Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unstoppable and constant redirects


  • This topic is locked This topic is locked
2 replies to this topic

#1 opto88

opto88

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 18 August 2010 - 03:51 PM

About 6 days ago I started to get redirects in the search results of Google, FF and IE. I had AVG running at the time. Since then, I have run Aviara Anti Vir, Super AntiSpyware, Sophos Rootkit killer, Rootkit Buster, TDSSKiller, Spybot S&D,Ad-aware, CCleaner,Advanced SystemCare,Threatfire, UniBlue Registry Cleaner and Registry mechanic. I've been busy and very frustrated. All these programs found various minor problems but none solved the redirect problem. It is now super annoying.
I am running Windows 7 (DAZ loader 1.9.1) with 2 gb of memory and 1TB WD drive. Using an NVidia 8400 GS graphics card.

I posted to the 'Am I Infected?' forum and was instructed to run an MBR check and TDSS Killer. The MBR was OK and the TDSS Killer found 1 rootkit, which was removed with no improvement to all the redirects. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/340787/constant-redirects-in-all-browsers/ ~ OB

As instructed, here is the DDS printout. Each time I do a GMER it crashes my computer, so I am leery about doing that again until instructed to do so. I have the DDS Attach.txt file if needed.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Marty at 13:35:25.19 on Wed 08/18/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.426 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

G:\Windows\system32\wininit.exe
G:\Marty'sPrograms\AVG9\avgchsvx.exe
G:\Marty'sPrograms\AVG9\avgrsx.exe
G:\Windows\system32\lsm.exe
G:\Marty'sPrograms\AVG9\avgcsrvx.exe
G:\Windows\system32\svchost.exe -k DcomLaunch
G:\Windows\system32\nvvsvc.exe
G:\Windows\system32\svchost.exe -k RPCSS
G:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
G:\Windows\system32\svchost.exe -k netsvcs
G:\Windows\system32\svchost.exe -k LocalService
G:\Windows\system32\svchost.exe -k NetworkService
G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
G:\Windows\system32\nvvsvc.exe
G:\Windows\System32\spoolsv.exe
G:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
G:\Windows\system32\taskhost.exe
G:\Windows\system32\Dwm.exe
G:\Windows\Explorer.EXE
G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
G:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
G:\Marty'sPrograms\AVG9\avgwdsvc.exe
G:\Marty'sPrograms\PC Tools Firewall Plus\FWService.exe
G:\Program Files\HotKeyz\HotKeyz.exe
G:\Program Files\ClocX\ClocX.exe
G:\Marty'sPrograms\ThreatFire\TFTray.exe
G:\Marty'sPrograms\PC Tools Firewall Plus\FirewallGUI.exe
G:\Marty'sPrograms\AVG9\avgtray.exe
G:\Program Files\Cyberlink\Shared files\RichVideo.exe
G:\Marty'sPrograms\Rainlendar\Rainlendar2.exe
G:\Marty'sPrograms\RocketDock\RocketDock.exe
G:\Marty'sPrograms\SarbyxTrayClock\trayclock.exe
G:\Program Files\Smart Shutdown\Smart Shutdown.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Users\Marty\AppData\Local\Temp\Rar$EX01.117\NetworkIndicator.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Marty'sPrograms\AtomicClock\atomic.exe
G:\Program Files\Directory Opus\dopus.exe
G:\Marty'sPrograms\AVG9\avgnsx.exe
G:\Windows\system32\svchost.exe -k imgsvc
G:\Marty'sPrograms\ThreatFire\TFService.exe
G:\Marty'sPrograms\AVG9\avgemc.exe
G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
G:\Marty'sPrograms\AVG9\avgcsrvx.exe
G:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
G:\Windows\system32\wbem\unsecapp.exe
G:\Windows\system32\wbem\wmiprvse.exe
G:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
G:\Marty'sPrograms\MailWasher Pro\MailWasher.exe
G:\Marty'sPrograms\Always on Top\PowerMenu.exe
G:\Users\Marty\AppData\Local\Temp\Rar$EX00.063\ShellFolderFixUI.exe
G:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Program Files\Mozilla Thunderbird\thunderbird.exe
G:\Marty'sPrograms\Diskeeper\DkService.exe
G:\Users\Marty\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Hold\dds.scr
G:\Windows\system32\conhost.exe
G:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.bing.com/?pc=AVBR
uStart Page = hxxp://www.bing.com/?pc=AVBR
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\marty'sprograms\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\marty'sprograms\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - g:\progra~1\spybot~1\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - g:\program files\lastpass\LPBar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\marty'sprograms\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - g:\marty'sprograms\avg9\toolbar\IEToolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - g:\program files\lastpass\LPBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "g:\users\marty\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Rainlendar2] g:\marty'sprograms\rainlendar\Rainlendar2.exe
uRun: [RocketDock] "g:\marty'sprograms\rocketdock\RocketDock.exe"
uRun: [SarbyxTrayClock] g:\marty'sprograms\sarbyxtrayclock\trayclock.exe
uRun: [Slawdog Smart Shutdown] g:\program files\smart shutdown\Smart Shutdown.exe startup
uRun: [Sidebar] g:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NetworkIndicator] g:\users\marty\appdata\local\temp\rar$ex01.117\NetworkIndicator.exe
uRun: [Directory Opus Desktop Dblclk] "g:\program files\directory opus\dopusrt.exe" /dblclk
uRun: [SpybotSD TeaTimer] g:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeyz.exe Startup] g:\program files\hotkeyz\HotKeyz.exe Startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ClocX] g:\program files\clocx\ClocX.exe
mRun: [ThreatFire] g:\marty'sprograms\threatfire\TFTray.exe
mRun: [00PCTFW] "g:\marty'sprograms\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AVG9_TRAY] g:\marty'~1\avg9\avgtray.exe
dRunOnce: [SWHelper] "g:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
StartupFolder: g:\users\marty\appdata\roaming\micros~1\windows\startm~1\programs\startup\atomic~1.lnk - g:\marty'sprograms\atomicclock\atomic.exe
StartupFolder: g:\users\marty\appdata\roaming\micros~1\windows\startm~1\programs\startup\direct~1.lnk - g:\program files\directory opus\dopus.exe
StartupFolder: g:\users\marty\appdata\roaming\micros~1\windows\startm~1\programs\startup\DSLCON~1.LNK -
StartupFolder: g:\users\marty\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - g:\marty'sprograms\mailwasher pro\MailWasher.exe
StartupFolder: g:\users\marty\appdata\roaming\micros~1\windows\startm~1\programs\startup\powerm~1.lnk - g:\marty'sprograms\always on top\PowerMenu.exe
StartupFolder: g:\users\marty\appdata\roaming\micros~1\windows\startm~1\programs\startup\shellf~1.lnk - g:\users\marty\appdata\local\temp\rar$ex00.063\ShellFolderFixUI.exe
StartupFolder: g:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - g:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - g:\progra~1\mi4066~1\office14\EXCEL.EXE/3000
IE: LastPass - file://g:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://g:\program files\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - g:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - g:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - g:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {B0CD4C95-00D2-4926-832D-99A376C21D60} = 156.154.70.1 156.154.71.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - g:\marty'sprograms\avg9\toolbar\IEToolbar.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - g:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\marty'sprograms\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;g:\windows\system32\drivers\hotcore3.sys [2010-7-22 40560]
R0 Lbd;Lbd;g:\windows\system32\drivers\Lbd.sys [2010-8-16 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);g:\windows\system32\drivers\tdrpm258.sys [2010-7-17 911680]
R0 TfFsMon;TfFsMon;g:\windows\system32\drivers\TfFsMon.sys [2010-7-19 51984]
R0 TfSysMon;TfSysMon;g:\windows\system32\drivers\TfSysMon.sys [2010-7-19 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2010-7-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2010-7-17 29584]
R1 AvgTdiX;AVG Free Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2010-7-17 243024]
R1 pctgntdi;pctgntdi;g:\windows\system32\drivers\pctgntdi.sys [2010-7-20 233136]
R1 SASDIFSV;SASDIFSV;g:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;g:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;g:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-7-17 2480048]
R2 avg9emc;AVG Free E-mail Scanner;g:\marty'sprograms\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;g:\marty'sprograms\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
R2 PCTAppEvent;PCTAppEvent Driver;g:\windows\system32\drivers\PCTAppEvent.sys [2010-7-20 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;g:\marty'sprograms\pc tools firewall plus\FWService.exe [2010-7-20 818432]
R2 SBSDWSCService;SBSD Security Center Service;g:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-14 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;g:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 ThreatFire;ThreatFire;g:\marty'sprograms\threatfire\tfservice.exe service --> g:\marty'sprograms\threatfire\TFService.exe service [?]
R3 afcdp;afcdp;g:\windows\system32\drivers\afcdp.sys [2010-7-17 160288]
R3 DKRtWrt;DKRtWrt;g:\windows\system32\drivers\DKRtWrt.sys [2010-7-21 45232]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;g:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-7-20 70664]
R3 pctNDIS;PC Tools Driver;g:\windows\system32\drivers\pctNdis.sys [2010-7-20 58816]
R3 pctplfw;pctplfw;g:\windows\system32\drivers\pctplfw.sys [2010-7-20 115216]
R3 SndTAudio;SndTAudio;g:\windows\system32\drivers\SndTAudio.sys [2010-7-22 23096]
R3 SndTVideo;SndTVideo;g:\windows\system32\drivers\SndTVideo.sys [2010-7-22 3768]
R3 TfNetMon;TfNetMon;g:\windows\system32\drivers\TfNetMon.sys [2010-7-19 33552]
R3 VST_DPV;VST_DPV;g:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;g:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\marty'sprograms\avg9\toolbar\ToolbarBroker.exe [2010-7-17 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;g:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;g:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-16 15008]
S3 SMServer;SMServer;g:\windows\system32\snmvtsvc.exe [2010-7-22 237568]
S3 SwitchBoard;Adobe SwitchBoard;g:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\wat\WatAdminSvc.exe [2010-7-17 1343400]

=============== Created Last 30 ================

2010-08-18 20:05:59 0 --sha-w- G:\DkHyperbootSync
2010-08-18 19:29:14 59664 ----a-w- g:\windows\system32\drivers\tskD7CA.tmp
2010-08-17 18:25:48 59664 ----a-w- g:\windows\system32\drivers\tsk3CF2.tmp
2010-08-17 03:20:35 64288 ----a-w- g:\windows\system32\drivers\Lbd.sys
2010-08-17 03:20:30 95024 ----a-w- g:\windows\system32\drivers\SBREDrv.sys
2010-08-17 03:14:13 0 dc-h--w- g:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-17 03:13:57 0 d-----w- g:\programdata\Lavasoft
2010-08-17 03:13:57 0 d-----w- g:\program files\Lavasoft
2010-08-16 20:56:15 193 ----a-w- g:\windows\WORDPAD.INI
2010-08-16 03:23:53 0 d-----w- g:\program files\RootkitBuster
2010-08-15 19:52:41 0 d-----w- g:\users\marty\Pavark
2010-08-15 02:32:53 0 d-----w- g:\users\marty\appdata\roaming\Adobe Mini Bridge CS5
2010-08-15 02:32:52 0 d-----w- g:\users\marty\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-14 21:09:01 0 d-----w- g:\programdata\Spybot - Search & Destroy
2010-08-14 21:09:01 0 d-----w- g:\program files\Spybot - Search & Destroy
2010-08-14 17:53:20 0 d-----w- g:\users\marty\appdata\roaming\SUPERAntiSpyware.com
2010-08-14 17:53:20 0 d-----w- g:\programdata\SUPERAntiSpyware.com
2010-08-14 17:52:46 0 d-----w- g:\program files\SUPERAntiSpyware
2010-08-14 17:14:08 40960 ----a-w- g:\windows\system32\PingIPscan305.exe
2010-08-13 01:59:28 331090 --sh--r- G:\QUKRV
2010-08-10 22:25:24 0 d-----w- G:\VueScan
2010-08-10 04:09:04 0 d-----w- g:\programdata\NVIDIA Corporation
2010-08-10 02:48:22 1908 ----a-w- g:\windows\diagwrn.xml
2010-08-10 02:48:22 1908 ----a-w- g:\windows\diagerr.xml
2010-08-10 02:26:22 0 d-----w- g:\windows\system32\ShellExt
2010-08-09 07:56:33 526184 ----a-w- g:\windows\system32\XceedCry.dll
2010-08-09 07:56:33 456536 ----a-w- g:\windows\system32\XCEEDZIP.DLL
2010-08-09 07:56:33 224016 ----a-w- g:\windows\system32\Tabctl32.ocx
2010-08-09 07:56:33 132880 ----a-w- g:\windows\system32\Msinet.ocx
2010-08-09 07:56:33 110602 ----a-w- g:\windows\system32\xcdsfx32.bin
2010-08-05 23:35:23 111 ----a-w- g:\windows\wininit.ini
2010-08-05 23:11:39 0 d-----w- g:\programdata\Links 2003
2010-08-05 01:30:26 0 d-----w- g:\program files\Amazon
2010-08-04 01:39:12 0 d--h--w- g:\windows\PIF
2010-08-03 23:36:55 0 d--h--w- G:\$AVG
2010-08-03 22:42:48 0 d-----w- g:\programdata\AutoKMS
2010-08-02 22:28:43 0 d-----w- g:\program files\Belarc
2010-07-31 06:06:13 0 d-----w- g:\users\marty\.rainlendar2
2010-07-31 01:06:08 0 d-----w- G:\PFiles
2010-07-30 23:49:39 0 d-----w- g:\users\marty\appdata\roaming\AVG9
2010-07-30 02:46:23 20 --sh--r- G:\win7.ld
2010-07-30 02:28:18 383562 --sha-r- G:\bootmgr
2010-07-30 02:28:17 0 d-sh--w- G:\Boot
2010-07-29 18:05:52 0 d-----w- g:\programdata\backup
2010-07-29 18:02:41 0 d-----w- g:\programdata\deletepart
2010-07-28 06:35:50 0 d-----w- g:\program files\common files\PX Storage Engine
2010-07-28 06:35:21 0 d-----w- g:\program files\common files\DivX Shared
2010-07-28 06:33:02 0 d-----w- g:\program files\DivX
2010-07-28 04:27:15 0 d-----w- g:\program files\Directory Opus
2010-07-28 01:42:35 0 d-----w- g:\windows\system32\inf32
2010-07-28 01:40:29 0 d-----w- g:\users\marty\appdata\roaming\GPSoftware
2010-07-28 01:40:29 0 d-----w- g:\programdata\GPSoftware
2010-07-26 22:30:29 816 ----a-w- g:\windows\system32\N065ub.dat
2010-07-26 22:30:29 816 ----a-w- g:\windows\system32\N065ua.dat
2010-07-26 22:30:29 503808 ----a-w- g:\windows\system32\N65WUD.DLL
2010-07-26 22:30:29 45056 ----a-w- g:\windows\system32\CANOIT32.EXE
2010-07-26 22:30:29 311296 ----a-w- g:\windows\system32\N065UFW.DLL
2010-07-26 22:30:29 119808 ----a-w- g:\windows\system32\ITLIB32.DLL
2010-07-26 22:30:29 118784 ----a-w- g:\windows\system32\n65wimg.DLL
2010-07-26 22:13:23 323645 ----a-w- g:\windows\system32\UCS32P.DLL
2010-07-26 20:28:11 0 d-----w- g:\windows\pss
2010-07-24 21:02:23 298496 ----a-w- g:\windows\uninst.exe
2010-07-24 19:48:33 0 d-----w- g:\temp\CanoScanCSUv571a
2010-07-24 19:48:33 0 d-----w- G:\Temp
2010-07-23 20:37:21 0 d-----w- g:\windows\system32\appmgmt
2010-07-23 17:46:25 0 d-----r- g:\users\marty\Virtual Machines
2010-07-23 16:50:10 14848 ----a-w- g:\windows\system32\vpchbuspipe.dll
2010-07-23 16:50:07 78336 ----a-w- g:\windows\system32\drivers\vpcusb.sys
2010-07-23 16:50:07 165376 ----a-w- g:\windows\system32\drivers\vpchbus.sys
2010-07-23 04:51:43 61 --sh--w- g:\windows\cnerolf.dat
2010-07-23 04:36:35 0 d-----w- g:\programdata\redistpart
2010-07-23 04:35:09 40560 ----a-w- g:\windows\system32\drivers\hotcore3.sys
2010-07-23 04:06:30 237568 ----a-w- g:\windows\system32\snmvtsvc.exe
2010-07-23 04:06:28 3768 ----a-w- g:\windows\system32\SndTVideo.sys
2010-07-23 04:06:28 3768 ----a-w- g:\windows\system32\drivers\SndTVideo.sys
2010-07-23 04:06:28 2577 ----a-w- g:\windows\system32\SndTVideo.inf
2010-07-23 04:06:28 2539 ----a-w- g:\windows\system32\SndTVideo.cat
2010-07-23 04:06:28 23096 ----a-w- g:\windows\system32\SndTAudio.sys
2010-07-23 04:06:28 23096 ----a-w- g:\windows\system32\drivers\SndTAudio.sys
2010-07-23 04:06:28 2100 ----a-w- g:\windows\system32\SndTAudio.cat
2010-07-23 04:06:28 19099 ----a-w- g:\windows\system32\SndTAudio.inf
2010-07-23 04:06:28 10936 ----a-w- g:\windows\system32\SndTVideo.dll
2010-07-23 03:15:24 0 d-----w- g:\program files\Smart PC Utilities
2010-07-23 03:02:41 3447376 ----a-w- g:\windows\system32\hdm.dll
2010-07-22 20:23:47 0 d-sh--w- G:\Diskeeper
2010-07-22 03:55:31 0 d-----w- g:\program files\Web Publish
2010-07-22 03:54:15 0 d-----w- g:\program files\common files\Broderbund
2010-07-22 03:54:14 29184 ------w- g:\windows\system32\Popup.ocx
2010-07-22 03:54:14 24576 ------w- g:\windows\system32\msxml3a.dll
2010-07-22 03:54:12 0 d-----w- g:\program files\common files\MSSoap
2010-07-22 03:53:46 0 d-----w- g:\program files\Print Shop 15
2010-07-22 03:42:17 0 d-----w- G:\AdjustFolderSize
2010-07-22 03:11:27 102400 ----a-w- g:\windows\system32\unzip32.dll
2010-07-22 01:37:18 45232 ----a-w- g:\windows\system32\drivers\DKRtWrt.sys
2010-07-22 01:37:11 0 d-----w- g:\program files\common files\Diskeeper Corporation
2010-07-22 01:37:10 0 d-----w- g:\program files\Windows Home Server
2010-07-22 01:32:08 0 d-----w- g:\programdata\Google
2010-07-21 21:07:49 0 d-----w- g:\users\marty\appdata\roaming\ShellFolderFix
2010-07-21 18:42:20 0 d-----w- g:\program files\LastPass
2010-07-21 15:59:11 0 d-----w- g:\users\marty\appdata\roaming\Ashampoo
2010-07-21 06:09:45 0 d-----w- g:\program files\Ashampoo
2010-07-21 04:04:17 4254224 ----a-w- g:\windows\system32\qtp-mt334.dll
2010-07-21 03:49:32 0 d-----w- g:\users\marty\appdata\roaming\PCToolsFirewallPlus
2010-07-21 03:46:21 65536 ------w- g:\windows\system32\Ikeext.etl
2010-07-21 03:46:17 88040 ----a-w- g:\windows\system32\drivers\PCTAppEvent.sys
2010-07-21 03:46:17 7412 ----a-w- g:\windows\system32\drivers\PCTAppEvent.cat
2010-07-21 03:46:17 7383 ----a-w- g:\windows\system32\drivers\pctcore.cat
2010-07-21 03:46:17 207792 ----a-w- g:\windows\system32\drivers\PCTCore.sys
2010-07-21 03:46:13 7387 ----a-w- g:\windows\system32\drivers\pctgntdi.cat
2010-07-21 03:46:13 233136 ----a-w- g:\windows\system32\drivers\pctgntdi.sys
2010-07-21 03:46:13 100136 ----a-w- g:\windows\system32\drivers\pctwfpfilter.sys
2010-07-21 03:45:54 0 d---a-w- g:\programdata\TEMP
2010-07-21 03:45:48 7435 ----a-w- g:\windows\system32\drivers\pctNdis-PacketFilter.cat
2010-07-21 03:45:48 7399 ----a-w- g:\windows\system32\drivers\pctNdis-DNS.cat
2010-07-21 03:45:48 70664 ----a-w- g:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-07-21 03:45:48 58816 ----a-w- g:\windows\system32\drivers\pctNdis.sys
2010-07-21 03:45:48 32680 ----a-w- g:\windows\system32\drivers\pctNdis-DNS.sys
2010-07-21 03:45:48 0 d-----w- g:\program files\common files\PC Tools
2010-07-21 03:45:46 7383 ----a-w- g:\windows\system32\drivers\pctplfw.cat
2010-07-21 03:45:46 115216 ----a-w- g:\windows\system32\drivers\pctplfw.sys
2010-07-21 03:34:12 0 d-----w- g:\users\marty\appdata\roaming\Malwarebytes
2010-07-21 03:34:01 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 03:33:53 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-07-20 04:12:11 59664 ----a-w- g:\windows\system32\drivers\TfSysMon.sys
2010-07-20 04:12:11 51984 ----a-w- g:\windows\system32\drivers\TfFsMon.sys
2010-07-20 04:12:11 33552 ----a-w- g:\windows\system32\drivers\TfNetMon.sys
2010-07-20 03:56:20 65536 --sha-w- g:\users\marty\ntuser.dat{e653739e-93b0-11df-8837-001bfc3ff023}.TM.blf
2010-07-20 03:56:20 524288 --sha-w- g:\users\marty\ntuser.dat{e653739e-93b0-11df-8837-001bfc3ff023}.TMContainer00000000000000000002.regtrans-ms
2010-07-20 03:56:20 524288 --sha-w- g:\users\marty\ntuser.dat{e653739e-93b0-11df-8837-001bfc3ff023}.TMContainer00000000000000000001.regtrans-ms
2010-07-20 03:39:06 0 d-----w- g:\programdata\NVIDIA
2010-07-20 03:37:52 0 d-----w- g:\program files\NVIDIA Corporation

==================== Find3M ====================

2010-07-18 20:06:56 0 ---ha-w- g:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-18 20:06:56 0 ---ha-w- g:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-18 18:53:39 423656 ----a-w- g:\windows\system32\deployJava1.dll
2010-07-18 03:43:53 160288 ----a-w- g:\windows\system32\drivers\afcdp.sys
2010-07-18 03:43:50 911680 ----a-w- g:\windows\system32\drivers\tdrpm258.sys
2010-07-18 03:43:47 581984 ----a-w- g:\windows\system32\drivers\timntr.sys
2010-07-18 03:43:41 158272 ----a-w- g:\windows\system32\drivers\snapman.sys
2010-07-18 01:45:39 12536 ----a-w- g:\windows\system32\avgrsstx.dll
2010-07-18 01:45:38 243024 ----a-w- g:\windows\system32\drivers\avgtdix.sys
2010-07-18 01:45:30 216400 ----a-w- g:\windows\system32\drivers\avgldx86.sys
2010-07-17 21:39:25 0 ---ha-w- g:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-13 18:57:16 249872 ----a-w- g:\windows\system32\prgiso.dll
2010-07-09 23:37:10 66664 ----a-w- g:\windows\system32\nvshext.dll
2010-07-09 23:37:10 1469544 ----a-w- g:\windows\system32\nvsvc.dll
2010-07-09 23:37:10 13939816 ----a-w- g:\windows\system32\nvcpl.dll
2010-07-09 23:37:10 129640 ----a-w- g:\windows\system32\nvvsvc.exe
2010-07-09 23:37:10 110696 ----a-w- g:\windows\system32\nvmctray.dll
2010-05-21 21:14:28 221568 ------w- g:\windows\system32\MpSigStub.exe
2009-07-14 04:56:42 31548 ----a-w- g:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- g:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- g:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- g:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- g:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- g:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- g:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- g:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- g:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- g:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:39:30.74 ===============




Hope someone can find an answer to this frustrating problem.

Thanks in advance.

Edited by Orange Blossom, 18 August 2010 - 08:05 PM.


BC AdBot (Login to Remove)

 


#2 opto88

opto88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 20 August 2010 - 09:15 PM

I fixed the problem!!

AVG found a trojan (trojan.psw.onlinegames.aqie) in a game .exe file (cstrike.exe) and removed it. Everything is running smoothly now.

Thanks for the help.



#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:22 PM

Posted 21 August 2010 - 11:17 PM

Hello,

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users