Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 Semiquaver

Semiquaver

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 03 March 2009 - 07:39 PM

Looks like a pretty common problem around here...I get constant redirects, especially to the website btcar.com. I removed a few infections manually but this one set immediately. It's odd; this is a fresh XP install and the only things I can remember installing were SP2/SP3, FF3, and CCleaner.... Anyway, is there anything in this DDS log that could help solve my problem? Thanks very much in advance for y'all's help.



DDS (Ver_09-02-01.01) - NTFSx86
Run by Ted Hendershot at 16:28:15.68 on Tue 03/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.952 [GMT -8:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Documents and Settings\Ted Hendershot\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\TEDHEN~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\TEDHEN~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\TEDHEN~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Ted Hendershot\My Documents\dds.scr

============== Pseudo HJT Report ===============

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\ted hendershot\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [<NO NAME>]
uRun: [ATI Remote Control] "c:\program files\ati multimedia\remctrl\ATIRW.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
StartupFolder: c:\docume~1\tedhen~1\startm~1\programs\startup\anapod~1.lnk - c:\program files\red chair software\anapod explorer\anamgr.exe
StartupFolder: c:\docume~1\tedhen~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\tedhen~1\startm~1\programs\startup\torren~1.lnk - c:\program files\utorrent\uTorrent.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234160704156
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tedhen~1\applic~1\mozilla\firefox\profiles\zn3n6c2z.degauss\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: network.proxy.http - 127.0.0.0
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\documents and settings\ted hendershot\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
//This file last modified on 10:18 AM 4/10/2005 by techlifeblogged[at]gmail.com
//This is basically everything laszlo had in his original post and atmodified as I read through
//the forum
//hxxp://forums.mozillazine.org/viewtopic.php?t=53650&postdays=0&postorder=asc&postsperpage=15&start=0

//All of this goes in a text file called user.js in your profile folder
//the location of your profile folder depends on your operating system
//Go here to find out where yours is hxxp://www.mozilla.org/support/firefox/edit#profile
//And hxxp://www.mozilla.org/support/firefox/edit#user

//!!IMPORTANT!! Some of this needs to be optomized to the speed of your connection!
//Scroll down near the bottom of the page to the special section you need to modify.

//Everyone can benefit from these settings
FF - user.js: general.smoothScroll - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: config.trim_on_minimize - false //Load quicker from a minimized state
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.maxtextrun - 8191
FF - user.js: plugin.expose_full_path - true // Show full path to plugins in about:plugins
FF - user.js: ui.submenuDelay - 0 //Speeds up submenus like Bookmarks
FF - user.js: browser.xul.error_pages.enabled - true // Instead of annoying error dialog messages, display pages
FF - user.js: browser.cache.memory.capacity - 16000 // Prevent memory leak
FF - user.js: browser.display.show_image_placeholders - false //To have images load like IE

//for general network performance
FF - user.js: network.dnsCacheExpiration - 360 // 6 minutes
FF - user.js: network.dnsCacheEntries - 100
FF - user.js: network.dns.disableIPv6 - true
FF - user.js: network.ftp.idleConnectionTimeout - 60 // 1 minute
FF - user.js: network.http.keep-alive.timeout - 30
FF - user.js: network.http.request.max-start-delay - 5
FF - user.js: network.http.connect.timeout - 30
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4

//switch to enable caching of objects served over a secure connection
//WARNING: Setting this to true could be a potential security issue because SSL pages can contain personal information
//that you might not want floating around on your PC.
FF - user.js: browser.cache.disk_cache_ssl - false

// Let remote content link to local (file://) content. This is needed for intranets.
// hxxp://bugzilla.mozilla.org/show_bug.cgi?id=84128#c20
FF - user.js: security.checkloaduri - false

//This could be a potential security risk if set to true. See thread hxxp://forums.mozillazine.org/viewtopic.php?t=53650&postdays=0&postorder=asc&postsperpage=15&start=75
FF - user.js: signed.applets.codebase_principal_support - false

//==========================================================================================================
//---Begin Special Section based on what type of computer and connection speed you have---
//Change nglayout.initialpaint.delay based on how fast your connection is.
//Higher for slow connections lower for fast.
//recalculate the rest of the settings as commented after each line.
FF - user.js: nglayout.initialpaint.delay - 200 //Try 100 for fast, 750 for dial-up.
FF - user.js: content.notify.interval - 200000 //1000 * nglayout.initialpaint.delay (don't go below 100000)
FF - user.js: content.switch.threshold - 200000 //1000 * nglayout.initialpaint.delay
FF - user.js: content.max.tokenizing.time - 600000 //3 * content.notify.interval
//---End Special Section based on what type of computer and connection speed you have---
//==========================================================================================================

// From Laszlo: If these settings don't give you an improvement,
// you could play with the content. and .initialpaint.delay
// settings. As said above, I got the best results by keeping them
// in synch as in the given example (750000 and 750) while setting
// max.tokenizing.time to a multiple of switch.threshold
// (greater 3; with the values of the above example:
// 3 * 750000 = 2250000, 4 * 750000 = 3000000, ...).
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-3-3 38144]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2009-3-3 273280]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\tedhen~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-3-3 70144]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-9 34760]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-8-29 3584]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 CLMC;CLMC;c:\docume~1\tedhen~1\locals~1\temp\CLMC.exe [2009-2-9 531328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-2-16 21376]

=============== Created Last 30 ================

2009-03-03 16:11 <DIR> --d----- c:\program files\iLyrics
2009-03-03 15:14 1,081,616 a------- c:\windows\system32\MSCOMCTL.OCX
2009-03-03 15:11 <DIR> --d----- C:\fsaua.data
2009-03-03 15:06 <DIR> --d----- c:\program files\Trend Micro
2009-03-03 14:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\X10 Settings
2009-03-03 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATI MMC
2009-03-03 14:10 257,872 a------- c:\windows\system32\drivers\atirwvd.sys
2009-03-03 14:10 9,091 a------- c:\windows\system32\drivers\atirwrf.sys
2009-03-03 14:10 <DIR> --d----- c:\program files\common files\ATI
2009-03-03 14:10 <DIR> --d----- c:\program files\ATI Multimedia
2009-03-03 09:20 21,035 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-03 09:20 273,280 a----r-- c:\windows\system32\drivers\BLKWGU.sys
2009-03-03 09:20 <DIR> --d----- c:\windows\OPTIONS
2009-03-03 09:20 273,280 -----r-- c:\windows\system\BLKWGU.sys
2009-03-03 09:20 38,144 a------- c:\windows\system32\drivers\EAPPkt.sys
2009-03-03 09:20 <DIR> --d----- c:\windows\system32\Belkin Wireless G USB Adapter Software
2009-03-03 09:20 <DIR> --d----- c:\program files\Belkin
2009-02-20 12:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2009-02-20 12:30 <DIR> --d----- c:\program files\Last.fm
2009-02-19 23:56 377,151 a--shr-- C:\bootmgr
2009-02-19 23:56 <DIR> --dsh--- C:\Boot
2009-02-19 23:48 1,908 a------- c:\windows\diagwrn.xml
2009-02-19 23:48 1,908 a------- c:\windows\diagerr.xml
2009-02-16 23:09 <DIR> --d----- c:\program files\common files\Stardock
2009-02-16 22:28 22,912 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-02-16 22:28 21,248 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-02-16 22:28 12,672 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-02-16 22:28 <DIR> --d----- c:\program files\LG Electronics
2009-02-16 22:19 21,376 a------- c:\windows\system32\drivers\sustucau.sys
2009-02-16 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-02-16 18:07 <DIR> --d----- c:\program files\BitPim
2009-02-16 18:04 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-02-16 18:04 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-02-16 17:42 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-02-15 20:37 <DIR> --d----- c:\docume~1\tedhen~1\applic~1\Red Chair Software
2009-02-15 20:37 <DIR> --d----- c:\program files\Red Chair Software
2009-02-15 01:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-15 01:04 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-15 01:03 <DIR> --d----- c:\program files\iPod
2009-02-15 01:03 <DIR> --d----- c:\program files\iTunes
2009-02-15 01:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 01:03 <DIR> --d----- c:\program files\Bonjour
2009-02-15 01:02 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-15 00:54 <DIR> --d----- c:\program files\iPodRip
2009-02-14 17:22 <DIR> --d----- c:\docume~1\tedhen~1\applic~1\DAEMON Tools Pro
2009-02-14 13:11 <DIR> --d-h--- C:\BJPrinter
2009-02-14 10:31 228,152 a------- c:\windows\system32\xa386199140.exe
2009-02-14 10:31 228,152 a------- c:\windows\system32\xa386198906.exe
2009-02-14 09:57 42,672 a------- c:\windows\system32\wbsys.dll
2009-02-14 09:53 <DIR> --d----- c:\program files\Stardock
2009-02-13 22:59 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-02-12 00:15 <DIR> --d----- c:\program files\SecondLifeReleaseCandidate
2009-02-11 23:48 <DIR> --d----- c:\program files\XBMC
2009-02-11 00:05 <DIR> --d----- c:\program files\Extreme Picture Finder 3
2009-02-11 00:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Extreme Picture Finder
2009-02-10 23:34 <DIR> --d----- c:\program files\WinPcap
2009-02-10 23:32 <DIR> --d----- c:\program files\SoftByte Labs
2009-02-09 23:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-02-09 23:33 <DIR> --d----- c:\program files\VideoLAN
2009-02-09 23:16 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-02-09 02:35 <DIR> --d----- c:\program files\Unlocker
2009-02-09 02:31 <DIR> --d----- c:\program files\WinDirStat
2009-02-09 02:06 <DIR> --d----- c:\program files\RocketDock
2009-02-09 02:06 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-09 02:06 <DIR> --d----- c:\docume~1\tedhen~1\applic~1\DAEMON Tools Lite
2009-02-09 02:06 <DIR> --d----- c:\program files\Shock Utility
2009-02-09 02:05 65,536 a------- c:\windows\IFinst27.exe
2009-02-09 01:39 <DIR> --d----- c:\docume~1\tedhen~1\applic~1\Realtime Soft
2009-02-09 01:39 <DIR> --d----- c:\program files\common files\Realtime Soft
2009-02-09 01:39 <DIR> --d----- c:\program files\UltraMon
2009-02-09 01:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Realtime Soft
2009-02-09 01:20 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-09 01:19 1,676,288 ac------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-09 01:19 597,504 ac------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-09 01:19 575,488 ac------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-09 01:19 89,088 ac------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-09 01:19 1,676,288 a------- c:\windows\system32\xpssvcs.dll
2009-02-09 01:19 575,488 a------- c:\windows\system32\xpsshhdr.dll
2009-02-09 01:19 117,760 a------- c:\windows\system32\prntvpt.dll
2009-02-09 01:19 <DIR> --d----- C:\4f4759e51252b91f72791586253849b2
2009-02-09 01:12 <DIR> --d----- C:\RootkitNO
2009-02-09 01:03 34,760 a------- c:\windows\system32\drivers\Partizan.sys
2009-02-09 01:03 32,480 a------- c:\windows\system32\Partizan.exe
2009-02-09 01:03 2 a--shrot c:\windows\winstart.bat
2009-02-09 01:03 12,752 a------- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-02-09 01:03 <DIR> --d----- c:\program files\UnHackMe
2009-02-09 00:44 <DIR> --d----- C:\fixwareout
2009-02-09 00:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-09 00:24 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-09 00:24 <DIR> --d----- c:\program files\Lavasoft
2009-02-09 00:11 <DIR> --d----- c:\windows\system32\Lang
2009-02-09 00:11 0 a------- c:\windows\ativpsrm.bin
2009-02-09 00:09 <DIR> --d----- c:\program files\ATI
2009-02-09 00:08 593,920 a------- c:\windows\system32\ati2sgag.exe
2009-02-09 00:08 <DIR> --d----- c:\program files\ATI Technologies
2009-02-09 00:08 <DIR> --d----- C:\ATI
2009-02-08 23:59 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 23:54 <DIR> --d----- c:\program files\uTorrent
2009-02-08 23:54 <DIR> --d----- c:\docume~1\tedhen~1\applic~1\uTorrent
2009-02-08 23:54 <DIR> --d----- c:\program files\CCleaner
2009-02-08 23:53 <DIR> --d----- c:\program files\Realtek
2009-02-08 23:52 75,264 a------- c:\windows\system32\drivers\gaopdxevxbqitv.sys
2009-02-08 23:52 4 a------- c:\windows\system32\gaopdxcounter
2009-02-08 23:28 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-02-08 23:28 568 a---h--- c:\windows\nod32fixtemdono.reg
2009-02-08 23:27 <DIR> --d----- c:\program files\ESET
2009-02-08 23:09 6,066,176 ac------ c:\windows\system32\dllcache\ieframe.dll
2009-02-08 23:09 2,455,488 ac------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-08 23:09 991,232 ac------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-08 23:09 459,264 ac------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-08 23:09 383,488 ac------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-08 23:09 267,776 ac------ c:\windows\system32\dllcache\iertutil.dll
2009-02-08 23:09 63,488 ac------ c:\windows\system32\dllcache\icardie.dll
2009-02-08 23:09 52,224 ac------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-08 23:09 13,824 ac------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-08 23:06 333,952 ac------ c:\windows\system32\dllcache\srv.sys
2009-02-08 23:04 272,128 ac------ c:\windows\system32\dllcache\bthport.sys
2009-02-08 23:04 203,136 ac------ c:\windows\system32\dllcache\rmcast.sys
2009-02-08 22:58 <DIR> --d----- c:\windows\system32\scripting
2009-02-08 22:58 <DIR> --d----- c:\windows\l2schemas
2009-02-08 22:58 <DIR> --d----- c:\windows\system32\en
2009-02-08 22:55 <DIR> --d----- c:\windows\network diagnostic
2009-02-08 22:40 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-08 22:40 <DIR> --d----- c:\windows\peernet
2009-02-08 22:40 <DIR> --d----- c:\windows\provisioning
2009-02-08 22:39 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-08 22:38 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-08 22:37 <DIR> --d----- c:\windows\EHome
2009-02-08 22:36 67,866 a------- c:\windows\system32\drivers\netwlan5.img
2009-02-08 22:36 11,264 a------- c:\windows\system32\spnpinst.exe
2009-02-08 22:36 7,208 a------- c:\windows\system32\secupd.sig
2009-02-08 22:36 4,569 a------- c:\windows\system32\secupd.dat
2009-02-08 22:32 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-08 22:32 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-08 22:32 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-02-08 22:32 <DIR> --d-h--- c:\windows\$hf_mig$
2009-02-08 22:32 <DIR> --d----- c:\windows\system32\bits
2009-02-08 22:31 438,784 a------- c:\windows\system32\xpob2res.dll
2009-02-08 22:31 354,304 a------- c:\windows\system32\winhttp.dll
2009-02-08 22:31 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-02-08 22:31 8,192 a------- c:\windows\system32\bitsprx2.dll
2009-02-08 22:31 7,168 a------- c:\windows\system32\bitsprx3.dll
2009-02-08 22:30 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-02-08 22:30 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-02-08 22:30 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-02-08 22:30 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-08 22:30 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-02-08 22:25 <DIR> --ds---- c:\documents and settings\ted hendershot\UserData
2009-02-08 22:19 <DIR> --dsh--- c:\windows\Installer
2009-02-08 22:19 <DIR> --d----- c:\documents and settings\Ted Hendershot
2009-02-08 22:14 13,588 a------- c:\windows\system32\wpa.bak
2009-02-08 22:08 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-08 22:06 1,158,818 ac------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-08 22:05 299,552 a------- c:\windows\WMSysPrx.prx
2009-02-08 22:05 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-08 22:04 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-08 22:03 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-08 22:03 <DIR> --d----- c:\program files\Online Services
2009-02-08 22:03 <DIR> --d----- c:\program files\Messenger
2009-02-08 22:03 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-08 22:02 <DIR> --d----- c:\program files\Windows NT
2009-02-08 13:56 <DIR> --d----- c:\program files\common files\ODBC
2009-02-08 13:56 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-02-08 13:55 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-02-08 23:00 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-08 22:05 2,678 a------- c:\windows\java\packages\data\KNVJD7ZD.DAT
2009-02-08 22:05 558,142 a------- c:\windows\java\packages\LBHZXZ9N.ZIP
2009-02-08 22:05 2,678 a------- c:\windows\java\packages\data\L7DZPN5R.DAT
2009-02-08 22:05 155,995 a------- c:\windows\java\packages\813HFZB5.ZIP
2009-02-08 22:05 2,678 a------- c:\windows\java\packages\data\W4C1R9VD.DAT
2009-02-08 22:05 2,678 a------- c:\windows\java\packages\data\HBRBT7F7.DAT
2009-02-08 22:05 2,678 a------- c:\windows\java\packages\data\F5BRPVV9.DAT
2009-02-08 22:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-13 23:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-13 21:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-13 20:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-13 20:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-13 20:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-13 20:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-13 20:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-13 20:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-13 20:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-13 20:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-13 20:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-13 20:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-13 20:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-13 20:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-13 20:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-13 20:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-13 20:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-13 19:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 19:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-13 19:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 19:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-13 19:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-13 19:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-13 19:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-13 18:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 18:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 18:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll

============= FINISH: 16:28:55.76 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:17 AM

Posted 16 March 2009 - 08:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:17 AM

Posted 22 March 2009 - 11:11 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users