Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random popups and google redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 starlit-echo

starlit-echo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 23 February 2010 - 05:34 PM

Hello,

I've picked up something bad from the internet in the last few days much to my chagrin. It will occasionally pops up new windows while I am browsing normally and when using Google it will redirect results (generally when the words "spyware" and "removal" were part of the search; however, it doesn't seem to affect it when the URL is copy pasted).

Initially whatever I picked up had prevented the computer from even being restarted - it had affected the ntoskrnl.exe that is part of the OS and the sptd.sys (which I believe is part of DAEMON Tools) causing the system to bluescreen. I replaced the ntoskrnl.exe with a copy from a clean computer and deleted the sptd.sys and was then able to boot to Windows again. Now I just need to get rid of the leftovers.

I have run antivirus (NOD32) and Spybot but the problem still persists. Thank you in advance for any help you can offer.

I have disabled emulation using DeFogger as was recommended in the preparation post. I've run both DDS and GMER and here are the logs:



DDS LOG:


DDS (Ver_09-12-01.01) - NTFSx86
Run by S at 19:17:42.06 on Mon 02/22/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1219 [GMT -8:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\1\NOD32 2.7\nod32kui.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Documents and Settings\S\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\1\Spybot\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\1\tclock2_120\tclock2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\1\NOD32 2.7\nod32krn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
c:\1\venturi\Client\ventc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=localhost:8095
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\1\spybot\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [Octoshape Streaming Services] "c:\documents and settings\s\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [SpybotSD TeaTimer] c:\1\spybot\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [nod32kui] "c:\1\nod32 2.7\nod32kui.exe" /WAITSERVICE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [cbkbrxvs] c:\documents and settings\networkservice\local settings\application data\kjkgqd\bhntsftav.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\1\spybot\SDHelper.dll
LSP: c:\windows\system32\imon.dll
LSP: vlsp.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191043339546
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\s\applic~1\mozilla\firefox\profiles\8r9mk2in.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8095
FF - prefs.js: network.proxy.type - 1
FF - component: c:\1\firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R? Razerlow;Razerlow USB Filter Driver
R? TPP200;USB Storage Adapter V2 (TPP)
R? Viewpoint Manager Service;Viewpoint Manager Service
R? wacmoumonitor;Wacom Mode Helper
R? ZD1211U(ZyXEL);ZyXEL G-200v2 802.11b/g Wireless USB Adapter(ZyXEL)
S? ASFIPmon;Broadcom ASF IP Monitor
S? ezgfsfilt;EZ GIG II FS Filter
S? ezgmntr;EZ GIG II Backup Archive Explorer
S? KProcessHacker;KProcessHacker
S? nod32drv;nod32drv
S? NOD32krn;NOD32 Kernel Service
S? TabletServiceWacom;TabletServiceWacom

=============== Created Last 30 ================

2010-02-23 03:04:20 20 ----a-w- c:\documents and settings\s\defogger_reenable
2010-02-23 00:57:22 284915 ----a-w- C:\gmer.zip
2010-02-22 09:26:42 0 d-----w- c:\docume~1\s\applic~1\Malwarebytes
2010-02-22 09:26:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-22 09:26:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-22 09:26:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-22 09:25:45 5115824 ----a-w- C:\mbam-setup.exe
2010-02-22 09:23:32 0 d-----w- c:\docume~1\s\applic~1\Process Hacker
2010-02-22 09:21:49 1261193 ----a-w- C:\processhacker-1.11-setup.exe
2010-02-22 09:05:56 238916 ----a-w- C:\1266829487359.jpg
2010-02-22 08:30:55 34273 ----a-w- C:\6a00d834515cf969e200e54f4777408834-500wi.jpg
2010-02-22 08:21:37 1802880 ----a-w- C:\1266826578733.png
2010-02-22 08:12:53 541246 ----a-w- C:\1266826352336.png
2010-02-22 08:11:10 137371 ----a-w- C:\1266825252188.png
2010-02-22 07:52:34 23979 ----a-w- C:\yamato.JPG
2010-02-22 07:51:18 227372 ----a-w- C:\Page Image.png
2010-02-22 06:56:17 1033571 ----a-w- C:\1266821631507.jpg
2010-02-22 06:56:11 978429 ----a-w- C:\1266821432215.jpg
2010-02-22 06:31:59 65360 ----a-w- C:\1266819860657.jpg
2010-02-22 06:31:50 330202 ----a-w- C:\1266820032719.jpg
2010-02-22 06:31:35 26276 ----a-w- C:\1266820113120.png
2010-02-22 06:31:29 43364 ----a-w- C:\1266820122600.jpg
2010-02-22 06:22:49 899946 ----a-w- C:\1266817057588.jpg
2010-02-22 06:22:20 90967 ----a-w- C:\1266817268284.jpg
2010-02-22 06:22:15 123402 ----a-w- C:\1266817275239.jpg
2010-02-22 06:22:08 80727 ----a-w- C:\1266817276181.jpg
2010-02-22 06:20:53 76199 ----a-w- C:\1266817920354.jpg
2010-02-22 06:19:55 754391 ----a-w- C:\1266818325293.jpg
2010-02-22 03:46:58 1401344 ----a-w- C:\HijackThis.msi
2010-02-22 01:42:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-22 01:40:37 16409960 ----a-w- C:\spybotsd162.exe
2010-02-21 16:17:41 0 d-----w- C:\WINDOWS.0
2010-02-21 13:03:54 226876 ----a-w- C:\1266757303575.jpg
2010-02-21 08:49:38 38940 ----a-w- C:\1266737269738.jpg
2010-02-21 05:27:56 319269 ----a-w- C:\1266729864626.jpg
2010-02-21 05:17:44 135709 ----a-w- C:\1266729352709.jpg
2010-02-21 05:16:27 237482 ----a-w- C:\1266729152965.jpg
2010-02-21 04:58:55 117659 ----a-w- C:\1266726966335.jpg
2010-02-21 04:58:11 41977 ----a-w- C:\1266725768337.jpg
2010-02-21 02:07:35 439351 ----a-w- C:\1266716936500.jpg
2010-02-20 09:02:06 350892 ----a-w- C:\1266650495602.jpg
2010-02-17 08:19:23 94232 ----a-w- C:\1266394606911.jpg
2010-02-15 08:11:25 317250 ----a-w- C:\1266220941793.jpg
2010-02-15 08:10:40 640952 ----a-w- C:\1266220265417.jpg
2010-02-15 08:07:59 1541951 ----a-w- C:\1266218827426.jpg
2010-02-15 08:07:09 380776 ----a-w- C:\1266218508970.jpg
2010-02-14 23:15:17 231381 ----a-w- C:\1266185823806.jpg
2010-02-14 23:14:55 433202 ----a-w- C:\1266185567735.png
2010-02-14 23:14:37 494453 ----a-w- C:\1266185437652.png
2010-02-14 12:32:11 220934 ----a-w- C:\1266142013885.jpg
2010-02-14 12:31:28 493156 ----a-w- C:\1266141813883.jpg
2010-02-14 12:31:08 262395 ----a-w- C:\1266141216602.jpg
2010-02-14 12:30:59 760028 ----a-w- C:\1266141071630.jpg
2010-02-14 12:30:35 27577 ----a-w- C:\1266140770840.jpg
2010-02-14 12:29:09 373066 ----a-w- C:\1266140612390.jpg
2010-02-14 12:28:50 580952 ----a-w- C:\1266140394175.jpg
2010-02-14 11:19:49 62179 ----a-w- C:\bgc1cd_r.jpg
2010-02-14 08:48:15 124385 ----a-w- C:\1266136520160.jpg
2010-02-14 08:46:07 93499 ----a-w- C:\1266136342485.jpg
2010-02-06 12:37:11 0 ----a-w- c:\windows\tosOBEX.INI
2010-02-06 12:32:19 971455 ----a-w- C:\UnknownDeviceIdentifier.exe
2010-02-06 12:23:14 94208 ----a-w- c:\windows\system32\stacsv.exe
2010-02-06 12:22:46 146944 ----a-w- c:\windows\system32\st325602.dll
2010-02-06 12:21:27 8351457 ----a-w- C:\Audio.exe
2010-02-06 12:06:03 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-02-06 12:06:01 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-02-06 12:06:00 73600 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-02-06 12:05:58 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-02-06 12:05:57 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-02-06 12:05:54 64896 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-02-06 12:05:53 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-02-06 12:05:39 0 d-----w- c:\program files\Toshiba
2010-02-06 12:02:33 31744 ----a-w- c:\windows\system32\drivers\csrbcxp.sys
2010-02-06 11:58:11 31573272 ----a-w- C:\Dell_Wireless-360-Module-wit_A01_R155172.exe
2010-02-06 11:51:45 2085188 ----a-w- C:\bus controller.EXE
2010-02-06 11:45:19 1228992 ----a-w- C:\D630_A17.EXE
2010-02-06 11:42:03 5707464 ----a-w- C:\Broadconm Gigabyte.exe
2010-02-06 11:33:05 0 d-----w- C:\Intel
2010-02-06 11:32:04 8682840 ----a-w- C:\R151334.EXE
2010-02-06 11:31:33 14564760 ----a-w- C:\Intel_GM965-Express-Chipset-_A07_R234854.exe
2010-02-06 11:12:13 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-02-06 11:12:13 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-02-06 11:12:12 53248 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-02-04 22:01:10 1314363 ----a-w- C:\1265319364695.jpg
2010-02-02 18:12:23 233445 ----a-w- C:\66eb00bb4a24abdc10bff3ab5397f034.jpg
2010-01-31 21:19:11 97501 ----a-w- C:\3729622256_d3b0a73b04.jpg
2010-01-31 21:14:40 214120 ----a-w- C:\img_973980_56754608_0.jpg
2010-01-31 21:13:31 114370 ----a-w- C:\img_973980_56798200_7.jpg
2010-01-31 21:13:00 196468 ----a-w- C:\img_973980_56798200_0.jpg
2010-01-31 21:09:59 102923 ----a-w- C:\1264971964466.jpg
2010-01-27 08:42:35 9274669 ----a-w- C:\DROID_ERIS_Verizon_English_UM_11_5.pdf
2010-01-26 13:32:55 5244682 ----a-w- C:\AATM_-_Another_Day_at_Ahnenerbe_[SugoiSugoi].rar
2010-01-26 09:51:49 646821 ----a-w- C:\1264499123757.jpg
2010-01-26 09:43:45 195284 ----a-w- C:\1264498701023.jpg
2010-01-26 09:24:13 149012 ----a-w- C:\1264497773069.jpg
2010-01-26 09:23:48 992375 ----a-w- C:\1264497640900.png
2010-01-26 09:10:14 1066902 ----a-w- C:\1264494038464.jpg
2010-01-26 08:18:01 2145241 ----a-w- C:\1264490502348.png
2010-01-26 08:16:40 1251523 ----a-w- C:\1264493363388.jpg
2010-01-24 21:21:21 115920 ----a-w- C:\1264367939364.jpg
2010-01-24 21:05:31 128539 ----a-w- C:\1264366748767.jpg

==================== Find3M ====================

2010-01-09 20:23:32 939956 ----a-w- C:\7z465.exe
2009-12-14 18:51:39 1803935 ----a-w- C:\attachments.zip

============= FINISH: 19:21:13.60 ===============








GMER LOG:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-22 20:46:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\S\LOCALS~1\Temp\fxtdapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A57BA9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\1\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x02 0xA9 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x93 0x0D 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0xAD 0x21 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\1\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x02 0xA9 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x93 0x0D 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0xAD 0x21 0x9D ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by starlit-echo, 23 February 2010 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 23 February 2010 - 06:23 PM

Good evening. smile.gif

Can you tell me what NOD32 FiX is in your "installed programs" list?

So long, and thanks for all the fish.

 

 


#3 starlit-echo

starlit-echo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 23 February 2010 - 07:00 PM

Hello,

It is related to NOD32 and has been a part of the system ever since I installed Windows on this machine a few years back.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 24 February 2010 - 03:47 PM

Good evening. smile.gif

Research tells me that it's a hack to illegally use Nod32 and explains why you appear to have an old version installed - both the files and the Add/Remove Programs entry don't correspond with the latest version.
This forum doesn't support software piracy and as such you will need to obtain a legitimate anti-virus program before you can receive help here. There are a few free ones available:

AVG Free Edition: Available here.
avast! 4 Home Edition: Available here
AntiVir Personal Edition Classic : Available here

Once you have done this feel free to start a fresh thread and we will be happy to help with your problems.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users