Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacker issues, non working anti viral prgms etc.


  • This topic is locked This topic is locked
2 replies to this topic

#1 carl11

carl11

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 01 May 2009 - 10:53 AM

PC- xp home with office apps loaded, sp2 etc.


I have to do this quick and in parts because my internet connection will just drop...reason? I donít know, its just drops and then I cannot reconnect without rebooting, if I am on then drop off myself, then attempt to open internet again, nothing happens, and is part of my symptoms which are-

-I installed superantispyware- but when I attempt to start it, nothing happens not even a splash screen. I removed it via the removal process from control panel, downloaded it again and attempted to reinstall, but when I click the exe to install, I get this-
AppName: superantispyware.exe AppVer: 4.26.0.1002 ModName: superantispyware.exe
ModVer: 4.26.0.1002 Offset: 000039e0


-I installed spybot- the prgm installs but I cannot get the icon or the .exe to open and run a scan.

-I installed and ran the windows malware remover kb890830v2.9- it said I had no infections etc.

-I installed and ran PC tools spyware doctor, it ran said it fixed the issues included below text included below as to what it found

- I have attempted to restore my comp. to a few days ago, to a system checkpoint. When I select the checkpoint, and select next on the restore page nothing happens, the screen stays but nothing is initiated. I have plenty of memory apportioned for it and have over 13 gigs left as space on my HD.

- when my internet is open ( IE6) and I select a site to go to, it redirects me all over the place.



Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - 7search.com/ 7search.com

Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - mybestantivirus-scanner.info/ mybestantivirus-scanner.info

Threat Name - Trojan.WindUpdate
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BridgeX.dll, .Owner

Threat Name - Trojan.WindUpdate
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BridgeX.dll, {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Threat Name - Trojan.WindUpdate
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BridgeX.dll

Threat Name - RogueAntiSpyware.XPAntispyware
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1993962763-2146995231-725345543-1004\Control Panel\don't load, scui.cpl

Threat Name - RogueAntiSpyware.WinDefender
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1993962763-2146995231-725345543-1004\Software\WinPC Defender, Minimize

Threat Name - Rootkit.Podnuha
Type - File
Risk Level - High
Infection - c:\windows\system32\wrlogonntf.dll

Threat Name - Rootkit.Podnuha
Type - Module
Risk Level - High
Infection - winlogon.exe (c:\windows\system32\wrlogonntf.dll)
4/30/2009 7:49:49 PM:875 Infection was detected on this computer
Threat Name - Rootkit.Podnuha
Type - Startup
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WRNotifier, DllName = WRLogonNTF.dll
4/30/2009 7:49:49 PM:875 Infection was detected on this computer
Threat Name - Rootkit.Podnuha
Type - File
Risk Level - High
Infection - wrlogonntf.dll



Threat Name - RogueAntiSpyware.XPAntispyware
Type - Modified Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile, EnableFirewall

Threat Name - Trojan-Downloader.CashDeluxe
Type - Modified Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit

5/1/2009 5:14:17 AM:734 IntelliGuard Detection Quarantined
Threat Name - Rootkit.Podnuha
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\wrlogonntf.dll
5/1/2009 5:14:17 AM:859 Startup Memory Cleaner found infections
Threat Name - Rootkit.Podnuha
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\wrlogonntf.dll


5/1/2009 5:14:17 AM:890 Startup Memory Cleaner found infections
Threat Name - Rootkit.Podnuha
Type - Startup
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WRNotifier, DllName = WRLogonNTF.dll


Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\vendor\xml

ANY help appreciated..thank you ...



the dds scan-

DDS (Ver_09-03-16.01) - NTFSx86
Run by Carlton at 8:59:55.64 on Fri 05/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.491 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Carlton\Local Settings\Temporary Internet Files\Content.IE5\0HA3C9M7\dds[1].scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\ati hydravision\HydraDM.exe"
mRun: [EnigmaPopupStop] "c:\program files\enigma software group\spyhunter\popupblocker\EnigmaPopupStop.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [SetDefPrt] "c:\program files\brother\brmfl04a\BrStDvPt.exe"
mRun: [ControlCenter2.0] "c:\program files\brother\controlcenter2\brctrcen.exe" /autorun
mRun: [AdobeVersionCue] "c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [RegistryMechanic]
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\carlton\startm~1\programs\startup\dialog~1.lnk - c:\program files\vcom\powerdesk\pddlghlp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\loadou~1.lnk - c:\program files\belkin\nostromo\nost_LM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photol~1.lnk - c:\program files\casio\photo loader\Plauto.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm824IVUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E}
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208527988562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carlton\applic~1\mozilla\firefox\profiles\6c7kg1ab.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/index.html

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-30 130936]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 55640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-30 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-30 1095560]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2004-4-12 36224]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2005-3-1 3572592]
S2 XBCTRIHF;XBCTRIHF;\??\c:\windows\system32\xbctrihf.ldu --> c:\windows\system32\xbctrihf.ldu [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 Ininnb;Ininnb; [x]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S4 Irxdsckksv;Irxdsckksv;c:\windows\system32\drivers\dxg.sys [2003-3-31 71040]

=============== Created Last 30 ================

2009-05-01 07:45 11,748,680 a------- C:\Pareto_AV_Setup_RW.exe
2009-05-01 06:14 9,924,040 a------- C:\windows-kb890830-v2.9.exe
2009-04-30 16:25 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-30 16:25 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-30 16:25 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-30 16:25 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-30 16:25 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-30 16:25 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-30 16:25 <DIR> --d----- c:\docume~1\carlton\applic~1\PC Tools
2009-04-30 16:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-30 15:24 87,552 a------- c:\windows\system32\VACFix.exe
2009-04-30 15:24 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-04-30 15:24 82,432 a------- c:\windows\system32\404Fix.exe
2009-04-30 15:24 80,384 a------- c:\windows\system32\o4Patch.exe
2009-04-30 15:24 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-04-30 15:18 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-04-30 15:18 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-04-30 15:18 81,920 a------- c:\windows\system32\IEDFix.exe
2009-04-30 15:18 79,360 a------- c:\windows\system32\swxcacls.exe
2009-04-30 15:18 51,200 a------- c:\windows\system32\dumphive.exe
2009-04-30 15:18 25,600 a------- c:\windows\system32\WS2Fix.exe
2009-04-30 15:18 135,168 a------- c:\windows\system32\swreg.exe
2009-04-30 15:18 53,248 a------- c:\windows\system32\Process.exe
2009-04-30 15:14 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-30 15:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-30 08:05 322 a------- c:\docume~1\carlton\applic~1\bhs.bat
2009-04-30 05:22 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-30 05:22 <DIR> --d----- c:\program files\Avira
2009-04-30 05:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira

==================== Find3M ====================

2009-05-01 05:36 4,082 a------- c:\windows\system32\tmp.reg
2009-05-01 05:35 3,924 a------- c:\program files\rapport.txt
2009-04-30 16:01 6,325,280 a------- c:\program files\SUPERAntiSpyware.exe
2009-03-22 10:38 16,409,960 a------- c:\program files\spybotsd162.exe
2009-01-30 17:51 10,356,424 a------- c:\program files\nostromo_3.2.4_081607.exe
2009-01-30 17:29 8,067,072 a------- c:\program files\nostromo_v3d.exe
2009-01-30 16:06 86,022,604 a------- c:\program files\hl1110.exe
2009-01-30 15:28 189,440 a------- c:\program files\safedisc.exe
2008-11-26 16:04 17,508,352 a------- c:\program files\tubesucker.msi
2008-08-18 14:30 2,271,258 a------- c:\program files\ipod2comp_pro.exe
2008-08-16 18:48 63,530,280 a------- c:\program files\iTunesSetup.exe
2008-06-29 06:42 7,608,344 a------- c:\program files\spyhunterFULL.exe
2007-12-26 15:21 5,831,160 a------- c:\program files\rminstall.exe
2007-12-26 11:47 17,788,920 a------- c:\program files\antivir_workstation_win7u_en_h.exe
2007-12-26 11:40 50,688 a------- c:\program files\ATF-Cleaner.exe
2007-12-26 11:05 812,344 a------- c:\program files\HJTInstall.exe
2007-12-25 09:04 1,079,152 a------- c:\program files\scripten.exe
2007-11-10 16:37 173,077,455 a------- c:\program files\Battlefront-setuprelease-1DR.zip
2007-08-30 15:38 19,705,395 a------- c:\program files\Machines-at-War-Demo.exe
2007-06-30 06:04 636,222 a------- c:\program files\Picture-Cube-3D-Free.exe
2007-03-09 16:29 4,326,676 a------- c:\program files\Atomic-Cannon.exe
2007-03-08 16:31 2,921,390 a------- c:\program files\Atomic-Cannon-Demo.exe
2007-02-02 10:53 176,934,565 -------- c:\program files\Battlefront-setuprelease-1DR.exe
2006-12-31 10:00 13,111,472 a------- c:\program files\sspsetup1_.exe
2006-12-08 09:43 4,217,352 a------- c:\program files\divx5.exe
2006-11-03 18:56 725,262 a------- c:\program files\SteamInstall.exe
2006-03-31 08:21 540,790 a------- c:\program files\mkit39e.exe
2006-02-26 11:07 11,203,131 a------- c:\program files\de_thematrix11_for_css.zip
2006-02-26 10:56 634,858 a------- c:\program files\Nav2-pack-coco.zip
2006-02-26 10:54 7,670,367 a------- c:\program files\de_dam_facility_beta2.zip
2006-02-26 10:39 2,803,343 a------- c:\program files\de_pariah.rar
2006-02-26 10:36 2,527,834 a------- c:\program files\cs_spetsnaz.zip
2006-02-26 10:29 17,208,373 a------- c:\program files\de_kneedeep.rar
2006-02-26 10:25 2,738,992 a------- c:\program files\cs_newyork.rar
2006-02-26 10:19 1,440,614 a------- c:\program files\aim_ak-colt_park-fix.rar
2006-02-25 10:07 15,944,878 a------- c:\program files\de_egyptkm.zip
2006-02-25 09:09 3,112,992 a------- c:\program files\csstoolz17.exe
2006-02-24 16:53 242,375 a------- c:\program files\HoldemPoker_NetInstall.exe
2006-02-12 10:11 57,941 a------- c:\program files\In a single night.htm
2006-01-28 08:14 29,299,816 a------- c:\program files\MIS8_113_en-US_1.exe
2006-01-07 09:09 8,771,600 a------- c:\program files\sspsetup1_1794664571.exe
2006-01-06 12:24 11,817,800 a------- c:\program files\GoogleEarth-0762.exe
2005-12-02 10:33 11,590,784 a------- c:\program files\DivXPlay.exe
2005-12-01 17:49 485,008 a------- c:\program files\MKit34DR.exe
2005-10-07 12:46 5,839 -------- c:\program files\README The Matrix 1.1.txt
2005-10-05 20:09 118,410 -------- c:\program files\de_thematrix11a.jpg
2005-10-05 20:08 68,604 -------- c:\program files\de_thematrix11b.jpg
2005-10-05 20:07 157,356 -------- c:\program files\de_thematrix11c.jpg
2005-09-02 06:28 197,750 -------- c:\program files\de_thematrix01.jpg
2005-09-02 06:27 288,689 -------- c:\program files\de_thematrix02.jpg
2005-09-02 06:26 213,540 -------- c:\program files\de_thematrix03.jpg
2005-08-22 07:42 10,958,640 a------- c:\program files\GoogleEarth.exe
2005-08-21 10:14 1,900,184 a------- c:\program files\frinstall.exe
2005-04-27 15:33 3,901,232 a------- c:\program files\ssfsetup1_1794664571.exe
2005-02-11 14:30 8,405,403 a------- c:\program files\VS71HVInstall.exe
2005-01-22 10:00 8,583,168 a------- c:\program files\bsp6_patch.exe
2005-01-22 09:59 15,210,496 ac------ c:\program files\bsp6.exe
2004-12-16 18:18 2,202,944 a------- c:\program files\indeoxp.exe
2004-12-10 14:41 740,091 a------- c:\program files\bgw_dll.zip
2004-12-09 08:28 18,012,867 a------- c:\program files\RvB_TG_LoRes.mov
2004-11-27 13:46 3,439,088 a------- c:\program files\wncsm80.exe
2004-11-07 08:46 21,688 a------- c:\docume~1\carlton\applic~1\GDIPFONTCACHEV1.DAT
2004-04-17 11:48 1,418,304 a------- c:\program files\j2re-1_4_2_04-windows-i586-p-iftw.exe
2004-04-16 16:03 3,567,003 a------- c:\program files\dgt.exe
2004-04-16 15:57 532,656 a------- c:\program files\MKit35F.exe

============= FINISH: 9:00:37.43 ===============

Edited by carl11, 01 May 2009 - 11:42 AM.


BC AdBot (Login to Remove)

 


#2 carl11

carl11
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 01 May 2009 - 06:34 PM

Well I licked it, just wanted you to know so you didnít waste time on me.

I will share if anyoneís interested-

I used Spyware doctor in safe mode.

It found - - Rootkit.Podnuha ( I had run spyware doctor in normal boot mode before this, and it said it had eliminated it, apparently not), as I had spyware Ďfix ití again after running it again in safemode, which apparently helped correct my issue.

I then ran ESET- it gave me one threat, java\trojandownloaderopenstream.nab

It said it deleted it, but my problem persisted.

I then goggled java\trojandownloaderopenstream.nab , one site suggested running Spyhunter malware, http://www.removal-instructions.com/remove...Downloader.html

Which, thank god, it allowed me to run from the site, since my edition of spyhunter of which I have a registered copy had quit working when I had become infected.

Once I did that, it rebooted, a bios script run came up, it apparently deleted the java Trojan, then when my normal boot was finished I had several Trojan alerts via my Avira antivir guard prgm. all of which I deleted naturally.

Out of no where my spyhunter icon reappeared on my desktop ( it had disappeared and would not start, even when I attempted it though the .exe as well), I did a scan and it found this in my registry-

C:/windows/system32/Inod32apiA.dll

The scan ended, I deleted the above, I rebooted and now everything is back up, system restore works again, no more hijacking and my spybot now works.

I can think of better ways to spend the day. :thumbup2:

thx for being here though staff, great site, I noodled around other threads, saw what others were being directed to do, and stayed curious and worked it out.......

Edited by carl11, 01 May 2009 - 06:38 PM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:32 PM

Posted 02 May 2009 - 09:36 AM

Thanks for informing us what you have done.

Good Luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users