Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

links redirecting to wrong sites


  • This topic is locked This topic is locked
3 replies to this topic

#1 gg2327

gg2327

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 25 April 2009 - 07:32 PM

hi,

i don't know exactly what kinf of virus is infecting computer so i will try to explain my problem. for the last few days evrytime i do a search i get a search result page but when i click on certain links it redirects me to a different site. some sites are other search sites like britannia , other sites seems legit but a few seems like a site for someone to park their domain? it doesnt happen with evry link i click on just a few 4or 5 sometimes less. i dont think it's the firewall cos i disabled and test and still getting same redirection. most times if i open link again, it will take me to the correct site. i 'm enclosing the two documents as per instructions. thank you very much for your help.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 0:27:35.18 on 26/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.184 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Movies\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209536619203
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ajn2sbye.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-24 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-25 11608]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-4-24 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-4-24 1267528]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-25 185089]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-24 138680]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-25 55640]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-4-24 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-4-24 257432]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-24 352920]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [2009-4-14 56088]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2009-4-24 33888]

=============== Created Last 30 ================

2009-04-25 22:28 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-25 22:28 <DIR> --d----- c:\program files\Avira
2009-04-25 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-25 21:52 249,856 -------- c:\windows\Setup1.exe
2009-04-25 21:52 73,216 a------- c:\windows\ST6UNST.EXE
2009-04-25 20:43 <DIR> --d----- c:\program files\SpywareBlaster
2009-04-24 23:52 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-24 17:21 704,384 a------- c:\windows\system32\drivers\SandBox.sys
2009-04-24 17:21 257,432 a------- c:\windows\system32\drivers\afwcore.sys
2009-04-24 17:20 49 a------- c:\windows\transp.gif
2009-04-24 17:19 31,128 a------- c:\windows\system32\drivers\afw.sys
2009-04-24 17:19 <DIR> --d----- c:\windows\system32\Filt
2009-04-24 17:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Agnitum
2009-04-24 17:14 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-04-24 06:40 <DIR> --d----- c:\program files\common files\Agnitum Shared
2009-04-24 06:40 <DIR> --d----- c:\program files\Agnitum
2009-04-23 23:10 155 a------- c:\windows\system32\SelfDel.bat
2009-04-23 22:55 39,424 a------- c:\windows\system32\winglsetup.exe
2009-04-23 17:30 15,000 a------- c:\windows\system32\sf87wuijndoio43j.dll
2009-04-22 23:07 <DIR> --d----- c:\program files\Sunbelt Software
2009-04-22 18:33 <DIR> --d----- c:\program files\directx
2009-04-17 23:13 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-17 03:57 <DIR> --d----- c:\program files\The Adventure Company
2009-04-17 03:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-04-17 03:51 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-04-17 00:45 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:45 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:45 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 00:45 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:45 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:45 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:45 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:45 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:45 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 23:45 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-04-16 23:44 <DIR> --d----- c:\program files\Microsoft
2009-04-16 23:44 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-16 23:25 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-16 23:23 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-16 23:23 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-16 23:23 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-16 23:23 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-16 23:23 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-16 23:23 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-16 23:23 <DIR> --d----- C:\2a70f39ea7c0ab7c4ad410
2009-04-16 23:23 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-16 22:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-04-16 22:49 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-04-15 18:17 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 18:17 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 18:17 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 15:14 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-15 15:14 208,744 a------- c:\windows\system32\muweb.dll
2009-04-15 15:14 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 02:51 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-15 02:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-15 02:51 <DIR> --d----- c:\program files\Real Alternative
2009-04-14 22:50 <DIR> --d----- c:\program files\Mingjong
2009-04-14 22:50 245,408 a------- c:\windows\system32\unicows.dll
2009-04-14 22:50 53,248 a------- c:\windows\system32\dsnpstd2.dll
2009-04-14 22:50 40,960 a------- c:\windows\vsnpstd2.exe
2009-04-14 22:50 15,541 a------- c:\windows\snpstd2.ini
2009-04-14 22:50 13,023 a------- c:\windows\snpstd2.src
2009-04-14 22:49 302,720 a------- c:\windows\system32\drivers\snpstd2.sys
2009-04-14 22:49 61,440 a------- c:\windows\system32\csnpstd2.dll
2009-04-14 22:49 40,960 a------- c:\windows\system32\rsnpstd2.dll
2009-04-14 22:49 36,864 a------- c:\windows\system32\vsnpstd2.dll
2009-04-14 22:49 36,864 a------- c:\windows\system32\dsnpstd2.ax
2009-04-14 22:49 20,480 a------- c:\windows\usnpstd2.exe
2009-04-14 22:49 <DIR> --d----- c:\program files\common files\snpstd2
2009-04-14 17:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-14 17:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-14 17:28 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-14 17:28 <DIR> --d--r-- c:\program files\Skype
2009-04-14 17:14 <DIR> --d----- c:\program files\CCleaner
2009-04-14 17:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-14 17:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 17:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 17:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 16:28 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-14 16:27 <DIR> --d----- c:\program files\VideoLAN
2009-04-14 16:26 <DIR> --d----- c:\program files\GRETECH
2009-04-14 16:20 <DIR> --d----- c:\program files\AVG
2009-04-14 14:21 <DIR> --d----- C:\Movies
2009-04-14 13:51 <DIR> --d----- c:\program files\SAGEM
2009-04-09 15:58 990 a------- c:\windows\adiras.ini
2009-04-09 11:05 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-04-09 11:05 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-04-09 11:02 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-09 11:02 <DIR> --d----- c:\program files\Windows Media Components
2009-04-09 11:01 53,248 a------- c:\windows\amcap.exe
2009-04-09 10:40 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-04-09 10:40 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-09 10:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-04-09 10:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2009-04-22 01:01 51,200 a--sh--- c:\windows\system32\wijidapa.exe
2009-04-14 13:52 32 a------- c:\windows\system32\drivers\adidsl.cfg
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll
2008-10-25 08:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 0:28:51.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gg2327

gg2327
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 26 April 2009 - 12:39 PM

hi,

i ran avira on safe mode today and it found two entries 1.Gen/PwdZip 2.TR/Vundo.Gen. i click on repair . then computer restarted and avira did another scan. those two entries are in the quarantine area but avira is still finding TR/Dropper.Gen
during the scan. it ask me to move file to quarantine and restart. but evertime i restart and run scan again the same message comes up. that TR/Dropper.Gen was found and what action to take. i have tried removing to quarantine and also delete option but it always say to restart. then after restart , i run scan again the same message TR/Dropper.Gen was found.

i've included new logs since i ran avira


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 18:30:30.23 on 26/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.167 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Movies\install\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209536619203
TCP: {B0C02A40-885D-4AE0-8FAE-A75DBDDA638A} = 212.139.132.8 212.139.132.9
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ajn2sbye.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-24 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-25 11608]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-4-24 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-4-24 1267528]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-25 185089]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-24 138680]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-25 55640]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-4-24 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-4-24 257432]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-24 352920]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [2009-4-14 56088]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2009-4-24 33888]

=============== Created Last 30 ================

2009-04-25 22:28 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-25 22:28 <DIR> --d----- c:\program files\Avira
2009-04-25 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-25 21:52 249,856 -------- c:\windows\Setup1.exe
2009-04-25 21:52 73,216 a------- c:\windows\ST6UNST.EXE
2009-04-25 20:43 <DIR> --d----- c:\program files\SpywareBlaster
2009-04-24 23:52 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-24 17:21 704,384 a------- c:\windows\system32\drivers\SandBox.sys
2009-04-24 17:21 257,432 a------- c:\windows\system32\drivers\afwcore.sys
2009-04-24 17:20 49 a------- c:\windows\transp.gif
2009-04-24 17:19 31,128 a------- c:\windows\system32\drivers\afw.sys
2009-04-24 17:19 <DIR> --d----- c:\windows\system32\Filt
2009-04-24 17:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Agnitum
2009-04-24 17:14 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-04-24 06:40 <DIR> --d----- c:\program files\common files\Agnitum Shared
2009-04-24 06:40 <DIR> --d----- c:\program files\Agnitum
2009-04-23 23:10 155 a------- c:\windows\system32\SelfDel.bat
2009-04-23 22:55 39,424 a------- c:\windows\system32\winglsetup.exe
2009-04-23 17:30 15,000 a------- c:\windows\system32\sf87wuijndoio43j.dll
2009-04-22 23:07 <DIR> --d----- c:\program files\Sunbelt Software
2009-04-22 18:33 <DIR> --d----- c:\program files\directx
2009-04-17 23:13 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-17 03:57 <DIR> --d----- c:\program files\The Adventure Company
2009-04-17 03:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-04-17 03:51 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-04-17 00:45 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:45 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:45 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 00:45 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:45 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:45 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:45 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:45 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:45 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 23:45 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-04-16 23:44 <DIR> --d----- c:\program files\Microsoft
2009-04-16 23:44 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-16 23:25 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-16 23:23 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-16 23:23 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-16 23:23 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-16 23:23 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-16 23:23 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-16 23:23 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-16 23:23 <DIR> --d----- C:\2a70f39ea7c0ab7c4ad410
2009-04-16 23:23 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-16 22:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-04-16 22:49 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-04-15 18:17 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 18:17 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 18:17 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 15:14 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-15 15:14 208,744 a------- c:\windows\system32\muweb.dll
2009-04-15 15:14 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 02:51 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-15 02:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-15 02:51 <DIR> --d----- c:\program files\Real Alternative
2009-04-14 22:50 <DIR> --d----- c:\program files\Mingjong
2009-04-14 22:50 245,408 a------- c:\windows\system32\unicows.dll
2009-04-14 22:50 53,248 a------- c:\windows\system32\dsnpstd2.dll
2009-04-14 22:50 40,960 a------- c:\windows\vsnpstd2.exe
2009-04-14 22:50 15,541 a------- c:\windows\snpstd2.ini
2009-04-14 22:50 13,023 a------- c:\windows\snpstd2.src
2009-04-14 22:49 302,720 a------- c:\windows\system32\drivers\snpstd2.sys
2009-04-14 22:49 61,440 a------- c:\windows\system32\csnpstd2.dll
2009-04-14 22:49 40,960 a------- c:\windows\system32\rsnpstd2.dll
2009-04-14 22:49 36,864 a------- c:\windows\system32\vsnpstd2.dll
2009-04-14 22:49 36,864 a------- c:\windows\system32\dsnpstd2.ax
2009-04-14 22:49 20,480 a------- c:\windows\usnpstd2.exe
2009-04-14 22:49 <DIR> --d----- c:\program files\common files\snpstd2
2009-04-14 17:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-14 17:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-14 17:28 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-14 17:28 <DIR> --d--r-- c:\program files\Skype
2009-04-14 17:14 <DIR> --d----- c:\program files\CCleaner
2009-04-14 17:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-14 17:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 17:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 17:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 16:28 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-14 16:27 <DIR> --d----- c:\program files\VideoLAN
2009-04-14 16:26 <DIR> --d----- c:\program files\GRETECH
2009-04-14 16:20 <DIR> --d----- c:\program files\AVG
2009-04-14 14:21 <DIR> --d----- C:\Movies
2009-04-14 13:51 <DIR> --d----- c:\program files\SAGEM
2009-04-09 15:58 990 a------- c:\windows\adiras.ini
2009-04-09 11:05 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-04-09 11:05 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-04-09 11:02 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-09 11:02 <DIR> --d----- c:\program files\Windows Media Components
2009-04-09 11:01 53,248 a------- c:\windows\amcap.exe
2009-04-09 10:40 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-04-09 10:40 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-09 10:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-04-09 10:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2009-04-14 13:52 32 a------- c:\windows\system32\drivers\adidsl.cfg
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll
2008-10-25 08:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 18:31:01.68 ===============

Attached Files



#3 gg2327

gg2327
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 27 April 2009 - 08:12 PM

PLEASE IGNORE POST SOMEONE HERE IS ALREADY HELPING ME. THANK YOU

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:13 AM

Posted 04 May 2009 - 12:29 AM

Thanks for informing us.
Good Luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users