not sure of the problem-malware? system security?

View previous topic View next topic Go down

not sure of the problem-malware? system security?

Post by imsps on 1st August 2009, 12:04 am

This is my laptop that also has big problems, the worst of all.
I updated java, but I can't update anything else. I can't run malawarebytes . It installs, but I can't run it, can't rename it. Same with search and destroy. i also can't change many settings or uninstall programs. There is always a window popping up that it needs my permission to continue and if i give the ok it does nothing.
A lot of times when I type in an adress a different site pops up then what I wanted. Virus scanner does not find anything.
Do you want me to try hijack this?

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Hijack this

Post by imsps on 1st August 2009, 12:10 am

Ok, now I was able to do the hijack this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:26 PM, on 7/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Susanne\AppData\Local\Temp\Saf8BFF.tmp\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: FCTBPos00Pos - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (file missing)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll
O3 - Toolbar: JuicyAccess Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\JuicyAccess Toolbar\4.1.3.20290\stb0.dll
O4 - HKLM\..\Run: [GoBoingo] C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9d0dfb457a86f) (gupdate1c9d0dfb457a86f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8623 bytes

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by Belahzur on 1st August 2009, 1:32 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by imsps on 2nd August 2009, 8:36 pm

Malwarebytes is installing but not loading, and therefore I can't scan and post results. Any suggestions?

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by Origin on 2nd August 2009, 8:39 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by imsps on 3rd August 2009, 11:38 pm

I downloaded gmer.
There are a few things about it that I want to tell you.
There is nothing to unzip. When you click on it a window opens and the scan starts automatically. It finds a problem and asks if it should do a full system scan. After it runs for a while a window pops up that says it has stopped working and it closes down. I did this several times now, and no matter if I open or safe gmer the above described process is always the same. I noticed it also downloads gmer under a different name every time.
The entry it gives me in red right before it asks to do a full system scan is:
service:\windows\system32\drivers\ESQULVepmtutoxbiwftpbbqavsxbol...[system]ESQULserv.sys

i tried running it in regular and in safe mode, with the same result as above.

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by Belahzur on 4th August 2009, 7:08 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

finally able to let combo fix run part 1

Post by imsps on 15th August 2009, 6:53 pm

ComboFix 09-08-10.06 - Susanne 08/15/2009 14:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1316 [GMT -4:00]
Running from: c:\users\Susanne\Downloads\Combo-Fix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1924457553-2917570079-1347122272-1004
c:\$recycle.bin\S-1-5-21-1924457553-2917570079-1347122272-1005
c:\$recycle.bin\S-1-5-21-1924457553-2917570079-1347122272-500
c:\$recycle.bin\S-1-5-21-3057243524-1546335025-3298230726-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\System32\drivers\ESQULvepmtutoxbiwftpbbqavsxbddlnimsxd.sys
c:\windows\system32\ESQULqeryttrbdttkmmosdmymvuvxldrroisc.dll
c:\windows\system32\ESQULqspapxuieeinoxqqnoepaipywcwptxrp.dll
c:\windows\system32\ESQULzcounter

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

part2

Post by imsps on 15th August 2009, 6:54 pm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 18:23 . 2009-08-15 18:23 -------- d-----w- c:\users\John Scarth\AppData\Local\temp
2009-08-15 18:23 . 2009-08-15 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-03 22:45 . 2009-08-03 22:45 82432 ----a-w- C:\aujasnkj.sys
2009-07-27 23:30 . 2009-07-27 23:30 -------- d-----w- c:\users\John Scarth\AppData\Roaming\Uniblue
2009-07-27 23:30 . 2009-07-27 23:30 -------- d-----w- c:\program files\Uniblue
2009-07-27 23:30 . 2009-07-27 23:30 -------- dc-h--w- c:\progra~2\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-27 23:10 . 2009-07-31 22:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-27 23:01 . 2009-07-31 22:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 18:30 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 18:30 . 2009-07-27 18:30 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-27 18:30 . 2009-08-02 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 18:30 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 17:47 . 2009-07-27 17:47 -------- d-----w- c:\program files\Linksys
2009-07-27 17:47 . 2009-07-27 17:47 -------- d-----w- c:\windows\{3CFE644B-130D-49B2-A377-798D91B61C7B}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 18:29 . 2009-04-25 02:38 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 23:53 . 2009-05-09 20:37 -------- d-----w- c:\users\Susanne\AppData\Roaming\Skype
2009-08-03 23:52 . 2009-05-09 20:46 -------- d-----w- c:\users\Susanne\AppData\Roaming\skypePM
2009-07-31 22:15 . 2007-07-25 13:03 -------- d-----w- c:\program files\Java
2009-07-31 21:52 . 2009-06-17 00:58 -------- d-----w- c:\program files\AIM6
2009-07-31 00:59 . 2008-01-27 08:00 1356 ----a-w- c:\users\Susanne\AppData\Local\d3d9caps.dat
2009-07-30 21:55 . 2009-05-09 19:51 -------- d-----w- c:\users\John Scarth\AppData\Roaming\Skype
2009-07-30 20:06 . 2009-05-13 21:51 -------- d-----w- c:\users\John Scarth\AppData\Roaming\skypePM
2009-07-27 19:36 . 2007-12-30 20:00 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-27 19:35 . 2007-12-30 20:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-27 17:47 . 2007-07-25 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 20:07 . 2008-07-14 20:27 1356 ----a-w- c:\users\John Scarth\AppData\Local\d3d9caps.dat
2009-07-17 18:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 22:09 . 2009-07-14 22:09 -------- d-----w- c:\users\John Scarth\AppData\Roaming\PlayFirst
2009-07-14 22:04 . 2009-07-14 22:04 -------- d-----w- c:\program files\PlayFirst
2009-07-14 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-07-14 05:57 . 2009-07-14 05:57 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-14 05:57 . 2009-07-14 05:56 -------- dc----w- c:\progra~2\{11AE5274-ACE4-48DC-8781-BA074146E52A}
2009-07-14 05:56 . 2009-07-14 05:56 -------- d-----w- c:\program files\DoubleD
2009-07-13 03:01 . 2007-12-25 17:02 123320 ----a-w- c:\users\Susanne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-09 22:41 . 2009-07-09 22:41 -------- d-----w- c:\program files\Dogpile Toolbar
2009-07-09 22:41 . 2009-07-09 22:41 -------- d-----w- c:\program files\PlaySushi
2009-06-18 23:20 . 2009-06-18 23:20 -------- d-----w- c:\progra~2\PMB Files
2009-06-18 23:20 . 2009-06-18 23:20 -------- d-----w- c:\program files\Pando Networks
2009-06-17 02:50 . 2009-06-17 02:50 -------- d-----w- c:\users\John Scarth\AppData\Roaming\acccore
2009-06-17 01:04 . 2009-06-17 01:03 -------- d-----w- c:\users\Susanne\AppData\Roaming\acccore
2009-06-17 01:01 . 2009-06-17 00:58 -------- d-----w- c:\progra~2\AOL OCP
2009-06-17 00:59 . 2009-06-17 00:59 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-17 00:59 . 2009-06-17 00:59 -------- d-----w- c:\program files\AIM Toolbar
2009-06-17 00:59 . 2009-06-17 00:59 -------- d-----w- c:\progra~2\AIM Toolbar
2009-06-17 00:59 . 2008-09-13 01:14 -------- d-----w- c:\program files\Viewpoint
2009-06-17 00:59 . 2008-09-13 01:14 -------- d-----w- c:\progra~2\Viewpoint
2009-06-17 00:59 . 2009-06-17 00:59 -------- d-----w- c:\progra~2\acccore
2009-06-17 00:58 . 2008-09-13 00:16 -------- d-----w- c:\progra~2\AOL
2009-06-16 18:18 . 2008-07-13 00:49 123320 ----a-w- c:\users\John Scarth\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 15:24 . 2009-07-16 16:33 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-16 16:33 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-16 16:33 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-16 16:33 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-14 18:28 . 2009-05-21 21:31 34 ----a-w- c:\users\John Scarth\jagex_runescape_preferences.dat
.

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

part3

Post by imsps on 15th August 2009, 6:55 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}]
2009-07-09 22:41 275968 ----a-w- c:\program files\PlaySushi\PSText.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}]
2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-22 171448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1924457553-2917570079-1347122272-1000]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1924457553-2917570079-1347122272-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
""=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
""=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
""=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
""=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by imsps on 15th August 2009, 6:56 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{6FEBB9EB-9C75-44F2-A242-8D683FC243CA}c:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{0853EE3C-4F9F-46C2-A6D4-968C26BE173E}c:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"{A2CA8B0A-2DCE-47B8-81A8-E3F91092ACED}"= UDP:c:\program files\Outspark\Project Powder\Run.exe:ProjectPowder
"{24526C97-B71D-4AE8-B3BA-31C7F723E2B2}"= TCP:c:\program files\Outspark\Project Powder\Run.exe:ProjectPowder
"{FE31D968-A5D8-4D7E-BBD6-CF83D1F4B315}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D021AFFD-4871-4536-AA4B-4C8C1FDAD163}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{718EC6BA-3951-4670-B17E-8ADD7900BCD3}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{CE77E913-F7D0-42AD-ABFE-88993B2FBBE3}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{6A586AD4-9CD5-4A28-9E5C-CC2EB734C5DD}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{435333BD-A35C-4348-BC43-BCA37EA22244}"= Profile=Private|c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{7AED12AD-9D14-4D3F-AB57-0A51458CFC5E}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{0ED3DA61-A66C-4C04-A7B5-7B8EFA0EC038}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{AD4B8230-8635-4C0F-9183-EFE48F85EF28}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{05D4F369-1F4F-4F89-BF80-BD1D57EBF644}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{2987D8A8-ABFE-457E-8EDA-4D411AD247EE}"= Disabled:UDP:c:\program files\Dogpile Toolbar\TroubleShooter.exe:Dogpile Toolbar (Helper)
"{F8E83BCA-0100-4DA7-8603-CF387556E437}"= Disabled:TCP:c:\program files\Dogpile Toolbar\TroubleShooter.exe:Dogpile Toolbar (Helper)
"{65E4F996-D136-494C-9BEE-46474106453F}"= Disabled:UDP:c:\program files\Dogpile Toolbar\ToolbarUpdate.exe:Dogpile Toolbar (Update)
"{EA272D90-B77F-44F6-A6E4-082ECBBE7789}"= Disabled:TCP:c:\program files\Dogpile Toolbar\ToolbarUpdate.exe:Dogpile Toolbar (Update)
"{BDD6632B-7147-4AC7-B70E-30FB981EBC65}"= Disabled:c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"TCP Query User{4FD06AFA-A7D9-4DBC-9DC9-41F16406C3A3}c:\\program files\\pando networks\\media booster\\pmb.exe"= Disabled:UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{719967E6-0CB0-482E-84F4-82CAF1F14D23}c:\\program files\\pando networks\\media booster\\pmb.exe"= Disabled:TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"{DF6600A0-F3CE-4BBD-9F1C-548B347984BD}"= Disabled:UDP:c:\program files\AIM6\aim6.exe:AIM
"{5EC4EE81-86A2-4E51-B972-78FDFA9D0BF5}"= Disabled:TCP:c:\program files\AIM6\aim6.exe:AIM
"{4A8F7ED7-5578-4D2B-BB9E-B98CC690DB38}"= Disabled:UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{EFFCAD6E-2B10-4AE2-8FC9-0B174FF815F2}"= Disabled:TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{47FF27DC-AB31-46B1-800C-F9D60A43C084}"= Disabled:UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{607E172E-4C51-4813-AE33-F32162449CC2}"= Disabled:TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{66B0CD4F-3E3E-4D64-8E2E-305E1F09CD78}"= Disabled:UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{30BBA1CF-04FB-43E8-985B-A2309B2D03C0}"= Disabled:TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{936CD15A-7405-48F6-A493-2ED6920830B0}"= Disabled:UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2D64DBE4-8BDA-43CA-AA85-E4F40D0C6647}"= Disabled:TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1FCB7175-6BBF-4C88-BBB0-8DB0409A5A30}"= Disabled:UDP:c:\program files\Common Files\AOL\1221264972\ee\aolsoftware.exe:AOL Services
"{48E41A40-14A3-40B0-B8F8-7DD88A5E379B}"= Disabled:TCP:c:\program files\Common Files\AOL\1221264972\ee\aolsoftware.exe:AOL Services
"{435896F6-7E53-4D3A-92FE-BB84F539A368}"= Disabled:UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{782849F5-8580-4582-A6C7-38F4473E9FC4}"= Disabled:TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{277908D3-C003-4405-9076-570E7CA3E0FB}"= Disabled:UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{0DFB5D83-4312-4635-853B-50B5427D2D47}"= Disabled:TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"TCP Query User{4DBFF350-DF20-443E-BDE5-DD33EE874922}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= Disabled:UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{12450112-CBF6-4744-88F5-2D12E400E910}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= Disabled:TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{601BF8B5-5DF8-4B18-B91F-3C95A79F099C}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69837FCC-0DDF-477E-898E-FB79B6C00821}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B0C3186-C574-4998-9829-47CDDDF948FF}"= Disabled:UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A06BB451-EA09-4557-A951-2267FF4E8C51}"= Disabled:TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{36891B2F-5C11-4905-AADE-21B3967AD26D}"= Disabled:UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADF6C260-7712-48A5-A01E-268F87B58425}"= Disabled:TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AAB8EBC9-0806-47E4-91C1-ED2ABD53DD5A}"= Disabled:UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{0E9E741A-2233-4295-964B-FF1EB3621F82}"= Disabled:TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{A8669074-EA64-4276-A744-F45E348378B6}"= Disabled:UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{31AD6F4C-06A8-46BA-9279-B10C8957732F}"= Disabled:TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{ACF5893E-3C02-4ADF-9819-8EB0F93FE972}"= Disabled:UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{0817FD6C-24FA-4FBE-BB06-24F9B56F86C3}"= Disabled:TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{B0F6BCDC-FA2F-40C5-8176-B120956854D8}"= Disabled:UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{E0157BDA-610D-49A5-87F2-1369D302A692}"= Disabled:TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{F43C536E-7512-4287-AA7E-A1A3E47321E7}"= Disabled:UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{6BB00D3F-BADD-463F-9B82-112FE049AE0E}"= Disabled:TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{515787E2-A2BC-47D5-9AD9-54485C866537}"= Disabled:UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{EC529EEA-F818-474C-ABEC-172F5D5FD42B}"= Disabled:TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by imsps on 15th August 2009, 6:57 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/24/2009 10:38 PM 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [4/25/2009 2:49 PM 809296]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/16/2009 8:59 PM 24652]
S2 gupdate1c9d0dfb457a86f;Google Update Service (gupdate1c9d0dfb457a86f);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 3:52 PM 133104]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [8/15/2007 10:49 PM 552448]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\System32\drivers\PTDLBus.sys [2/14/2009 8:55 PM 32256]
S3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\System32\drivers\PTDLMdm.sys [2/14/2009 8:55 PM 41344]
S3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\System32\drivers\PTDLVsp.sys [2/14/2009 8:55 PM 39936]
S3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\System32\drivers\PTDLWWAN.sys [2/14/2009 8:55 PM 59776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - [You must be registered and logged in to see this link.]
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2009-08-15 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-15 18:35

Pre-Run: 20,623,015,936 bytes free
Post-Run: 20,954,054,656 bytes free

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by Belahzur on 15th August 2009, 8:28 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

hijack this list

Post by imsps on 18th August 2009, 2:55 am

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Bonjour
Conexant HD Audio
Diner Dash - Flo on the Go
DivX Converter
DivX Player
DivX Web Player
Dogpile Toolbar
Download Updater (AOL LLC)
ESU for Microsoft Vista
Fable - The Lost Chapters
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.3
HP QuickTouch 1.00 C1
HP Update
HP User Guides 0060
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
JuicyAccess Toolbar
JuicyAccess Toolbar
K-Lite Codec Pack 4.3.4 (Full)
Linksys WUSB100 RangePlus Wireless USB Adapter
Malwarebytes' Anti-Malware
MangaFighter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSCU for Microsoft Vista
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
My HP Games
Netflix Movie Viewer
NetWaiting
NVIDIA Drivers
Outspark Sharp Launcher
Pando Media Booster
PANTECH UM175AL Driver
Picasa 3
Playsushi
PokerStars
Project Powder
QuickLink Mobile
QuickPlay SlingPlayer 0.3.0
QuickTime
Rhapsody
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Skype™ 4.0
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
System Search Dispatcher
The Sims™ Castaway Stories
Touch Pad Driver
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Viewpoint Media Player
Vongo
World of Warcraft
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by Belahzur on 18th August 2009, 3:33 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Ask Toolbar
    Java(TM) 6 Update 14
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: not sure of the problem-malware? system security?

Post by Belahzur on 18th August 2009, 3:33 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Ask Toolbar
    Java(TM) 6 Update 14
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum