.16e056"
mRun: [Sunkist] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero8\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero8\incd\InCD.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alexan~1\startm~1\programs\startup\marvel~1.lnk - c:\program files\marvell\raid\tray\RaidTray.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158466969390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: awttuvuT - awttuvuT.dll
AppInit_DLLs: nfksxz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexan~1\applic~1\mozilla\firefox\profiles\ez06ujtj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
FF - HiddenExtension: XUL Cache: {1054DF9C-36E8-4E2D-A729-E3FC89D5353B} - c:\windows\system32\config\systemprofile\local settings\application data\{1054df9c-36e8-4e2d-a729-e3fc89d5353b}\

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-10-31 143360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-20 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-20 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-20 107272]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2008-8-24 651264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-20 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-20 298264]
R2 AWService;Admin Works Agent X8;c:\program files\intel\idu\awServ.exe [2006-12-27 74520]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2007-5-17 3584]
R2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [2007-3-28 50720]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2007-8-25 5152]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\raid\svc\mvraidsvc.exe [2007-10-24 147456]
R2 MRUWebService;MRU Web Service;c:\program files\marvell\raid\apache2\bin\httpd.exe [2007-8-24 20539]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-6-10 53032]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2006-6-5 135168]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-1-25 6784]
R2 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2007-5-17 3567]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-9-27 1373480]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-9-16 33792]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys);c:\windows\system32\drivers\ezusb.sys [2007-3-28 27507]
S2 OpenSSHd;OpenSSH Server;c:\program files\openssh\bin\cygrunsrv.exe [2004-4-18 36864]
S2 VisualSVNServer;VisualSVN Server;c:\program files\visualsvn server\httpd-wrapper.bat [2008-3-14 181]
S3 cpuz129;cpuz129;\??\c:\docume~1\alexan~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\alexan~1\locals~1\temp\cpuz_x32.sys [?]
S3 DmodUsb;DmodUsb;c:\windows\system32\drivers\dmodusb.sys [2006-8-28 17408]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-10-23 269824]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\msdevstd\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-02-16 11:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Wal-Mart
2009-02-16 11:54 <DIR> --d----- c:\program files\Wal-Mart
2009-02-16 11:54 <DIR> --d----- c:\docume~1\alexan~1\applic~1\Wal-Mart
2009-02-16 10:32 <DIR> --d----- c:\program files\Runtime Software
2009-02-15 10:30 <DIR> --d----- c:\windows\pss
2009-02-11 08:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-11 08:39 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-11 08:39 <DIR> --d----- c:\docume~1\alexan~1\applic~1\SUPERAntiSpyware.com
2009-02-09 09:14 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-02-07 01:10 <DIR> --d----- c:\docume~1\alexan~1\applic~1\Malwarebytes
2009-02-07 01:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 01:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 01:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-06 01:57 5,510 a------- c:\windows\system32\tmp.reg
2009-01-21 02:21 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-20 21:41 <DIR> --d----- c:\program files\nLite
2009-01-20 01:25 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-20 01:25 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-20 01:25 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-20 01:25 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-20 01:25 <DIR> --d----- c:\docume~1\alexan~1\applic~1\AVGTOOLBAR
2009-01-20 01:25 <DIR> --d----- c:\program files\AVG
2009-01-20 01:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-18 18:39 1,604 a------- c:\windows\ATICIM.INI

==================== Find3M ====================

2009-01-05 14:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-14 12:52 368,640 a------- c:\windows\system32\ReWire.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 11:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-11-19 10:03 31,744 a------- c:\windows\system32\Walmart Photo Screensaver.scr
2008-08-16 12:33 56 a------- c:\documents and settings\alexander ehrath\killskype.bat
2008-06-19 07:04 15 a------- c:\documents and settings\alexander ehrath\gwSettings.dat
2006-12-06 22:45 65 a------- c:\documents and settings\alexander ehrath\reset1394.bat
2006-06-05 11:23 32 a--sh--- c:\windows\{08B64915-C71D-47DC-A5BF-18D0B6322486}.dat
2006-06-05 11:24 32 a--sh--- c:\windows\{1276CC6F-C8A2-47FC-AA88-105F50F96B33}.dat
2006-06-05 11:21 32 a--sh--- c:\windows\{2BDC9388-BB62-4362-8CF3-98ADF26CABD7}.dat
2006-06-05 11:21 32 a--sh--- c:\windows\{72E89444-ED0B-4B6E-BF26-9C9D7BE39B04}.dat
2006-06-05 11:23 32 a--sh--- c:\windows\{EC074B78-97B4-4D38-ACC6-8EF5E00603FD}.dat
2006-06-05 11:21 32 a--sh--- c:\windows\{F95ED5D2-32AF-4B9D-A557-701DDD8D10D0}.dat
2006-06-05 11:21 32 a--sh--- c:\windows\system32\{13556EE6-D794-4CFD-AB2D-2BE00652D95C}.dat
2006-06-05 11:21 32 a--sh--- c:\windows\system32\{1C8B70DD-475D-44F4-88FF-4B7C4E5F31DA}.dat
2006-06-05 11:21 32 a--sh--- c:\windows\system32\{27689A33-9D38-469E-96BF-62635B992707}.dat
2006-06-05 11:24 32 a--sh--- c:\windows\system32\{2EF26311-2225-417A-98EF-E1DFE76D8FE1}.dat
2006-06-05 11:23 32 a--sh--- c:\windows\system32\{63168C6F-6187-4CC5-90F8-EA5B85753E68}.dat
2006-06-05 11:23 32 a--sh--- c:\windows\system32\{8E850937-7468-4074-B7D4-021534198C39}.dat

============= FINISH: 17:58:44.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:11 PM

Posted 24 February 2009 - 01:14 PM

Hello GermInUSA and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users