Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

findolink.com, gtracktool.com redirect (new?)


  • This topic is locked This topic is locked
3 replies to this topic

#1 tobaloke

tobaloke

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 25 March 2009 - 10:41 AM

Google comes up with absolutely ZILCH for results when searching for these re-direct websites. Whatever virus I've acquired seems to be smart enough not to let me go to specific anti-malware sites (i.e. malwarebytes.org); I get a 'Address Not Found' page. I can install/run certain apps, but not malwarebytes, windows malicious, etc.

This infection originally came to my attention when I would receive an "Windows cannot find 'RECYCLER\S-2-1-74-100010634-100014426-100001305-7196.com'" error when trying to open my C: and D: drives. I used Autorun Eater, which solved that issue, but my browsing is still being hijacked. Here is my HijackThis! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:46 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: http://www.gtracktool.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Philes\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tobias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [] C:\DOCUME~1\tobias\LOCALS~1\Temp\rt7l7f.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\tobias\LOCALS~1\Temp\rt7l7f.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\tobias\LOCALS~1\Temp\2267863912.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\admini~1\locals~1\temp\ntdll64.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CF69781-2339-42F6-899A-AF3DF7C8BB96}: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0A0BCD-CF41-4290-9E72-EDBACF9F3E55}: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.185,85.255.112.193
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

--
End of file - 5873 bytes



PLEASE HELP! You guys are AWESOME!!!

Thank you.

BC AdBot (Login to Remove)

 


#2 tobaloke

tobaloke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 25 March 2009 - 10:48 AM

...and here is my StartupList Report, if it will help:


StartupList report, 3/25/2009, 8:46:36 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP3 (6.00.2900.5512)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\tobias\Desktop\sdsetup.exe
C:\DOCUME~1\tobias\LOCALS~1\Temp\is-KANPI.tmp\sdsetup.tmp
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
SuperHybridEngine.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
ETDWare = C:\Program Files\Elantech\ETDCtrl.exe
ETDWareDetect = C:\Program Files\Elantech\ETDDect.exe
AsusTray = C:\Program Files\EeePC\ACPI\AsTray.exe
AsusACPIServer = C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor = C:\Program Files\EeePC\ACPI\AsEPCMon.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Malwarebytes' Anti-Malware = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
iTunesHelper = "D:\Program Philes\iTunes\iTunesHelper.exe"
Autorun Eater = C:\Program Files\Autorun Eater\oldmcdonald.exe
ISTray = "C:\Program Files\Spyware Doctor\pctsTray.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ICQ = "C:\Program Files\ICQ6.5\ICQ.exe" silent
Google Update = "C:\Documents and Settings\tobias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
(Default) = C:\DOCUME~1\tobias\LOCALS~1\Temp\rt7l7f.exe
Windows Resurections = C:\DOCUME~1\tobias\LOCALS~1\Temp\rt7l7f.exe
Diagnostic Manager = C:\DOCUME~1\tobias\LOCALS~1\Temp\2267863912.exe
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /H

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
GoogleUpdateTaskUserS-1-5-21-1894621940-579620462-791112059-1006.job
wambbics.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #27: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ntdll64.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 6,558 bytes
Report generated in 0.110 seconds


and my DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by tobias at 9:53:34.73 on Wed 03/25/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.447 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Philes\iTunes\iTunesHelper.exe
C:\Documents and Settings\tobias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\tobias\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [Google Update] "c:\documents and settings\tobias\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "d:\program philes\itunes\iTunesHelper.exe"
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\docume~1\admini~1\locals~1\temp\ntdll64.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.185,85.255.112.193
TCP: {4CF69781-2339-42F6-899A-AF3DF7C8BB96} = 85.255.112.185,85.255.112.193
TCP: {6B0A0BCD-CF41-4290-9E72-EDBACF9F3E55} = 85.255.112.185,85.255.112.193
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tobias\applic~1\mozilla\firefox\profiles\01x6s5yu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.eztv.it/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\tobias\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tobias\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program philes\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-25 130424]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-23 179856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-25 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-25 1095560]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-9-11 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-9-11 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2002-1-2 36864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-23 15504]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-11 625024]

=============== Created Last 30 ================

2009-03-25 08:45 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-25 08:45 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-25 08:45 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-25 08:45 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-25 08:45 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-25 08:45 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-25 08:45 <DIR> --d----- c:\docume~1\tobias\applic~1\PC Tools
2009-03-25 08:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-25 08:23 <DIR> --d----- c:\program files\Trend Micro
2009-03-24 11:31 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-24 07:44 <DIR> --d----- c:\program files\Autorun Eater
2009-03-23 11:08 103,936 a------- c:\windows\system32\ifixaedt.dll
2009-03-23 11:05 103,936 a------- c:\windows\system32\csvbalrj.dll
2009-03-23 11:03 446 a------- c:\windows\system32\win32hlp.cnf
2009-03-23 11:03 33,280 a------- c:\documents and settings\all users\fkmo.dll
2009-03-23 11:03 100,590 a------- c:\windows\system32\drivers\e2877d4a.sys
2009-03-23 11:02 1 a------- c:\windows\system32\uniq.tll
2009-03-23 11:02 <DIR> --dsh--- c:\windows\system32\twain32
2009-03-23 11:02 29,696 a------- c:\windows\system32\frmwrk32.ex_
2009-03-23 10:58 <DIR> --d----- c:\program files\Merchants of Brooklyn
2009-03-23 10:53 <DIR> --d----- c:\docume~1\tobias\applic~1\Local Settings
2009-03-23 10:50 37,376 a------- c:\windows\system32\drivers\WMDrive.sys
2009-03-23 10:50 <DIR> --d----- c:\program files\WinMount3
2009-03-22 18:29 <DIR> --d----- c:\docume~1\tobias\applic~1\Crayon Physics Deluxe
2009-03-22 18:29 <DIR> --d----- c:\program files\Crayon Physics Deluxe
2009-03-22 14:24 <DIR> --d----- c:\program files\iPod
2009-03-22 14:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-22 14:23 <DIR> --d----- c:\program files\Bonjour
2009-03-22 14:13 <DIR> --d----- c:\docume~1\tobias\applic~1\FairStars Audio Converter
2009-03-22 14:11 <DIR> --d----- c:\program files\FairStars Audio Converter
2009-03-21 18:32 <DIR> --d----- c:\program files\CDisplay
2009-03-18 12:19 <DIR> --d----- c:\docume~1\tobias\applic~1\MySpace
2009-03-18 12:19 <DIR> --d----- c:\program files\MySpace
2009-03-18 09:33 356,352 a------- c:\windows\system32\esell3658.dll
2009-03-18 09:26 <DIR> --d----- c:\program files\Volume Logic iTunes Plug-in
2009-03-18 09:25 <DIR> --d----- c:\docume~1\tobias\applic~1\Volume Logic iTunes Plug-in
2009-03-18 08:45 393,216 a------- c:\windows\system32\LameACM.acm
2009-03-18 08:45 401 a------- c:\windows\system32\lame_acm.xml
2009-03-08 10:41 18,944 ac------ c:\windows\system32\dllcache\lprmon.dll
2009-03-08 10:41 18,944 a------- c:\windows\system32\lprmon.dll
2009-03-08 10:41 22,528 ac------ c:\windows\system32\dllcache\lpdsvc.dll
2009-03-08 10:41 22,528 a------- c:\windows\system32\lpdsvc.dll
2009-03-08 04:18 <DIR> --d----- c:\program files\DivX
2009-03-07 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Soulseek
2009-03-07 18:23 <DIR> --d----- c:\program files\SoulseekNS
2009-02-26 23:06 <DIR> --d----- c:\program files\Native Instruments
2009-02-26 19:59 <DIR> --d----- c:\program files\ICQ6Toolbar
2009-02-26 19:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ICQ
2009-02-26 19:52 421,888 a------- c:\windows\system32\ac3filter.acm
2009-02-26 19:52 <DIR> --d----- c:\program files\AC3Filter
2009-02-26 19:49 <DIR> --d----- c:\program files\XviD
2009-02-26 19:49 <DIR> --d----- c:\program files\AviSynth 2.5
2009-02-26 19:45 31,232 a------- c:\windows\system\vdremote.dll
2009-02-26 19:45 25,088 a------- c:\windows\system\vdsvrlnk.dll
2009-02-26 19:45 <DIR> --d----- c:\program files\VirtualDub-1.8.1
2009-02-26 19:41 <DIR> --d----- c:\program files\AutoGK
2009-02-26 19:21 <DIR> --d----- c:\program files\DAMN NFO Viewer
2009-02-26 07:18 <DIR> --d----- c:\program files\Soulseek
2009-02-26 07:12 <DIR> --d----- C:\DOWNLOAD
2009-02-25 18:42 29,332 a---h--- c:\windows\system32\mlfcache.dat
2009-02-25 16:40 636 a------- c:\docume~1\tobias\applic~1\wklnhst.dat
2009-02-25 11:12 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-02-25 11:12 21,504 a------- c:\windows\system32\hidserv.dll
2009-02-25 11:12 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-02-25 11:12 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-02-25 05:54 <DIR> --d----- c:\documents and settings\tobias\dwhelper
2009-02-25 01:20 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-25 01:20 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-24 21:44 <DIR> --d----- c:\windows\WinAVI Video Converter 9.0
2009-02-24 21:44 <DIR> --d----- c:\program files\WinAVI Video Converter 9.0
2009-02-24 11:21 69 a------- c:\windows\NeroDigital.ini
2009-02-24 04:39 <DIR> --d----- c:\windows\RegisteredPackages
2009-02-24 01:52 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-23 20:42 <DIR> --d----- c:\program files\VideoLAN
2009-02-23 20:36 <DIR> --d----- c:\docume~1\tobias\applic~1\Malwarebytes
2009-02-23 20:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-23 20:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 20:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 20:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-23 15:51 <DIR> --d----- c:\program files\uTorrent
2009-02-23 15:50 <DIR> --d----- c:\docume~1\tobias\applic~1\uTorrent
2009-02-23 15:43 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-23 15:43 348,160 a------- c:\windows\system32\msvcr71.dll
2009-02-23 15:43 <DIR> --d----- c:\windows\system32\Adobe
2009-02-23 15:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-23 15:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-23 13:08 <DIR> --d----- c:\documents and settings\tobias

==================== Find3M ====================

2009-03-23 11:06 14,336 a------- c:\windows\system32\svchost.exe
2009-03-23 11:03 104,960 a------- c:\windows\system32\userinit.exe
2009-03-23 11:02 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-03-18 09:32 277,504 a------- c:\windows\system32\eSellerateEngine.dll
2009-01-25 14:10 179,200 a------- c:\windows\system32\xvidvfw.dll
2009-01-08 16:01 629,760 a------- c:\windows\system32\xvidcore.dll

============= FINISH: 9:53:55.76 ===============

Edited by tobaloke, 25 March 2009 - 11:54 AM.


#3 tobaloke

tobaloke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 03 April 2009 - 02:26 PM

I seemed to have solved things on my own; I'll try and back-track my steps for you:

-Get Autorun Eater, run it, reboot if necessary.
-Run HiJackThis! and get rid of ANYthing that looks suspicious. hopefully you've run this app before, and know what to look for, because the results are totally relative. (Again, reboot if needed.)
-The browser hijack should be taken care of at this point, so it's ok to turn off Autorun Eater from running at Startup. (Might get in the way of the rest of the cleaning.)
-Next, I downloaded and ran Spyware Doctor (Full Version) along with its Registry Mechanic.
-After the reboot, I was finally able to update, and run MalwareByte's, which took care of the rest.


Hope this helps!!!

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:09 AM

Posted 04 April 2009 - 04:34 PM

Thanks for informing us what you have done.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users