possible virus?

J

jadedragen

New Member
recently ive been having a problem when online, when ever i type a search in the search bar it gives me the list of sites pertaining to my search but when i click on the link to go to the site it takes me somewhere completely different.

for example
when i was looking for computer forums and i clicked the link to come here, it brought me to these sites
http://www.shopping.hp.com/webapp/s...store&landing=desktops&aoid=9102&kw=computers

http://www.xalab.com/computer_forum...,YT0z&vid=1228242465_5X01X54441033&rpt=1&kt=1

and those are just a few

also ive noticed that my anti virus cant update anymore, it tries but cant connect and fails. at first i thought it was the program so i uninstalled it and tried a different anti virus but it's doing the same thing.

when i run the anti virus and it comes up with a few warnings but no threats

so is this something thats on my computer, or is it something to do with my internet account?
 
Its sounds like spyware and possibly a virus:

Download, install, update and scan your computer with both Malwarebytes and SuperantiSpyware, delete what ever they find, if this fails to completely remove the virus/spyware download then update Avast and run a boot scan (click schedule boot-time scan and restart your PC), all the software below is free and safe to use.

Malwarebytes: http://www.malwarebytes.org/mbam.php

SuperantiSpyware: http://www.superantispyware.com/

Avast Anti-Virus: http://www.avast.com/eng/avast_4_home.html

To protect your PC in the future you'll need to install anti-virus software and a firewall, id recommend using Avast and Comodo Pro firewall both are very effective and completely free, you should also switch to Firefox 3 if you are browsing with IE as its much safer and a lot easier to use. (links on my profile)
 
jadedragen said:
recently ive been having a problem when online, when ever i type a search in the search bar it gives me the list of sites pertaining to my search but when i click on the link to go to the site it takes me somewhere completely different.

for example
when i was looking for computer forums and i clicked the link to come here, it brought me to these sites
http://www.shopping.hp.com/webapp/s...store&landing=desktops&aoid=9102&kw=computers

http://www.xalab.com/computer_forum...,YT0z&vid=1228242465_5X01X54441033&rpt=1&kt=1

and those are just a few

also ive noticed that my anti virus cant update anymore, it tries but cant connect and fails. at first i thought it was the program so i uninstalled it and tried a different anti virus but it's doing the same thing.

when i run the anti virus and it comes up with a few warnings but no threats

so is this something thats on my computer, or is it something to do with my internet account?
Click to expand...

Post the logs from the sticky and we'll take it from there

http://www.computerforum.com/131398-important-please-read-before-posting.html
 
i did a scan with the malwarebytes, here's the log

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

12/2/2008 3:46:30 PM
mbam-log-2008-12-02 (15-46-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118241
Time elapsed: 22 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdqqz.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96c4f8a7-5d94-4f32-ad5c-188a4b82f3a1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.110;85.255.112.172 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{96c4f8a7-5d94-4f32-ad5c-188a4b82f3a1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.110;85.255.112.172 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{96c4f8a7-5d94-4f32-ad5c-188a4b82f3a1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.110;85.255.112.172 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




im running a scan of the antispyware now , i have spybot search and destroy but i like the new one better
 
OMG it worked like a charm!
web browsing is acting normal again and my anti virus is able to update again.

but just out of curiousity which bug was doing it? all that text is gibberish to me


NVM i spoke too soon web browsing still off...
 
Last edited:
jadedragen said:
OMG it worked like a charm!
web browsing is acting normal again and my anti virus is able to update again.

but just out of curiousity which bug was doing it? all that text is gibberish to me


NVM i spoke too soon web browsing still off...
Click to expand...

Please understand that you have to do all of the steps i asked of you if you want the proper help. See my other post for the instructions.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:27 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdqqz.exe] C:\WINDOWS\system32\kdqqz.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5762 bytes
 
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
combo fix:

ComboFix 08-12-01.03 - Owner 2008-12-02 16:58:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.619 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\iamfamous.dll
D:\resycled
d:\resycled\boot.com
d:\resycled\Desktop.ini
d:\resycled\Folder.htt
d:\resycled\Protect.ed
d:\resycled\Warning.bmp

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-02 16:40 . 2008-12-02 16:40 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 15:34 . 2008-12-02 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-02 15:33 . 2008-12-02 15:33 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-02 15:33 . 2008-12-02 15:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-02 15:32 . 2008-12-02 15:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-02 15:23 . 2008-12-02 15:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 15:23 . 2008-12-02 15:23 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-02 15:23 . 2008-12-02 15:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 15:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 15:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 18:59 . 2008-11-30 19:52 138 --a------ c:\windows\wininit.ini
2008-11-30 18:19 . 2008-12-02 16:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 18:19 . 2008-12-02 16:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 15:13 . 2008-11-28 15:13 <DIR> d-------- c:\program files\Common Files\Scanner
2008-11-28 15:13 . 2008-11-28 15:15 <DIR> d-------- c:\program files\CA Yahoo! Anti-Spy
2008-11-28 13:43 . 2008-11-28 13:43 <DIR> d-------- c:\program files\OGPlanet
2008-11-28 08:37 . 2008-11-28 08:37 118 --a------ c:\windows\system32\MRT.INI
2008-11-27 10:33 . 2008-11-27 10:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!
2008-11-27 10:33 . 2008-11-30 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-27 10:28 . 2008-11-27 10:33 <DIR> d-------- c:\program files\Yahoo!
2008-11-27 10:28 . 2008-11-27 10:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-25 19:45 . 2008-11-25 19:45 <DIR> d-------- c:\program files\Avira
2008-11-25 19:45 . 2008-11-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-25 19:29 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-25 19:29 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-25 19:29 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 19:27 . 2008-10-24 06:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 19:27 . 2008-05-01 09:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 19:26 . 2008-10-15 11:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 17:55 . 2007-04-12 22:44 115,830 --a------ c:\windows\system32\nvapps.xml
2008-11-25 17:54 . 2008-11-25 17:54 <DIR> d-------- c:\windows\nview
2008-11-25 17:54 . 2007-04-12 22:44 356,352 --a------ c:\windows\system32\nvudisp.exe
2008-11-25 17:54 . 2007-04-12 22:44 17,177 --a------ c:\windows\system32\nvdisp.nvu
2008-11-25 17:51 . 2007-04-13 00:51 356,352 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-25 17:41 . 2008-11-25 16:37 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-11-25 17:41 . 2008-11-25 16:37 <DIR> d-------- c:\documents and settings\Default User\WINDOWS
2008-11-25 17:37 . 2008-11-25 17:37 8,192 --a------ c:\windows\REGLOCS.OLD
2008-11-25 17:35 . 2008-11-25 17:35 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-11-25 17:35 . 2008-11-25 17:35 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-11-25 17:34 . 2008-11-25 17:34 <DIR> d-------- c:\windows\system32\Lang
2008-11-25 17:34 . 2008-11-25 17:34 333 --a------ c:\windows\system32\$ncsp$.inf
2008-11-25 17:33 . 2006-12-19 16:52 134,656 --a--c--- c:\windows\system32\dllcache\shsvcs.dll
2008-11-25 17:32 . 2006-12-26 08:07 536,576 --a--c--- c:\windows\system32\dllcache\msado15.dll
2008-11-25 17:32 . 2006-12-19 13:16 333,824 --a--c--- c:\windows\system32\dllcache\wiaservc.dll
2008-11-25 17:32 . 2006-12-26 08:07 200,704 --a--c--- c:\windows\system32\dllcache\msadox.dll
2008-11-25 17:32 . 2006-12-26 08:07 180,224 --a--c--- c:\windows\system32\dllcache\msadomd.dll
2008-11-25 17:32 . 2006-12-26 08:07 102,400 --a--c--- c:\windows\system32\dllcache\msjro.dll
2008-11-25 17:31 . 2006-10-04 03:48 215,552 --a--c--- c:\windows\system32\dllcache\osk.exe
2008-11-25 17:31 . 2006-10-16 11:15 122,880 --a--c--- c:\windows\system32\dllcache\oledlg.dll
2008-11-25 17:31 . 2006-10-04 03:48 72,704 --a--c--- c:\windows\system32\dllcache\magnify.exe
2008-11-25 17:31 . 2006-10-04 03:48 53,760 --a--c--- c:\windows\system32\dllcache\narrator.exe
2008-11-25 17:31 . 2006-10-04 03:48 50,176 --a--c--- c:\windows\system32\dllcache\utilman.exe
2008-11-25 17:31 . 2006-10-04 08:33 35,840 --a--c--- c:\windows\system32\dllcache\umandlg.dll
2008-11-25 17:30 . 2006-12-14 08:45 981,760 --a--c--- c:\windows\system32\dllcache\mfc42u.dll
2008-11-25 17:30 . 2006-11-01 14:17 927,504 --a--c--- c:\windows\system32\dllcache\mfc40u.dll
2008-11-25 17:30 . 2006-11-27 09:54 539,136 --a--c--- c:\windows\system32\dllcache\msftedit.dll
2008-11-25 17:30 . 2006-11-27 09:54 433,152 --a--c--- c:\windows\system32\dllcache\riched20.dll
2008-11-25 17:29 . 2006-08-21 04:14 128,896 --a--c--- c:\windows\system32\dllcache\fltmgr.sys
2008-11-25 17:29 . 2006-08-21 04:14 23,040 --a--c--- c:\windows\system32\dllcache\fltmc.exe
2008-11-25 17:29 . 2006-08-21 07:21 16,896 --a--c--- c:\windows\system32\dllcache\fltlib.dll
2008-11-25 17:28 . 2006-06-22 00:06 1,435,648 --a--c--- c:\windows\system32\dllcache\query.dll
2008-11-25 17:28 . 2008-05-08 07:28 202,752 --a--c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 17:28 . 2006-06-22 00:06 69,120 --a--c--- c:\windows\system32\dllcache\ciodm.dll
2008-11-25 17:27 . 2008-08-28 05:04 333,056 --a--c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 17:26 . 2006-06-22 05:47 181,248 --a--c--- c:\windows\system32\dllcache\rasmans.dll
2008-11-25 17:26 . 2008-06-20 12:41 148,992 --a--c--- c:\windows\system32\dllcache\dnsapi.dll
2008-11-25 17:26 . 2006-05-19 07:59 111,616 --a--c--- c:\windows\system32\dllcache\dhcpcsvc.dll
2008-11-25 17:26 . 2006-05-19 07:59 94,720 --a--c--- c:\windows\system32\dllcache\iphlpapi.dll
2008-11-25 17:25 . 2007-11-07 04:26 721,920 --a--c--- c:\windows\system32\dllcache\lsasrv.dll
2008-11-25 17:25 . 2008-06-20 05:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys
2008-11-25 17:22 . 2008-05-07 00:18 1,287,680 --a--c--- c:\windows\system32\dllcache\quartz.dll
2008-11-25 17:21 . 2007-10-25 22:34 8,460,288 --a--c--- c:\windows\system32\dllcache\shell32.dll
2008-11-25 17:20 . 2007-07-09 08:16 582,656 --a--c--- c:\windows\system32\dllcache\rpcrt4.dll
2008-11-25 17:19 . 2008-08-26 02:24 63,488 --a--c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 17:16 . 2007-06-13 05:23 1,033,216 --a--c--- c:\windows\system32\dllcache\explorer.exe
2008-11-25 17:15 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-25 17:14 . 2008-11-25 17:14 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-25 17:13 . 2007-12-04 13:38 550,912 --a--c--- c:\windows\system32\dllcache\oleaut32.dll
2008-11-25 17:13 . 2007-04-23 05:14 364,160 --a--c--- c:\windows\system32\dllcache\update.sys
2008-11-25 17:11 . 2007-04-16 10:52 984,576 --a--c--- c:\windows\system32\dllcache\kernel32.dll
2008-11-25 17:10 . 2007-04-25 09:21 144,896 --a--c--- c:\windows\system32\dllcache\schannel.dll
2008-11-25 17:09 . 2008-10-03 12:41 6,066,176 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 17:09 . 2007-04-17 04:28 2,455,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 17:09 . 2007-01-31 01:47 991,232 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 17:09 . 2007-02-09 06:10 574,464 --a--c--- c:\windows\system32\dllcache\ntfs.sys
2008-11-25 17:09 . 2008-08-26 02:24 459,264 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 17:09 . 2008-08-26 02:24 383,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 17:09 . 2008-08-26 02:24 267,776 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 17:09 . 2008-08-26 02:24 52,224 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 17:09 . 2008-08-25 03:38 13,824 --a--c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 17:08 . 2008-08-14 04:57 2,185,984 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 17:08 . 2008-08-14 04:55 2,142,720 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 17:08 . 2008-08-14 04:18 2,020,864 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 17:08 . 2007-01-23 14:29 546,304 --a--c--- c:\windows\system32\dllcache\hhctrl.ocx
2008-11-25 17:08 . 2007-03-09 08:58 57,344 --a--c--- c:\windows\system32\dllcache\agentdpv.dll
2008-11-25 17:07 . 2008-09-15 06:57 1,846,016 --a--c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 17:07 . 2007-03-08 10:36 577,536 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-25 17:07 . 2007-03-17 08:43 292,864 --a--c--- c:\windows\system32\dllcache\winsrv.dll
2008-11-25 17:07 . 2008-02-20 01:51 282,624 --a--c--- c:\windows\system32\dllcache\gdi32.dll
2008-11-25 17:07 . 2007-02-05 15:17 185,344 --a--c--- c:\windows\system32\dllcache\upnphost.dll
2008-11-25 17:07 . 2007-03-08 10:36 40,960 --a--c--- c:\windows\system32\dllcache\mf3216.dll
2008-11-25 17:04 . 2008-11-25 17:06 <DIR> d-------- c:\program files\eMachines Games
2008-11-25 17:03 . 2008-11-30 19:20 <DIR> d-------- c:\program files\WalMart
2008-11-25 17:03 . 2008-11-30 19:20 <DIR> d-------- c:\program files\Silkroad
2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Symantec
2008-11-25 17:03 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\WildTangent
2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- C:\Documents
2008-11-25 17:01 . 2008-11-25 17:01 <DIR> d-------- c:\documents and settings\Owner\Application Data\SampleView
2008-11-25 17:01 . 2008-11-25 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- c:\program files\NetZero
2008-11-25 17:00 . 2008-11-25 19:40 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- c:\program files\Acceller
2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- C:\google
2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-11-25 17:00 . 2008-03-16 09:25 94,208 --a------ c:\windows\system32\BAE.dll
2008-11-25 17:00 . 2007-12-14 04:59 69,632 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-25 16:59 . 2008-11-25 17:00 <DIR> d-------- c:\program files\Java
2008-11-25 16:59 . 2008-11-25 17:59 <DIR> d-------- c:\program files\Google
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\program files\Common Files\Java
2008-11-25 16:59 . 2007-08-16 20:18 6,144 --a------ c:\windows\BigFixClientOverride.dll
2008-11-25 16:59 . 2008-04-11 14:33 0 --a------ c:\windows\system32\drivers\Gateway_W3650_3.1_0000000000.MRK
2008-11-25 16:59 . 2008-11-25 16:59 0 --a------ c:\windows\system32\drivers\Gateway_W3650_3.1_0000.MRK
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 21:51 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 21:37 --------- d-----w c:\program files\microsoft frontpage
2008-11-25 21:37 --------- d-----w c:\program files\Common Files\New Boundary
2008-11-25 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 05:47 160496 --a------ c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"CHotkey"="zHotkey.exe" [2006-11-07 c:\windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 c:\windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 c:\windows\ModPS2Key.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-16 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\DRIVERS\el575nd5.sys [2008-11-25 69692]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f4d56c1-bb53-11dd-8a75-001e9032e8d1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]

2008-11-25 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\system32\kdqqz.exe - c:\windows\system32\kdqqz.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lat2vg2l.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.yahoo.com/
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 16:59:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-02 17:00:28
ComboFix-quarantined-files.txt 2008-12-02 22:00:23

Pre-Run: 135,423,995,904 bytes free
Post-Run: 135,413,297,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

257 --- E O F --- 2008-11-28 13:38:25




hijack this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:04 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5388 bytes
 
from what i can tell it seems to be working fine for the time being, antivirus is able to update and web browsing is working normally but it also did this to me before so i'll wait and see if anything changes
 
jadedragen said:
from what i can tell it seems to be working fine for the time being, antivirus is able to update and web browsing is working normally but it also did this to me before so i'll wait and see if anything changes
Click to expand...

Some files in that report worry me.
Please complete the following step.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.


In your next reply i will need:
  • The Kaspersky log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
kaspersky didn't come up with anything


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:16 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5291 bytes
 
it says that it may not run properly if antivirus software is running...how do i "turn off" the antivirus? i use avira atm
 
You must log in or register to reply here.
Back
Top