Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Firefox/IE Search Engine (Google and Yahoo) Re-directs


  • This topic is locked This topic is locked
19 replies to this topic

#1 johncolarelli

johncolarelli

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 25 April 2010 - 04:53 PM

Hello - about a week ago, we started to have Yahoo re-directed directly to 'cars4all.biz' as soon as Firefox would be opened. Turned out that Yahoo & Google both would re-driect, so we uninstalled and then re-installed Firefox to no avail. While the start page was changed to Firefox/Google and doesn't re-direct, any searches that are made will re-direct to the same page: cars4all.biz. We are running Windows XP Service Pack 3 (I believe) and have tried several programs to try to clean up any unwanted viruses. We have Norton Protection that we update weekly as our virus/firewall safety net, and have used Malwarebytes in the past to clean up any unwanted viruses that we've seen. Right now, Malware will not update (ongoing Norton problem), but the re-directs are a real concern. I've tried using Spyhunt and AVG Free, they clean up some things (Spy Hunter cleared out the Whazit rogue, but arrparently it is not gone), but are never 100% in getting rid of it.

We cannot run our computer in safe mode, has been a problem for quite some time, so any possible solutions that do not require safe mode access would be best. I do have a separate laptop that I can use to download files through our wi-fi network and can copy these to the problem PC as needed. Please help, thanks!!!!

John

BC AdBot (Login to Remove)

 


#2 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 25 April 2010 - 08:15 PM

bump to the top!

#3 AmyCGoose

AmyCGoose

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 25 April 2010 - 08:32 PM

I am having the same problem. Like the poster above, it started a week or two ago. I noticed that occasionally, when I used the Google search bar on Firefox, I would not land on the intended page. The Google search would occur as normal, but when I clicked a link, I would be redirected to an add page. Two days ago, my computer came down with a dreaded case of malware. I had the one that tries to trick you into buying security software. It disabled MalwareBytes and would not let me get to any intended web pages. I was able to start in safe mode, use rkill and then reinstall MalwareBytes. The malware seems to be gone, but I am still being redirected from time to time. It doesn't seem to happen if I use the search bar on the Google web page, but more-so when I use the Google search bar on Firefox.
I don't know if the malware and the redirects are related or not. I have run quick and full scans of MalwareBytes several times thinking that my computer was having a relapse, but MalwareBytes is not finding anything.
Any ideas??? Anyone???

#4 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 25 April 2010 - 10:49 PM

Hi johncolarellil,

Are you able to do a full scan with your Norton product, and if so, does it show any malware? Also, are you able to install the new version of Malwarebytes? I know you said you couldn't update, but I was wondering if you could actually install the new version which should be 1.45. You could then do a manual update by download going here.

I would also use a temp file cleaner like TFC by Old Timer or ATF before you attempt any scans as it might do some pre-scan clean up and it will generally make the scans faster.


Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.

    Scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Post both the MBAM and SAS logs if they scan successfully. :thumbsup:

#5 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 02:59 PM

I D/L and installed MBAM 1.45, but could not update, so I ran an update on another computet and copied the 'rules.ref' file over as per the MABM website, so hopefully that makes it the latest and greatest.

The Norton full scan does not show any Malware and Spy Hunter only seems to show tracking cookies.

I will post logs for MBAM and SAS as soon as they're done running, thanks!

John

Edited by johncolarelli, 26 April 2010 - 03:00 PM.


#6 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 03:09 PM

MBAM Log, SAS log to follow when it is done:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4036

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/26/2010 4:03:09 PM
mbam-log-2010-04-26 (16-03-09).txt

Scan type: Quick scan
Objects scanned: 120211
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 03:11 PM

Prior to running MBAM, I tried one more quick search in Firefox, through Google. Entered a term, hit enter and the search resulted appeared. But before I could click any of them, I was redriected here:

http://www2.searchresultsdirect.com/parkin...907&ac300=2

If that helps any.

SAS scan is running now.

#8 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 26 April 2010 - 03:40 PM

OK, somethings hiding in the shadows. Let me know what you find out with SAS and also post the scan results from an online scanner called BitDefender.

By the way, if SAS finds any infected files, re-run MBAM again and post.

Good Luck!

#9 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 03:47 PM

Yep, something is lurking I'm sure. SAS is showing 26 infections right now (2 registry, 12 Adware Tracking Cookies, 10 Malware Installer Pkg/Gen - WTF???), will clean and re-run the MBAM scan as well. Thx.

I guess the ironic thing is that we use Firefox because it is supposed to be more secure than IE, but when I check, we didn't get redirectet through IE searches. Hmmm.......

Edited by johncolarelli, 26 April 2010 - 04:07 PM.


#10 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 06:38 PM

Ok, ran SAS, but forgot to update definitions. Here was the result of that scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2010 at 05:09 PM

Application Version : 4.33.1000

Core Rules Database Version : 4849
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 01:03:00

Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 9405
Registry threats detected : 2
File items scanned : 42723
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Jack\Cookies\jack@fastclick[1].txt
C:\Documents and Settings\Jack\Cookies\jack@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Jack\Cookies\jack@media6degrees[1].txt
C:\Documents and Settings\Jack\Cookies\jack@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jack\Cookies\jack@ad.yieldmanager[1].txt
C:\Documents and Settings\Jack\Cookies\jack@atdmt[1].txt
C:\Documents and Settings\Jack\Cookies\jack@ad.wsod[2].txt
C:\Documents and Settings\Jack\Cookies\jack@doubleclick[2].txt
C:\Documents and Settings\Jack\Cookies\jack@interclick[1].txt
C:\Documents and Settings\Jack\Cookies\jack@www.nordictrack[2].txt
C:\Documents and Settings\Jack\Cookies\jack@nordictrack[2].txt
C:\Documents and Settings\Jack\Cookies\jack@chitika[1].txt
C:\Documents and Settings\Jack\Cookies\jack@server.iad.liveperson[1].txt
C:\Documents and Settings\Jack\Cookies\jack@2o7[2].txt

Rogue.Agent/Gen
HKLM\SOFTWARE\78480431
HKLM\SOFTWARE\78480431#FirstRun

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE


Computer re-booted, re-ran the full scan after updating definitions. Results of that scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2010 at 06:26 PM

Application Version : 4.33.1000

Core Rules Database Version : 4854
Trace Rules Database Version: 2666

Scan type : Complete Scan
Total Scan Time : 01:04:18

Memory items scanned : 621
Memory threats detected : 0
Registry items scanned : 9405
Registry threats detected : 0
File items scanned : 42713
File threats detected : 0


I am re-running a full scan of MBAM right now, will post log when it is compete.

Edited by johncolarelli, 26 April 2010 - 06:39 PM.


#11 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 07:51 PM

Re-ran MBAM, full scan:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4036

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/26/2010 8:42:42 PM
mbam-log-2010-04-26 (20-42-42).txt

Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 350636
Time elapsed: 2 hour(s), 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Ok, everything looks clean, but I'm paranoid if I should be looking elsewhere just in case. Any thoughts, or should I just give it a shot and see if it still re-directs?

#12 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 26 April 2010 - 08:14 PM

Could you first do a BitDefender scan and post the results please? There could still be some lurkers and the Bit scan will give a bit more info.

Also are you able to run an update with MBAM yet? IF so, update and then rerun full scan in normal mode.

Based on the removals thus far, are you able to get into safe mode using the F8 method? Don't try any other methods other than tapping F8 when the computer is first started until you see the option to boot into safe mode without networking. Then run a full SAS scan.

#13 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 26 April 2010 - 09:19 PM

1. Still cannot update MBAM directly. This is an issue with the Norton interface and it hasn't yet received a solution - I update the rules.ref on another PC and copy over so I should be current, right? Last full scan was in normal mode.

2. Cannot open in Safe Mode, but ran the SAS in normal mode. Get the 'blue screen of death' when we try to go into safe mode. I should probably re-install windows or consider upgrading to a new PC at this point really.........

3. BitDefender log, says we're clean, anything jumping out at you? Let me know your thoughts, I'll check in again in the morning (today was an early day for me). I have to admit that I am a little concerned about 'missing files' so let me know if these are an issue if they're not here. Thanks!

QuickScan Beta 32-bit v0.9.9.18
-------------------------------

Scan date: Mon Apr 26 22:08:22 2010
Machine ID: 8FF9BF1

No infection found.
-------------------

Processes
---------
<unsigned> C-Major Audio 3360 C:\WINDOWS\stsystra.exe
<unsigned> Canon Camera Access Library 8 2508 C:\Program Files\Canon\CAL\CALMAIN.exe
<unsigned> DMXLauncher.exe 3424 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
<unsigned> Drive Letter Access Component 3556 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<unsigned> Hewlett-Packard hpwuSchd 3596 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> hp coretech (COmponent REuse TECHnolog 3636 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
<unsigned> InstallShield Update Service 3568 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> NVIDIA Driver Helper Service, Version 1 1040 C:\WINDOWS\system32\nvsvc32.exe
<unsigned> PostUpdate.exe 3996 C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
<unsigned> RAID Event Monitor 3400 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
<unsigned> RAID Monitor 1760 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

<verified> Ad-Aware Service Application 1108 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
<verified> Ad-Aware Tray Application 1672 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Apple Mobile Device Service 1996 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> Bonjour 300 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Client and Host Security Platform 3508 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
<verified> Client and Host Security Platform 420 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
<verified> Client and Host Security Platform 520 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
<verified> Client and Host Security Platform 1592 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
<verified> Firefox 3520 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> iTunes 3968 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 3812 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U20 1780 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE Auto Updater 2 0 3080 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> LiveUpdate 276 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
<verified> LiveUpdate Notice 572 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
<verified> Messenger 2192 C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Visual Studio .NET 1828 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 1432 C:\Program Files\Outlook Express\msimn.exe
<verified> Microsoft® Windows® Operating System 3200 C:\WINDOWS\eHome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 956 C:\WINDOWS\eHome\ehRecvr.exe
<verified> Microsoft® Windows® Operating System 1176 C:\WINDOWS\eHome\ehSched.exe
<verified> Microsoft® Windows® Operating System 2972 C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 2380 C:\WINDOWS\ehome\mcrdsvc.exe
<verified> Microsoft® Windows® Operating System 1724 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 3148 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 3396 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 2748 C:\WINDOWS\system32\dllhost.exe
<verified> Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 3740 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 696 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1280 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 2212 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2224 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1544 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1416 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1288 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1192 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1960 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1072 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2296 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2816 C:\WINDOWS\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 2832 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 784 C:\WINDOWS\system32\winlogon.exe
<verified> Nero BackItUp 2088 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
<verified> Norton AntiVirus 1912 C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
<verified> Norton Security Console 3464 C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
<verified> Pure Networks Platform 3712 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
<verified> SpyHunter4 1028 C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
<verified> Symantec Security Drivers 604 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
<verified> symlcsvc.exe 720 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Network activity
----------------
Process ccProxy.exe (520) connected on port 80 (HTTP) --> a96-17-197-115.deploy.akamaitechnologies.com
Process ccProxy.exe (520) connected on port 80 (HTTP) --> a96-17-171-26.deploy.akamaitechnologies.com
Process ccProxy.exe (520) connected on port 80 (HTTP) --> vw-in-f100.1e100.net

Process svchost.exe (1192) listens on ports: 135 (RPC)
Process svchost.exe (2212) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
<unsigned> C-Major Audio C:\WINDOWS\stsystra.exe
<unsigned> Dell Support C:\Program Files\Dell Support\DSAgnt.exe
<unsigned> DMXLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe
<unsigned> Drive Letter Access Component C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<unsigned> Hewlett-Packard hpwuSchd C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> hp coretech (COmponent REuse TECHnolog C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
<unsigned> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> InstallShield Update Service c:\progra~1\common~1\instal~1\update~1\isuspm.exe
<unsigned> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<unsigned> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<unsigned> PostUpdate.exe C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
<unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe
<unsigned> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
<unsigned> Support.com Scheduler and Command Dispa C:\Program Files\Support.com\bin\tgcmd.exe

<verified> Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> Client and Host Security Platform C:\Program Files\Common Files\Symantec Shared\ccApp.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
<verified> Internet Security C:\Program Files\Norton Internet Security\UrlLstCk.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> LiveUpdate Notice C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Norton AntiVirus C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
<verified> nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
<verified> Pure Networks Platform C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
<verified> SpyHunter4 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> 3D Studio VIZ C:\WINDOWS\Downloaded Program Files\vizable.ocx
<unsigned> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<unsigned> DivX® Content Upload Plugin C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<unsigned> DivX® Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<unsigned> HP eSupport Diagnostics C:\WINDOWS\Downloaded Program Files\HPCommunication.dll
<unsigned> HPRulesEngine C:\WINDOWS\Downloaded Program Files\rulesengine.dll
<unsigned> HPScripting C:\WINDOWS\Downloaded Program Files\hpscripting.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> InternetUtil2 C:\WINDOWS\Downloaded Program Files\InternetUtil2.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

<verified> AutoCAD Today C:\WINDOWS\Downloaded Program Files\AcPreview.ocx
<verified> BitDefender QuickScan C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\eqcmmlrr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\eqcmmlrr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> FixEngine C:\WINDOWS\Downloaded Program Files\fixengine.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> HP Diagnostics Program - Product Identi C:\WINDOWS\Downloaded Program Files\hpbasicdetection3.dll
<verified> HP eDiagnostic Support Objects C:\WINDOWS\Downloaded Program Files\HPeDiag.dll
<verified> i-drop control C:\WINDOWS\Downloaded Program Files\IDrop.ocx
<verified> i-drop control C:\WINDOWS\Downloaded Program Files\IDropENU.dll
<verified> Internet Security c:\program files\common files\symantec shared\adblocking\nisshext.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Norton AntiVirus C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> PC Tools Content Filter C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20091110.002\symidsco.sys
referenced in: HKLM\System\ControlSet001\services\SYMIDSCO\"ImagePath"

File not found: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091117.020\NAVENG.Sys
referenced in: HKLM\System\ControlSet001\services\NAVENG\"ImagePath"

File not found: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091117.020\NavEx15.Sys
referenced in: HKLM\System\ControlSet001\services\NAVEX15\"ImagePath"

File not found: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
referenced in: HKLM\System\ControlSet001\services\IntuitUpdateService\"ImagePath"

File not found: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys
referenced in: HKLM\System\ControlSet001\services\EraserUtilDrvI9\"ImagePath"

File not found: C:\WINDOWS\System32\drivers\tcpsr.sys
referenced in: HKLM\System\ControlSet001\services\tcpsr\"ImagePath"

File not found: C:\WINDOWS\System32\hidserv.dll
referenced in: HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"


Scan
----
<unsigned> MD5: 4b0991cd076b617a2231b19a6663c1c9 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 8ef654045e518ac00e52e7a1e2d3ad70 C:\Program Files\Canon\CAL\CALMAIN.exe
<unsigned> MD5: 763dab43bdab27316dbf3373192823d7 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> MD5: 7692009a8054b59413881d0c3756285d C:\Program Files\Common Files\Symantec Shared\AntiSpam\bteuclid.dll
<unsigned> MD5: 3d073194647e0a364bbc21b7d47f674f C:\Program Files\Common Files\Symantec Shared\AntiSpam\btutils.dll
<unsigned> MD5: 825edddb0521eb2183c7e3c45bb5fe97 C:\Program Files\Dell Support\DSAgnt.exe
<unsigned> MD5: 2ac2372ffad9adc85672cc8e8ae14be9 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
<unsigned> MD5: c24b51faf9baaef67c484d60866693b1 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
<unsigned> MD5: 108d9340a386974336d049a41db6d2b1 C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<unsigned> MD5: 0c4f4ca3acc659a1e1d005283f846c75 C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<unsigned> MD5: 6ab651e1cdf4f62dee4ab61f4cea3691 C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<unsigned> MD5: 051a2e2a75adb6d1c5c27e940fdabcba C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
<unsigned> MD5: 5468859b5dc0f3291d7eec960b569142 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
<unsigned> MD5: a940874b1904f1c48d09f9196f9bc178 C:\Program Files\HP\hpcoretech\hpvcr70.dll
<unsigned> MD5: 6c094b5c32ef99085cb557809b8e0c0b C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll
<unsigned> MD5: 3765535734daeb53e783e239e5d6475b C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
<unsigned> MD5: b122be74e283a2bc7febc180bfd2efd5 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
<unsigned> MD5: 914194c97f00e34074cad76a21f721cf C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
<unsigned> MD5: 8ef356da145f60c3f11df7ef03b97449 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: a3922cd380f968b898da4bb414c38900 C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
<unsigned> MD5: 06dc2fdc6282f0d68910417b1150c848 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 295f3f6856b4e75444039227d001b9cd C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: e2177dfefe6dba82e13a66f1bcbce56b C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 18bf2d5cb7e6a979b61a9ac0f05bff26 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 43cf388dab66e46f5f2231ae8bb7089a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\qttask.exe
<unsigned> MD5: fc34890cc6e40690c0ab39038a422b81 C:\Program Files\support.com\bin\sdchook.dll
<unsigned> MD5: 63026c1af4b4e90fd6fb1d7e63387341 C:\Program Files\Support.com\bin\tgcmd.exe
<unsigned> MD5: 4b1bc262b76232056f3b247c37f26940 C:\Program Files\Symantec\LiveUpdate\MFC71.DLL
<unsigned> MD5: a94dc60a90efd7a35c36d971e3ee7470 C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
<unsigned> MD5: ca2f560921b7b8be1cf555a5a18d54c3 C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
<unsigned> MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> MD5: fb9e5c251cf6c37749f296bacb34a69b c:\progra~1\common~1\instal~1\update~1\isuspm.exe
<unsigned> MD5: 79dfbf84d6f7e249b0b38bb34c776bde C:\PROGRA~1\ENIGMA~1\SPYHUN~1\Common.dll
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: b0de681f4e4577b957af4aad5789d83a C:\WINDOWS\Downloaded Program Files\HPCommunication.dll
<unsigned> MD5: 0658b9bd681f1af49bb3db4972820ea5 C:\WINDOWS\Downloaded Program Files\hpscripting.dll
<unsigned> MD5: 184f3283561556c841d5c2c59e5aed59 C:\WINDOWS\Downloaded Program Files\InternetUtil2.dll
<unsigned> MD5: 6f88f1de97b7ba6e2be4dc29aeeacf0d C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> MD5: bce7e2a8a1d37a78d4414bf9b43d8ebe C:\WINDOWS\Downloaded Program Files\rulesengine.dll
<unsigned> MD5: 2b273547a1c7380ef3351175dda18094 C:\WINDOWS\Downloaded Program Files\vizable.ocx
<unsigned> MD5: 4b423ddb78ab25bcd2ef9bb2f264cbd7 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
<unsigned> MD5: e18770ed0ba0ba5bbae0abbe456f3482 C:\WINDOWS\stsystra.exe
<unsigned> MD5: 981725890ef6a00b38ae3a4db2a0e580 C:\WINDOWS\system32\AcSignIcon.dll
<unsigned> MD5: 8f2097e8b174f38178570c611464935f C:\WINDOWS\system32\atl71.dll
<unsigned> MD5: 8edd7b9e4a4b4c16e2dab9188caa861b C:\WINDOWS\system32\DDMI2.sys
<unsigned> MD5: e2d0de31442390c35e3163c87cb6a9eb C:\WINDOWS\System32\DLA\DLABOIOM.SYS
<unsigned> MD5: 7e0da9899ae623bc67c76cbc0b7a5b0e C:\WINDOWS\system32\DLA\DLACResW.DLL
<unsigned> MD5: cefd0e35b35afd9d1c2fec9af81afdb8 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<unsigned> MD5: 83545593e297f50a8e2524b4c071a153 C:\WINDOWS\System32\DLA\DLADResN.SYS
<unsigned> MD5: 96e01d901cdc98c7817155cc057001bf C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
<unsigned> MD5: 0a60a39cc5e767980a31ca5d7238dfa9 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
<unsigned> MD5: 9fe2b72558fc808357f427fd83314375 C:\WINDOWS\System32\DLA\DLAPoolM.SYS
<unsigned> MD5: e7d105ed1e694449d444a9933df8e060 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
<unsigned> MD5: f08e1dafac457893399e03430a6a1397 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
<unsigned> MD5: 9b510ca988eace18b1c67263bdfa0cc9 C:\WINDOWS\system32\DLAAPI_W.DLL
<unsigned> MD5: d880831279ed91f9a4190a2db9539ea9 C:\WINDOWS\system32\drivers\ASCTRM.sys
<unsigned> MD5: e3879c514f59402e1a7ce58a5511816f C:\WINDOWS\System32\Drivers\Capt905c.sys
<unsigned> MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
<unsigned> MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\system32\drivers\DLARTL_N.sys
<unsigned> MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
<unsigned> MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\system32\drivers\DRVNDDM.sys
<unsigned> MD5: 1e59aaed42a5e3a5ed86ec403f9c0776 C:\WINDOWS\system32\Drivers\iqvw32.sys
<unsigned> MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
<unsigned> MD5: 81088114178112618b1c414a65e50f7c C:\WINDOWS\System32\Drivers\PxHelp20.sys
<unsigned> MD5: 901c43516504cbe582e4c4193e00876a C:\WINDOWS\system32\HPZipm12.exe
<unsigned> MD5: 83c922dc4bb3e408bfd5c8d15633025c C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
<unsigned> MD5: baf751e7061ff626aa60f56d1d5d1fdc C:\WINDOWS\system32\MFC71ENU.DLL
<unsigned> MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
<unsigned> MD5: a94dc60a90efd7a35c36d971e3ee7470 C:\WINDOWS\system32\MSVCP71.DLL
<unsigned> MD5: ca2f560921b7b8be1cf555a5a18d54c3 C:\WINDOWS\system32\MSVCR71.DLL
<unsigned> MD5: 31fb4b337dd09bdf99429d7dbb5fdd48 C:\WINDOWS\system32\netfxperf.dll
<unsigned> MD5: 10e57fc61ec46fff49e8860a2a97f3db C:\WINDOWS\system32\NvCpl.dll
<unsigned> MD5: 987467b9ffd1e2d0f6a3e530454994dc C:\WINDOWS\system32\nvmctray.dll
<unsigned> MD5: 383aa018830eb16965181c39cb0f3b73 C:\WINDOWS\system32\nvsvc32.exe
<unsigned> MD5: af238673651efc0226ea74239b502a6f C:\WINDOWS\system32\pdf995mon.dll
<unsigned> MD5: 7395329cd34d72420c67f641f7accdfc C:\WINDOWS\system32\stlang.dll
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.09 MB sent, 3.94 KB recvd
Scanned 1541 files and modules - 152 seconds

#14 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 26 April 2010 - 09:54 PM

[quote name='johncolarelli' date='Apr 26 2010, 10:19 PM' post='1733827']
1. Still cannot update MBAM directly. This is an issue with the Norton interface and it hasn't yet received a solution - I update the rules.ref on another PC and copy over so I should be current, right? Last full scan was in normal mode.

for the most part, the rules are updated about once a week and the program update happens daily

2. Cannot open in Safe Mode, but ran the SAS in normal mode. Get the 'blue screen of death' when we try to go into safe mode. I should probably re-install windows or consider upgrading to a new PC at this point really.........

that worries me a bit

3. BitDefender log, says we're clean, anything jumping out at you? Let me know your thoughts, I'll check in again in the morning (today was an early day for me). I have to admit that I am a little concerned about 'missing files' so let me know if these are an issue if they're not here. Thanks!

combine those missing files( one is a rootkit which is supposed to hide) and the safe mode problems, it probably best to get a final checkup from the experts who look at more advanced logs than over in the "Am I Infected?" area that we are in now. For the most part, things are better but I would feel better if took this one final step further. Probably no need to buy another computer once you get this fixed and there are people who will be willing to help you.


Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues.

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

#15 johncolarelli

johncolarelli
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverton NJ
  • Local time:01:22 AM

Posted 27 April 2010 - 06:00 AM

Hmmm, cannot get DDS to run. I have AutoCAD on my computer and it's trying to run it as an AutoCAD script. Is there an alternate link or extension that I can get to work (like with RKILL, SAS, etc.)?

Also, GMER crashes my system, brings back the blue screen of death again. I tried limiting the scans as was noted in some other threads, but they all either lock-up completelty and require re-booting or bring the blue screen. I guess the good news is that upon re-booting after a blue screen, I get a message that says Windows has recovered from a serious error. :thumbsup:

So, back to the original message, are there alternate scans that I can run?

Edited by johncolarelli, 27 April 2010 - 08:16 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users