Results 1 to 8 of 8
  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default hijacked by something

    Hi Guys.

    got some wierd happenings, started off with some browser redirects then browser buttons not working eg: Google search button does nothing but I,m Feeling Lucky does.

    Now at Start Up everything freezes up and i can only access via Safe Mode.

    My anti-virus is Trojan Killer hope its OK.

    Running Windows XP SP3

    Hope u can help. Here are the Logs

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 04/06/2012 at 12:08 PM

    Application Version : 5.0.1146

    Core Rules Database Version : 8424
    Trace Rules Database Version: 6236

    Scan type : Complete Scan
    Total Scan Time : 00:50:45

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 285
    Memory threats detected : 0
    Registry items scanned : 34570
    Registry threats detected : 6
    File items scanned : 58471
    File threats detected : 121

    Browser Hijacker.Internet Explorer Settings Hijack
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8039&q={searchTerms} ]
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8039&q={searchTerms} ]
    HKU\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8039&q={searchTerms} ]
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8039&q={searchTerms} ]
    HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8039&q={searchTerms} ]
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8039&q={searchTerms} ]

    Adware.Tracking Cookie
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@ad.sensismediasmart.com[1].txt [ /ad.sensismediasmart.com ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@ad2.doublepimp[1].txt [ /ad2.doublepimp ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@ads.adultadvertising[2].txt [ /ads.adultadvertising ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@adxpose[1].txt [ /adxpose ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@apmebf[1].txt [ /apmebf ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@ar.atwola[1].txt [ /ar.atwola ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@at.atwola[2].txt [ /at.atwola ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@doubleclick[2].txt [ /doubleclick ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@doubleclick[3].txt [ /doubleclick ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@ero-advertising[1].txt [ /ero-advertising ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@imrworldwide[2].txt [ /imrworldwide ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@media.sensis.com[2].txt [ /media.sensis.com ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@openx.altaporn[2].txt [ /openx.altaporn ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@partyaccount[1].txt [ /partyaccount ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@partypoker[2].txt [ /partypoker ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@pornhub[1].txt [ /pornhub ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@pornhub[2].txt [ /pornhub ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@rts.pgmediaserve[1].txt [ /rts.pgmediaserve ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@secure.partyaccount[1].txt [ /secure.partyaccount ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@statcounter[1].txt [ /statcounter ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@statcounter[2].txt [ /statcounter ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@www.partypoker[1].txt [ /www.partypoker ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@www.pornhub[1].txt [ /www.pornhub ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@www.pornhub[2].txt [ /www.pornhub ]
    C:\Documents and Settings\Mick Warren\Cookies\mick_warren@www.pornrabbit[1].txt [ /www.pornrabbit ]
    C:\Documents and Settings\Mick Warren\Cookies\61U8IZKE.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\Mick Warren\Cookies\RTCHOWU5.txt [ /2o7.net ]
    C:\Documents and Settings\Mick Warren\Cookies\K4WXKWXM.txt [ /australiapost.122.2o7.net ]
    C:\Documents and Settings\Mick Warren\Cookies\7L3L0FIY.txt [ /revsci.net ]
    C:\Documents and Settings\Mick Warren\Cookies\QKWEQ0Y2.txt [ /imrworldwide.com ]
    C:\Documents and Settings\Mick Warren\Cookies\Q9ESULMI.txt [ /click.get-answers-fast.com ]
    C:\Documents and Settings\Mick Warren\Cookies\DJR6FCGZ.txt [ /doubleclick.net ]
    C:\Documents and Settings\Mick Warren\Cookies\U0L503D5.txt [ /serving-sys.com ]
    C:\Documents and Settings\Mick Warren\Cookies\B9O11774.txt [ /msnportal.112.2o7.net ]
    C:\Documents and Settings\Mick Warren\Cookies\TBMSYK0T.txt [ /statse.webtrendslive.com ]
    C:\Documents and Settings\Mick Warren\Cookies\N3DZYQ7Q.txt [ /cba.122.2o7.net ]
    C:\Documents and Settings\Mick Warren\Cookies\PPA6DOYX.txt [ /atdmt.com ]
    C:\Documents and Settings\Mick Warren\Cookies\X17DDNB0.txt [ /overture.com ]
    C:\Documents and Settings\Mick Warren\Cookies\HZLMB8EG.txt [ /findgala.com ]
    C:\Documents and Settings\Mick Warren\Cookies\Y4JELVY7.txt [ /c.atdmt.com ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.WARREN\Cookies\QMTD21ZM.txt [ Cookie:administrator@atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.WARREN\Cookies\CL6K93AV.txt [ Cookie:administrator@2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.WARREN\Cookies\UHFP2I3L.txt [ Cookie:administrator@interclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.WARREN\Cookies\6VSTVRJF.txt [ Cookie:administrator@fastclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\MICK WARREN\Cookies\3QL0T9TT.txt [ Cookie:mick warren@auspost.com.au/track/ ]
    acvs.mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    assets.porn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    banners.securedataimages.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    bc.youporn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    cdn-www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    cdn1.image.freeporn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    cdn1.static1.pornrabbit.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    cdn5.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    files.youporn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    gallys.legsex.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    h2porn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    hornyheaven4u.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    macromedia.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    media.khou.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    media.perthnow.com.au [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    media1.shufuni.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    pornotube.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    rmd.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    stat.easydate.biz [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    stat.ed.cupidplc.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    static.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    static.youporn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    staticedge.hardsextube.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    vidii.hardsextube.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    www.8teenxxx.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Alpha Porno - Free XXX porn TUBE MOVIES. Free Sex Video [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    www.hornyheaven4u.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Free Porn Videos, Porn Tube Movies, Sex Tube Videos, XXX Sex Clips [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    LegSex.com - Home of Foot Fetish Enthusiasts and Slutty Leg Girls [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Free Sex Videos - Hot Sex Movies - Free Porn Tube [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Free Porn Videos & Sex Movies - Porno, XXX, Porn Tube and Pussy Porn [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Porn Movies | Sex tube | XXX Videos | Free Adult Clips - Pornicom.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    PornoTube.com - Age Verification - Free Porn Videos, Sex Movies - Adult Videos, Tits, Pussy, XXX [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Free Porn Movies | PornTube.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    Sexy Videos Tube - Sexier than the other Tube :-) [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    wwwstatic.megaporn.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\82X4JB9J ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    acvs.mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    atdmt.com [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    c2.zedo.com [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    media.resulthost.org [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    oddcast.com [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]
    SoundClick - Free MP3 music download and much, much more. [ C:\DOCUMENTS AND SETTINGS\WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2NGQNSYA ]

    Trojan.Agent/Gen-Rimecud
    C:\DOCUMENTS AND SETTINGS\MICK WARREN\LOCAL SETTINGS\TEMP\SDM143\RESOURCEDLL.DLL

    PUP.MyWebSearch

    ========================================

    Malwarebytes Anti-Malware 1.60.1.1000
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.04.02.01

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Mick Warren :: WARREN [administrator]

    6/04/2012 12:53:01 PM
    mbam-log-2012-04-06 (12-53-01).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 397436
    Time elapsed: 34 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:35:09 AM, on 6/04/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\IProsetMonitor.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.25:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (file missing)
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Trojan Killer] "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 8826 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,029
    Points
    478

    Default

    Hi mick warren,

    Welcome to Help2Go!

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    My anti-virus is Trojan Killer hope its OK.
    Truly...I had never heard of Trojan Killer by GridinSoft till now. I took it upon myself to do some research on the software and just can't find anything nice to say about it. A majority of the sites that link you to the download are very suspicious. A couple of security experts even considered it a rogue program.

    My personal recommendation would be to get rid of it and not take the chance, then install a well known AV software such as Microsoft Security Essentials.

    If you choose to do so, select the enus\x86\mseinstall.exe 32-bit free download found under Files in this download that is 7.7MB in size from the link above.

    Download the setup file to your desktop but DO NOT install it till after you uninstall Trojan Killer by GridinSoft.


    Next:

    Please perform the following scans so our expert can have a look before we proceed:

    DDS
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

    GMER

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.
    -- If you encounter any problems, try running GMER in Safe Mode.

    Thank you!
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Hi Donna,

    Thanks for the speedy reply.....no seriously..i would never have expected anyone to pick it up for at least 48hrs ! so there u go you have blown me away!

    Trojan Killer was installed maybe 4 or 5 months back when i got a bad trojan or worm, cant quite remember, i could'nt find Kevin at KRC anymore so i actually got suckered into buying that program.....what can i say ... i was desperate...anyway it did what i needed it to at that time.

    When i ran GMER it only appeared to scan my C:/


    Trojan Killer is now history and MSE installed, your further instructions c/o logs follow.

    Thanks once more

    Mick Warren

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Mick Warren at 9:34:30 on 2012-04-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.335 [GMT 8:00]
    .
    AV: Malware Protection Center *Enabled/Updated* {DB6EEB75-16F3-4FB0-9277-14BBA06AF5F2}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: Malware Protection Center *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Settings,ProxyServer = 192.168.0.25:80
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Trojan Killer] "c:\program files\gridinsoft trojan killer\trojankiller.exe" 0
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "c:\documents and settings\mick warren\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
    mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
    mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D7D0C876-3569-40BF-882A-6F179F662BAA} : DhcpNameServer = 192.168.0.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    IFEO: image file execution options - svchost.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-13 652872]
    R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2011-7-29 56424]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-13 20464]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-7 135664]
    S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-7 135664]
    S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-7-10 112800]
    .
    =============== Created Last 30 ================
    .
    2012-04-07 01:24:46 6582328 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{fec44d9b-4008-482f-9f22-e0404e58af1a}\mpengine.dll
    2012-04-07 01:24:39 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-04-07 01:19:28 -------- d-----w- c:\program files\Microsoft Security Client
    2012-04-06 02:58:28 -------- d-----w- c:\documents and settings\mick warren\application data\SUPERAntiSpyware.com
    2012-04-06 02:57:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-06 02:57:17 -------- d-----w- c:\documents and settings\all users.windows\application data\SUPERAntiSpyware.com
    2012-04-06 02:54:45 15770528 ----a-w- c:\program files\SUPERAntiSpyware.exe
    2012-04-06 01:34:40 388096 ----a-r- c:\documents and settings\mick warren\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-04-06 01:34:39 -------- d-----w- c:\program files\Trend Micro
    2012-04-02 00:36:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-04-02 00:36:47 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-04-02 00:35:41 -------- d-----w- c:\program files\iPod
    2012-04-02 00:35:40 -------- d-----w- c:\program files\iTunes
    2012-03-27 14:32:10 -------- d-----w- c:\program files\iPod(2)
    2012-03-27 14:32:07 -------- d-----w- c:\program files\iTunes(2)
    2012-03-26 10:54:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-25 16:11:32 -------- d-----w- c:\documents and settings\mick warren\application data\PC Cleaners
    2012-03-25 16:11:27 -------- d-----w- c:\documents and settings\mick warren\application data\PCPro
    2012-03-25 16:11:25 -------- d-----w- c:\program files\PC Cleaners
    2012-03-11 08:13:08 -------- d-----w- c:\documents and settings\mick warren\application data\PC-FAX TX
    .
    ==================== Find3M ====================
    .
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20:25 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 9:36:22.37 ===============

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-04-07 15:03:56
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500JS-75NCB1 rev.10.02E01
    Running: fcx36r0k.exe; Driver: C:\DOCUME~1\MICKWA~1\LOCALS~1\Temp\uxtdqpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE572640]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text atapi.sys F743B852 1 Byte [CC] {INT 3 }
    ? C:\DOCUME~1\MICKWA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3672] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[3672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Fastfat \Fat ADBC8D20

    AttachedDevice \FileSystem\Fastfat \Fat InCDRec.sys (InCD File System Recognizer/Nero AG)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:156] 86E6239F
    Thread System [4:580] 868E40F4

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\Temp\TMP0000BEE2CE627C7BF55FE212 0 bytes

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,029
    Points
    478

    Default

    Hi Mick,

    Thanks for the speedy reply.....no seriously..i would never have expected anyone to pick it up for at least 48hrs ! so there u go you have blown me away!
    You're very welcome. After discussing your scans with our expert I will have to turn your thread over to him so he can guide you further in the cleansing process since I am still in training. Your patience is truly appreciated.

    Thank you,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,328
    Points
    144

    Default

    Hello,

    Welcome to Help2Go I will be assisting you with your malware removal.


    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.




    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKIller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    tdss

    [InfectedObject]
    Verdict: Virus.Win32.Rloader.a

    [InfectedObject]
    Type: Service
    Name: ACPI
    Type: Kernel driver (0x1)
    Start: Boot (0x0)
    ImagePath: system32\DRIVERS\ACPI.sys
    Suspicious states: Forged file;

    omboFix 12-04-09.06 - Mick Warren 10/04/2012 21:23:06.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.452 [GMT 8:00]
    Running from: c:\documents and settings\Mick Warren\Desktop\ComboFix.exe
    AV: Malware Protection Center *Enabled/Updated* {DB6EEB75-16F3-4FB0-9277-14BBA06AF5F2}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: Malware Protection Center *Enabled* {2648C9A4-4ECE-4F2E-95A7-78DAC514615F}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users.WINDOWS\Application Data\a22e0b
    c:\documents and settings\All Users.WINDOWS\Application Data\a22e0b\4641.mof
    c:\documents and settings\All Users.WINDOWS\Application Data\a22e0b\BackUp\Microsoft Office.lnk
    c:\documents and settings\All Users.WINDOWS\Application Data\a22e0b\MPC.ico
    c:\documents and settings\Mick Warren\Recent\DBOLE.tmp
    c:\documents and settings\Mick Warren\Recent\delfile.exe
    c:\documents and settings\Mick Warren\Recent\FS.dll
    c:\documents and settings\Mick Warren\Recent\FW.exe
    c:\documents and settings\Mick Warren\Recent\FW.sys
    c:\documents and settings\Mick Warren\Recent\gid.dll
    c:\documents and settings\Mick Warren\Recent\hymt.tmp
    c:\documents and settings\Mick Warren\Recent\kernel32.tmp
    c:\documents and settings\Mick Warren\Recent\runddlkey.sys
    c:\documents and settings\Mick Warren\Recent\SM.sys
    c:\documents and settings\Mick Warren\Recent\snl2w.dll
    c:\documents and settings\Mick Warren\Recent\snl2w.drv
    c:\documents and settings\Mick Warren\Recent\snl2w.tmp
    c:\documents and settings\Mick Warren\Recent\tempdoc.exe
    c:\documents and settings\Warren\My Documents\$AP29D.tmp
    c:\documents and settings\Warren\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-10 12:59 . 2012-04-10 12:59 711240 ----a-w- c:\windows\is-CK6M3.exe
    2012-04-10 00:10 . 2012-04-10 00:10 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-09 12:56 . 2012-03-13 11:15 6582328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2E0F8A3-E395-488C-BFA5-1AB37A0E56ED}\mpengine.dll
    2012-04-07 18:00 . 2012-03-13 11:15 6582328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-04-07 17:52 . 2009-08-06 11:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2012-04-07 17:52 . 2009-08-06 11:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2012-04-07 01:24 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-04-07 01:19 . 2012-04-07 01:20 -------- d-----w- c:\program files\Microsoft Security Client
    2012-04-06 02:58 . 2012-04-06 02:58 -------- d-----w- c:\documents and settings\Mick Warren\Application Data\SUPERAntiSpyware.com
    2012-04-06 02:57 . 2012-04-06 02:58 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-06 02:57 . 2012-04-06 02:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
    2012-04-06 01:34 . 2012-04-06 01:34 388096 ----a-r- c:\documents and settings\Mick Warren\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-06 01:34 . 2012-04-06 01:34 -------- d-----w- c:\program files\Trend Micro
    2012-04-02 00:36 . 2012-04-02 00:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-04-02 00:35 . 2012-04-02 00:35 -------- d-----w- c:\program files\iPod
    2012-04-02 00:35 . 2012-04-02 00:36 -------- d-----w- c:\program files\iTunes
    2012-03-26 10:54 . 2012-03-26 10:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-25 16:11 . 2012-03-25 16:11 -------- d-----w- c:\documents and settings\Mick Warren\Application Data\PC Cleaners
    2012-03-25 16:11 . 2012-03-25 16:11 -------- d-----w- c:\documents and settings\Mick Warren\Application Data\PCPro
    2012-03-25 16:11 . 2012-03-25 16:40 -------- d-----w- c:\program files\PC Cleaners
    2012-03-25 13:21 . 2012-03-25 13:21 -------- d-----w- c:\documents and settings\Administrator.WARREN\Application Data\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-10 00:23 . 2004-08-04 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    2012-04-04 07:56 . 2011-02-13 04:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-16 05:50 3072 ------w- c:\windows\system32\iacenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
    "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
    "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
    "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
    "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-09-01 1408872]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "InnoSetupRegFile.0000000001"="c:\windows\is-CK6M3.exe" [2012-04-10 711240]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-06-22 4837808]
    .
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 12:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 5:55 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 7:38 AM 116608]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/02/2011 12:52 PM 652872]
    R2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [29/07/2011 7:56 AM 56424]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/02/2011 12:52 PM 22344]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/04/2010 9:52 PM 135664]
    S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/04/2010 9:52 PM 135664]
    S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [10/07/2011 9:54 PM 112800]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 29070268
    *Deregistered* - 29070268
    *Deregistered* - uxtdqpog
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
    .
    2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-07 13:52]
    .
    2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-07 13:52]
    .
    2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-115176313-1801674531-1003Core.job
    - c:\documents and settings\Mick Warren\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-10 10:20]
    .
    2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-115176313-1801674531-1003UA.job
    - c:\documents and settings\Mick Warren\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-10 10:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    uInternet Settings,ProxyServer = 192.168.0.25:80
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\prxtbZyn2.dll
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
    HKCU-Run-Trojan Killer - c:\program files\GridinSoft Trojan Killer\trojankiller.exe
    SafeBoot-63969059.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-04-10 21:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(656)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-04-10 21:32:46
    ComboFix-quarantined-files.txt 2012-04-10 13:32
    .
    Pre-Run: 20,413,763,584 bytes free
    Post-Run: 23,952,740,352 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - BA39524F48040B7FFC5D2CDAD7F22F4D

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,328
    Points
    144

    Default

    Hello,


    I need to see the whole TdssKiller log. Pleae re-run TDssKIller and post its entire log. Also how is your machine running?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,328
    Points
    144

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-