Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake anti-virus is redirecting my internet connection


  • Please log in to reply
5 replies to this topic

#1 thoughtninja

thoughtninja

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 02 May 2010 - 03:04 AM

A little while a go an obviously fake anti-virus program popped up on my comp and started a scan. I attempted to kill the process in Task Manager but was thwarted when a popup box said that it was infected and could not open. Same with Malwarebytes. So I shut off the comp, restarted in safe mode, and ran a Malwarebytes scan which detected a few trojans/malware. I deleted them through MB. I ran CCleaner to remove any temp files in which it might be hiding in. Then I restarted. Everything works now except for my internet connection but Firefox miraculously works. Chrome will not display any page and instead says there is no connection. IE redirects to 127.0.0.1. I can ping any site with no obvious delay. Steam connects but will not display any web content. Not sure where to proceed from here. I need some advice. Thanks in advance.

Edit: Also would like add that no odd or suspicious processes are running in the TM.

Edited by thoughtninja, 02 May 2010 - 03:06 AM.


BC AdBot (Login to Remove)

 


#2 thoughtninja

thoughtninja
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 02 May 2010 - 03:13 AM

DDS (Ver_10-03-17.01) - NTFSx86
Run by TVX at 3:11:27.32 on Sun 05/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.476 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Doyle Brown\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Google Update] "c:\documents and settings\doyle brown\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [eBook Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [ZAFFRegisterTrustChecker] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustChecker.dll"
dRunOnce: [ZAFFRegisterTrustCheckerIE] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll"
StartupFolder: c:\docume~1\doyleb~1\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download linked FLV with GetFLV - c:\program files\getflv\iemenu\DownloadLinkFLV.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {028E2D30-93C4-EAEB-0801-040005020704} - c:\windows\system32\drwatson.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\doyleb~1\applic~1\mozilla\firefox\profiles\bspv2hmf.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\documents and settings\doyle brown\application data\mozilla\firefox\profiles\bspv2hmf.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\winnt_x86-msvc\components\FFThrottle.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\doyle brown\application data\mozilla\firefox\profiles\bspv2hmf.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\doyle brown\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-1-16 11264]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2007-8-9 38912]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-1-16 13696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-2-4 11920]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-5-23 55424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-5-23 42048]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\HCW848NT.sys [2009-12-2 140440]
S0 vkquwexg;vkquwexg;c:\windows\system32\drivers\combo-fix.sys --> c:\windows\system32\drivers\Combo-Fix.sys [?]
S0 yolpve;yolpve;c:\windows\system32\drivers\hjjyfhw.sys --> c:\windows\system32\drivers\hjjyfhw.sys [?]
S2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\doyleb~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\doyleb~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\doyleb~1\locals~1\temp\vqw11b.tmp --> c:\docume~1\doyleb~1\locals~1\temp\VQW11B.tmp [?]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 memsysdrv;Memory System;c:\windows\system32\drivers\memsysdrv.sys [2007-1-20 44238]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-2-4 266432]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-26 14424]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-1-18 223128]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677]

=============== Created Last 30 ================

2010-04-24 06:48:25 0 ----a-w- c:\windows\iPlayer.INI
2010-04-24 06:45:53 0 d-----w- c:\program files\InterActual
2010-04-16 12:28:29 0 d-----w- c:\program files\K-Lite Codec Pack
2010-04-11 21:25:51 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-10 15:21:15 0 d-----w- c:\program files\Burrrn
2010-04-08 11:41:21 0 d-----w- c:\program files\VDMSound
2010-04-05 04:32:26 0 d-----w- c:\program files\PowerUp Software
2010-04-04 08:36:32 0 d-----w- c:\docume~1\doyleb~1\applic~1\PowerUp Software
2010-04-04 08:33:52 0 d-----w- c:\docume~1\alluse~1\applic~1\PowerUp Software
2010-04-04 08:31:43 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2010-04-04 08:31:41 91632 ----a-w- c:\windows\system32\dsofile.dll
2010-04-04 08:31:41 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-04-04 08:31:41 57344 ------w- c:\windows\system32\ADsSecurity.dll
2010-04-04 08:31:41 45056 ------w- c:\windows\system32\NTSVC.ocx
2010-04-04 08:31:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-04-04 08:31:41 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-04-04 08:31:41 164144 ----a-w- c:\windows\system32\comct232.ocx
2010-04-04 08:31:41 119296 ----a-w- c:\windows\system32\zlib.dll
2010-04-04 08:31:40 36864 ----a-w- c:\windows\system32\dxinputdll.dll
2010-04-03 10:42:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Fallout2
2010-04-03 10:34:06 52736 ----a-w- c:\windows\ipuninst.exe

==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 09:10:25 39216 ----a-w- c:\windows\DIIUnin.dat
2010-03-03 06:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2007-05-12 00:14:47 108 --sha-r- c:\windows\neoqaz2.dll

============= FINISH: 3:12:12.47 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2008 12:26:05 AM
System Uptime: 5/2/2010 2:31:44 AM (1 hours ago)

Motherboard: | | P4M800CE-8237
Processor: Intel® Pentium® D CPU 3.40GHz | Socket 775 | 3407/200mhz
Processor: Intel® Pentium® D CPU 3.40GHz | Socket 775 | 3407/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 8.427 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 7.601 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&13C0B0C5&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&13C0B0C5&0&90
Service: FETND5BV

Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_NPF_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_NPF_XX
Service: NPF

Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_VSFOCEKUELNKPJ_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_VSFOCEKUELNKPJ_XX
Service: vsfocekuelnkpj

==== System Restore Points ===================

RP157: 4/30/2010 10:36:34 AM - System Checkpoint
RP158: 5/1/2010 11:18:26 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
3ivx MPEG-4 5.0 Decoder (remove only)
7-Zip 4.42
Active@ File Recovery 7.1
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
AGEIA PhysX v7.07.09
Agile Video Splitter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AusLogics Disk Defrag
AutoUpdate
Bink and Smacker
Bonjour
Call of Duty® - World at War™
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® 4 - Modern Warfare™ 1.3 Patch
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
CCleaner
CDisplay 1.8
Cool Edit Pro 2.1
CyberScrub® Privacy Suite™ 4.2 Professional
D'Accord Guitar Chord Dictionary 3.0
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp WavPack Codec
Deus Ex
Diablo II
DiscJuggler
DivX Codec
DivX Converter
DivX Player
DivX Setup
DivX Web Player
dMC Power Pack
Driver Sweeper 2.1.0
DVD Shrink 3.2
DVD X Player 4.1 Professional
Easy Resume Creator Pro
Easy Video Joiner 5.01
Easy Video Splitter 1.26
ESET NOD32 Antivirus
ESScore
ESSgui
essvatgt
Fallout2
ffdshow [rev 3299] [2010-03-03]
FL Studio 9
FLV Player 2.0 (build 25)
Foxit Reader
Futuremark SystemInfo
Game Booster
Garena 2010
GetFLV Pro 5.0
Google Chrome
Gravis Xperience 4.5
Guitar Pro 5.2
Hardcore
Hauppauge WinTV-D (Model 39xxx)
Hauppauge WinTV NT4/Win2000 Drivers
Hauppauge WinTV2000
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
IconPackager
IL Download Manager
Insurgency
InterActual Player
Internet Download Manager
IrfanView (remove only)
iTunes
Java™ 6 Update 14
JDownloader
JScreenFix deluxe
K-Lite Codec Pack 3.2.5 Standard
Left 4 Dead 2 Standalone Patch™
LightScribe 1.4.124.1
Logitech Gaming Software 5.08
Machinarium
Magicbit DVD to DivX Converter
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Mayoko
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monopoly by Parker Brothers
Mozilla Firefox (3.0.1)
Mozilla Firefox (3.5.8)
MP3 Splitter & Joiner
MP4 Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
muvee Plugin 1.0
Nero 6 Ultra Edition
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
nullDC 1.0.0 Public Beta 1 Setup
NVIDIA Drivers
OfotoXMI
oggcodecs 0.71.0946
OpenAL
Opera 9.50
PaltalkScene
PC Tune-Up
Pcsx2 0.9.6
PDF Settings
Peer2Mail (remove only)
PeerBlock 1.0.0 (r181)
Picture Slide Show
Pinnacle Game Profiler
Platform
Pocket Tanks Deluxe
PoiZone
Power Tab Editor 1.7
PowerISO
Project64 1.6
PRS-500 USB driver
Psychonauts
Quake Live Mozilla Plugin
QuickPar 0.9
QuickTime
QuickTime Alternative 1.77
RapidCRC 0.6.1
Reader Library by Sony
Real Alternative 1.9.0
Realtek AC'97 Audio
Restore My Files Data Recovery v6.01
Riva FLV Encoder 2.0
RocketDock 1.3.5
Sakura
Sawer
ScummVM 0.9.0
SFR
SHOUTcast Source DSP 1.9.0 (remove only)
SKINXSDK
SlideShow Desktop
Smart DVD/CD Burner
Software Update for Web Folders
Some PDF Image Extractr 1.5
Sound Control v2.15
Source SDK Base
Source SDK Base - Orange Box
SpeedFan (remove only)
SpeedyFox
StarCraft II Beta
Steam
StyleXP (remove only)
Sun xVM VirtualBox
TBS WMP Plug-in
The Nameless Mod
Tony Hawks Pro Skater 4
Torchlight
Total Video Converter 3.01
Toxic Biohazard
Trillian
Trivial Pursuit Unhinged
TVUPlayer 2.3.0.0
Uninstall
Universal Document Converter
Universe Sandbox
Unlocker 1.8.5
Update for Windows XP (KB938828)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VDMSound
Veoh Web Player
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Vidalia 0.1.10
Video Fixer 3.23
VideoCacheView
VLC media player 1.0.0
VPRINTOL
VTFEdit 1.2.5
Web Page Maker V2.5
Winamp (remove only)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
WinRAR archiver
WinUHA 2.0 RC1 (2005.02.27)
Wireless Keyboard
xplorer˛ professional
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

4/28/2010 2:15:07 AM, error: Service Control Manager [7034] - The StyleXPService service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:15:01 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 2:14:47 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
4/28/2010 2:14:47 AM, error: Service Control Manager [7000] - The StarWind iSCSI Service service failed to start due to the following error: The system cannot find the file specified.
4/28/2010 2:14:47 AM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.
4/28/2010 2:14:47 AM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: The system cannot find the file specified.
4/28/2010 2:13:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2010 2:07:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/28/2010 2:07:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/28/2010 2:02:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BIOS easdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu StyleXPHelper Tcpip VBoxDrv VBoxUSBMon
4/28/2010 2:02:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2010 2:02:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2010 2:02:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2010 2:02:53 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

#3 thoughtninja

thoughtninja
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 02 May 2010 - 03:29 AM

I tried to add the requested log files in the post recommendation topic but now my comp is randomly restarting by itself and it wont complete a scan.

:edit: This seems to only happen when I try to run a gmer scan.

Edited by thoughtninja, 02 May 2010 - 03:51 AM.


#4 thoughtninja

thoughtninja
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 02 May 2010 - 06:12 AM

Please disregard above. I found a solution. The malware simply turned a proxy on under the internet settings. How Firefox got around this I'll never know.

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,857 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:55 AM

Posted 02 May 2010 - 10:04 AM

Thanks for posting your resolution...happy computing :thumbsup:.

Louis

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:55 AM

Posted 02 May 2010 - 03:20 PM

Please disregard above. I found a solution. The malware simply turned a proxy on under the internet settings. How Firefox got around this I'll never know.


Firefox wasn't affected, because most malware writers assume that only Internet Explorer is installed and no other browsers. So the malware left the proxy settings alone in FIrefox, however, most every other application on Windows depends heavily upon the internet settings set in Internet Explorer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users