PDA

View Full Version : can't access internet after antivirone hijacked my laptop



davidancf
2010-08-21, 18:37
I have an HP Pavilion running 64-bit Windows Vista. A week ago my computer had the antivirone hijacker on it that would not allow me to access websites and encouraged me to download the full version of their "antivirus software."

Per http://remove-malware.net/how-to-remove-antivirone-com-hijacker/
Edit-Disabled link.
See: http://www.mywot.com/en/scorecard/remove-malware.net

I deleted the virus file and removed the following registry entries:

HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “{random}”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “{random}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

The article also told me to remove the following registry entries, which I did not find in my registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”

After doing all this my computer still would not access the internet. I did a system restore and then it would tell me in Network Center that it is accessing the internet, but Firefox and IE wouldn't still could not find any server I would try. I made sure both browsers were set to auto-check proxy settings (I also tried "no proxy"), but still no internet. I found that Microsoft Outlook, Opera, and Yahoo Messenger could access the internet, but other software could not. I tried installing Kaspersky Anti-Virus, but it could not access the internet to be activated, so I could not run it. I was able to download the malwarebytes antivirus software, and it found nothing in a scan of the files or registry. I downloaded Spybot Search and Destroy (using my Opera browser), and it downloaded but I could not set it up because it could not access the internet on my computer. This has been the case with a number of other software packages (incl. Google Chrome): I can download them with Opera, but when I try to run them they say they cannot access the internet.

Any thoughts on what is blocking me out?


DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 10:11:26.52 on Sat 08/21/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1982.794 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Windows\splwow64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://trinitycomchurch.org/community/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files (x86)\yahoo!\common\yiesrvc.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\owner\appdata\local\temp\low\COUPON~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\users\owner\appdata\local\temp\low\CouponsBar.dll
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\syswow64\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files (x86)\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files (x86)\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files (x86)\libronix dls\system\ResProt.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\a2alo2ge.default\
FF - plugin: c:\program files (x86)\musicnotes\npmusicn.dll
FF - plugin: c:\program files (x86)\musicnotes\NPSibelius.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2007-8-13 52856]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-6-20 292864]
RUnknown SYMNDISV;SYMNDISV; [x]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-8 93184]
S3 JLTECH0227;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2009-6-9 79920]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-9-16 19968]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2010-7-25 113664]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2010-7-25 18944]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2010-7-25 152064]
S3 TFsExDisk;TFsExDisk;c:\windows\system32\drivers\TFsExDisk.sys [2010-7-24 16448]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-18 17:19:04 0 d-----w- c:\windows\pss
2010-08-18 03:23:02 14905 ----a-w- c:\users\owner\.recently-used.xbel
2010-08-18 02:40:10 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-18 02:30:03 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2010-08-18 02:29:41 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 02:29:41 0 d-----w- c:\programdata\Malwarebytes
2010-08-18 02:29:41 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-18 02:05:55 0 d-----w- c:\program files (x86)\common files\Tencent
2010-08-18 02:05:37 0 d-----w- c:\program files (x86)\Tencent
2010-08-18 02:05:15 18760 ----a-w- c:\windows\syswow64\QQVistaHelper.dll
2010-08-18 02:05:15 0 d-----w- c:\users\owner\appdata\roaming\Tencent
2010-08-18 01:23:13 0 d-----w- c:\windows\system32\wbem\repository
2010-08-18 01:21:57 0 d-----w- c:\windows\Registration
2010-08-18 01:20:04 65536 --sha-w- c:\users\owner\ntuser.dat{a8f8f457-aa63-11df-9661-001b248588a7}.TM.blf
2010-08-18 01:20:04 524288 --sha-w- c:\users\owner\ntuser.dat{a8f8f457-aa63-11df-9661-001b248588a7}.TMContainer00000000000000000002.regtrans-ms
2010-08-18 01:20:04 524288 --sha-w- c:\users\owner\ntuser.dat{a8f8f457-aa63-11df-9661-001b248588a7}.TMContainer00000000000000000001.regtrans-ms
2010-08-17 23:12:08 65536 --sha-w- c:\users\owner\ntuser.dat{74d3ef3c-aa50-11df-af0a-001b248588a7}.TM.blf
2010-08-17 23:12:08 524288 --sha-w- c:\users\owner\ntuser.dat{74d3ef3c-aa50-11df-af0a-001b248588a7}.TMContainer00000000000000000002.regtrans-ms
2010-08-17 23:12:08 524288 --sha-w- c:\users\owner\ntuser.dat{74d3ef3c-aa50-11df-af0a-001b248588a7}.TMContainer00000000000000000001.regtrans-ms
2010-08-17 17:08:58 0 d-----w- c:\program files\TeeSupport
2010-08-17 16:27:43 0 d-----w- c:\users\owner\appdata\roaming\PC Tools
2010-08-17 16:27:43 0 d-----w- c:\programdata\PC Tools
2010-08-17 16:27:43 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-08-17 16:27:43 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-08-17 15:57:00 65536 --sha-w- c:\users\owner\ntuser.dat{1f7ed940-a7e5-11df-a948-001b248588a7}.TM.blf
2010-08-17 15:57:00 524288 --sha-w- c:\users\owner\ntuser.dat{1f7ed940-a7e5-11df-a948-001b248588a7}.TMContainer00000000000000000002.regtrans-ms
2010-08-17 15:57:00 524288 --sha-w- c:\users\owner\ntuser.dat{1f7ed940-a7e5-11df-a948-001b248588a7}.TMContainer00000000000000000001.regtrans-ms
2010-08-14 03:15:47 0 d-----w- c:\programdata\Kaspersky Lab
2010-08-14 03:15:47 0 d-----w- c:\program files (x86)\Kaspersky Lab
2010-08-14 02:55:12 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-07-25 05:02:18 18944 ----a-w- c:\windows\system32\drivers\ssecmdfl.sys
2010-07-25 05:02:18 15872 ----a-w- c:\windows\system32\drivers\ssecwhnt.sys
2010-07-25 05:02:18 15872 ----a-w- c:\windows\system32\drivers\ssecwh.sys
2010-07-25 05:02:18 152064 ----a-w- c:\windows\system32\drivers\ssecmdm.sys
2010-07-25 05:02:18 14848 ----a-w- c:\windows\system32\drivers\sseccmnt.sys
2010-07-25 05:02:18 14848 ----a-w- c:\windows\system32\drivers\sseccm.sys
2010-07-25 05:02:18 113664 ----a-w- c:\windows\system32\drivers\ssecbus.sys
2010-07-25 04:57:27 25960 ----a-w- c:\windows\syswow64\FsExService64.Exe
2010-07-25 04:57:27 25960 ----a-w- c:\windows\system32\FsExService64.exe
2010-07-25 04:57:27 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys
2010-07-25 04:56:35 0 d-----w- c:\users\owner\appdata\roaming\Samsung
2010-07-25 04:55:13 0 d-----w- c:\program files (x86)\MarkAny
2010-07-25 04:54:23 0 d-----w- c:\program files (x86)\Samsung
2010-07-25 02:54:19 0 d-----w- c:\program files\SAMSUNG
2010-07-25 02:53:25 0 d-----w- c:\programdata\Samsung
2010-07-23 16:02:18 0 d-----w- c:\program files\iPod
2010-07-23 16:02:13 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-08-21 13:43:18 117971 ----a-w- c:\programdata\nvModes.dat
2010-08-18 17:41:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-18 17:41:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-18 17:41:55 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 16:53:52 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 14:56:53 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2009-09-12 13:54:21 174 --sha-w- c:\program files\desktop.ini
2009-09-12 13:54:21 174 --sha-w- c:\program files (x86)\desktop.ini
2009-09-12 13:33:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-03 02:16:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-03 02:16:09 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-03 02:16:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-04-03 02:16:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-01 23:36:13 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 10:15:33.70 ===============

davidancf
2010-08-22, 20:52
Someone just searched my registry for ProxyOverride and found another entry for that. He deleted it and my problem seems to be solved. Thanks for your help.