Quick Check

View previous topic View next topic Go down

Quick Check

Post by Sir $wat on 22nd February 2009, 3:27 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:17 Dre, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Sir $wat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sir $wat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - [You must be registered and logged in to see this link.] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [You must be registered and logged in to see this link.] Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [You must be registered and logged in to see this link.] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{964F6A80-C9BB-43D7-A54E-A47D2A657776}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90,85.255.112.219
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7040 bytes



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Quick Check

Post by Belahzur on 22nd February 2009, 4:39 pm

Hello sir, there is signs of malware here.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{964F6A80-C9BB-43D7-A54E-A47D2A657776}: NameServer = 85.255.116.90,85.255.112.219
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.90,85.255.112.219
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90,85.255.112.219


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Quick Check

Post by Sir $wat on 23rd February 2009, 3:03 am

i was noticing that my pc was starting to freeze out of nowhere...
.......................


Malwarebytes' Anti-Malware 1.31
Database version: 1491
Windows 5.1.2600 Service Pack 3

2/22/2009 10:55:31 Dre
mbam-log-2009-02-22 (22-55-31).txt

Scan type: Quick Scan
Objects scanned: 50316
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox 3.1 Beta 2\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{964f6a80-c9bb-43d7-a54e-a47d2a657776}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.90,85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{964f6a80-c9bb-43d7-a54e-a47d2a657776}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.90,85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.90,85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{964f6a80-c9bb-43d7-a54e-a47d2a657776}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.90,85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{964f6a80-c9bb-43d7-a54e-a47d2a657776}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.90,85.255.112.219 -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Program Files\Mozilla Firefox 3.1 Beta 2\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Trojan.Agent) -> Delete on reboot.



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Quick Check

Post by Belahzur on 23rd February 2009, 1:35 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Quick Check

Post by Sir $wat on 23rd February 2009, 3:57 pm

DDS (Ver_09-02-01.01) - NTFSx86
Run by Sir $wat at 11:56:13.01 on Mon 02/23/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.398 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\Sir $wat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\International Cricket Captain 2008\Cricket.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Sir $wat\Desktop\dds.scr
C:\Documents and Settings\Sir $wat\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlall.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dllink.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: {4A260BB3-EAE3-40C9-A254-7E0C4C77F8F1} = 190.80.16.3 190.80.16.4
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sir$wa~1\applic~1\mozilla\firefox\profiles\kfi70utn.default\
FF - component: c:\documents and settings\sir $wat\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\mozilla firefox 3.1 beta 2\components\iamfamous.dll
FF - plugin: c:\documents and settings\sir $wat\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-11 11840]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-12-11 13696]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-12-11 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-12-11 149761]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-12-11 8849]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-15 603904]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-11 52032]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-2-13 141056]

=============== Created Last 30 ================

2009-02-13 22:11 26,624 ac------ c:\windows\system32\dllcache\icam3ext.dll
2009-02-13 22:11 26,624 a------- c:\windows\system32\Icam3EXT.dll
2009-02-13 22:11 141,056 ac------ c:\windows\system32\dllcache\icam3.sys
2009-02-13 22:11 141,056 a------- c:\windows\system32\drivers\Icam3.sys
2009-02-10 20:42 --d----- c:\program files\Pivot Stickfigure Animator
2009-02-01 13:05 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-01 13:05 1,409 a------- c:\windows\QTFont.for
2009-01-28 15:25 0 a------- c:\windows\PowerReg.dat
2009-01-28 15:25 185,344 a------- c:\windows\patchw32.dll
2009-01-28 15:25 --d----- c:\docume~1\sir$wa~1\applic~1\ubi.com
2009-01-28 15:25 --d----- c:\program files\common files\PocketSoft
2009-01-28 15:22 --d----- c:\program files\Ubi Soft
2009-01-24 11:58 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-24 11:58 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-24 11:58 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll

==================== Find3M ====================

2009-01-22 14:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-22 06:49 206,256 a------- c:\windows\system32\idmmbc.dll
2009-01-17 14:45 4,096 a------- c:\windows\system32\drivers\nocashio.sys
2008-12-19 23:32 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-18 16:04 98,304 a------- c:\windows\system32\CmdLineExt.dll
2008-12-15 23:35 603,904 a------- c:\windows\system32\TUProgSt.exe
2008-12-15 23:35 362,240 a------- c:\windows\system32\TuneUpDefragService.exe
2008-12-14 11:39 65,536 a------- c:\windows\IFinst27.exe
2008-12-11 23:44 122,717 a------- c:\windows\HPHins11.dat
2008-12-11 20:58 315,392 a------- c:\windows\HideWin.exe
2008-12-11 19:07 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 11:56:27.09 ===============



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Quick Check

Post by Belahzur on 23rd February 2009, 4:13 pm

This looks fine now.
How's everything for you?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Quick Check

Post by Sir $wat on 23rd February 2009, 4:18 pm

seems good... not freezing anymore...

o btw... this morning my pc took a long time to start up... after the boot screen it went blank for a few minutes then it proceeded to the desktop.

wonder what that could be?



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Quick Check

Post by Belahzur on 23rd February 2009, 4:23 pm

Lets do this to get off that malicious server.
Press Start > Run, type in cmd and press enter.
When the command prompt opens, type in:
ipconfig /flushdns
Note the space between the g and /
Press enter.

Delete DDS now.
Reboot normally.

Let me know if startup is any faster now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Quick Check

Post by Sir $wat on 24th February 2009, 2:06 am

my pc took long to start up before i downlaoded DDS.

Anywayz i rebooted earlier and it worked fine. So i dont think there is any problem remaining.

thanx again...



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum