Results 1 to 2 of 2

Thread: can't access internet after antivirone hijacked my laptop

  1. #1
    Junior Member
    Join Date
    Aug 2010
    Posts
    2

    Default can't access internet after antivirone hijacked my laptop

    I have an HP Pavilion running 64-bit Windows Vista. A week ago my computer had the antivirone hijacker on it that would not allow me to access websites and encouraged me to download the full version of their "antivirus software."

    Per http://remove-malware.net/how-to-remove-antivirone-com-hijacker/
    Edit-Disabled link.

    See: http://www.mywot.com/en/scorecard/remove-malware.net

    I deleted the virus file and removed the following registry entries:

    HKEY_CURRENT_USER\Software\wnxmal
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “{random}”
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “{random}”
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

    The article also told me to remove the following registry entries, which I did not find in my registry:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
    HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”

    After doing all this my computer still would not access the internet. I did a system restore and then it would tell me in Network Center that it is accessing the internet, but Firefox and IE wouldn't still could not find any server I would try. I made sure both browsers were set to auto-check proxy settings (I also tried "no proxy"), but still no internet. I found that Microsoft Outlook, Opera, and Yahoo Messenger could access the internet, but other software could not. I tried installing Kaspersky Anti-Virus, but it could not access the internet to be activated, so I could not run it. I was able to download the malwarebytes antivirus software, and it found nothing in a scan of the files or registry. I downloaded Spybot Search and Destroy (using my Opera browser), and it downloaded but I could not set it up because it could not access the internet on my computer. This has been the case with a number of other software packages (incl. Google Chrome): I can download them with Opera, but when I try to run them they say they cannot access the internet.

    Any thoughts on what is blocking me out?


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Owner at 10:11:26.52 on Sat 08/21/2010
    Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1982.794 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Opera\Opera.exe
    C:\Windows\splwow64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://trinitycomchurch.org/community/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mLocal Page = c:\windows\syswow64\blank.htm
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files (x86)\yahoo!\common\yiesrvc.dll
    BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\owner\appdata\local\temp\low\COUPON~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\users\owner\appdata\local\temp\low\CouponsBar.dll
    uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\syswow64\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
    mRun: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
    mRun: [NPSStartup]
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files (x86)\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files (x86)\libronix dls\system\FileProt.dll
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files (x86)\libronix dls\system\ResProt.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
    TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun-x64: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\a2alo2ge.default\
    FF - plugin: c:\program files (x86)\musicnotes\npmusicn.dll
    FF - plugin: c:\program files (x86)\musicnotes\NPSibelius.dll
    FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2007-8-13 52856]
    R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-6-20 292864]
    RUnknown SYMNDISV;SYMNDISV; [x]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-8 93184]
    S3 JLTECH0227;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2009-6-9 79920]
    S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-9-16 19968]
    S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2010-7-25 113664]
    S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2010-7-25 18944]
    S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2010-7-25 152064]
    S3 TFsExDisk;TFsExDisk;c:\windows\system32\drivers\TFsExDisk.sys [2010-7-24 16448]

    ============== File Associations ===============

    JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-08-18 17:19:04 0 d-----w- c:\windows\pss
    2010-08-18 03:23:02 14905 ----a-w- c:\users\owner\.recently-used.xbel
    2010-08-18 02:40:10 0 d-----w- c:\program files (x86)\Trend Micro
    2010-08-18 02:30:03 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2010-08-18 02:29:41 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-18 02:29:41 0 d-----w- c:\programdata\Malwarebytes
    2010-08-18 02:29:41 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-08-18 02:05:55 0 d-----w- c:\program files (x86)\common files\Tencent
    2010-08-18 02:05:37 0 d-----w- c:\program files (x86)\Tencent
    2010-08-18 02:05:15 18760 ----a-w- c:\windows\syswow64\QQVistaHelper.dll
    2010-08-18 02:05:15 0 d-----w- c:\users\owner\appdata\roaming\Tencent
    2010-08-18 01:23:13 0 d-----w- c:\windows\system32\wbem\repository
    2010-08-18 01:21:57 0 d-----w- c:\windows\Registration
    2010-08-18 01:20:04 65536 --sha-w- c:\users\owner\ntuser.dat{a8f8f457-aa63-11df-9661-001b248588a7}.TM.blf
    2010-08-18 01:20:04 524288 --sha-w- c:\users\owner\ntuser.dat{a8f8f457-aa63-11df-9661-001b248588a7}.TMContainer00000000000000000002.regtrans-ms
    2010-08-18 01:20:04 524288 --sha-w- c:\users\owner\ntuser.dat{a8f8f457-aa63-11df-9661-001b248588a7}.TMContainer00000000000000000001.regtrans-ms
    2010-08-17 23:12:08 65536 --sha-w- c:\users\owner\ntuser.dat{74d3ef3c-aa50-11df-af0a-001b248588a7}.TM.blf
    2010-08-17 23:12:08 524288 --sha-w- c:\users\owner\ntuser.dat{74d3ef3c-aa50-11df-af0a-001b248588a7}.TMContainer00000000000000000002.regtrans-ms
    2010-08-17 23:12:08 524288 --sha-w- c:\users\owner\ntuser.dat{74d3ef3c-aa50-11df-af0a-001b248588a7}.TMContainer00000000000000000001.regtrans-ms
    2010-08-17 17:08:58 0 d-----w- c:\program files\TeeSupport
    2010-08-17 16:27:43 0 d-----w- c:\users\owner\appdata\roaming\PC Tools
    2010-08-17 16:27:43 0 d-----w- c:\programdata\PC Tools
    2010-08-17 16:27:43 0 d-----w- c:\program files (x86)\Spyware Doctor
    2010-08-17 16:27:43 0 d-----w- c:\program files (x86)\common files\PC Tools
    2010-08-17 15:57:00 65536 --sha-w- c:\users\owner\ntuser.dat{1f7ed940-a7e5-11df-a948-001b248588a7}.TM.blf
    2010-08-17 15:57:00 524288 --sha-w- c:\users\owner\ntuser.dat{1f7ed940-a7e5-11df-a948-001b248588a7}.TMContainer00000000000000000002.regtrans-ms
    2010-08-17 15:57:00 524288 --sha-w- c:\users\owner\ntuser.dat{1f7ed940-a7e5-11df-a948-001b248588a7}.TMContainer00000000000000000001.regtrans-ms
    2010-08-14 03:15:47 0 d-----w- c:\programdata\Kaspersky Lab
    2010-08-14 03:15:47 0 d-----w- c:\program files (x86)\Kaspersky Lab
    2010-08-14 02:55:12 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-07-25 05:02:18 18944 ----a-w- c:\windows\system32\drivers\ssecmdfl.sys
    2010-07-25 05:02:18 15872 ----a-w- c:\windows\system32\drivers\ssecwhnt.sys
    2010-07-25 05:02:18 15872 ----a-w- c:\windows\system32\drivers\ssecwh.sys
    2010-07-25 05:02:18 152064 ----a-w- c:\windows\system32\drivers\ssecmdm.sys
    2010-07-25 05:02:18 14848 ----a-w- c:\windows\system32\drivers\sseccmnt.sys
    2010-07-25 05:02:18 14848 ----a-w- c:\windows\system32\drivers\sseccm.sys
    2010-07-25 05:02:18 113664 ----a-w- c:\windows\system32\drivers\ssecbus.sys
    2010-07-25 04:57:27 25960 ----a-w- c:\windows\syswow64\FsExService64.Exe
    2010-07-25 04:57:27 25960 ----a-w- c:\windows\system32\FsExService64.exe
    2010-07-25 04:57:27 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys
    2010-07-25 04:56:35 0 d-----w- c:\users\owner\appdata\roaming\Samsung
    2010-07-25 04:55:13 0 d-----w- c:\program files (x86)\MarkAny
    2010-07-25 04:54:23 0 d-----w- c:\program files (x86)\Samsung
    2010-07-25 02:54:19 0 d-----w- c:\program files\SAMSUNG
    2010-07-25 02:53:25 0 d-----w- c:\programdata\Samsung
    2010-07-23 16:02:18 0 d-----w- c:\program files\iPod
    2010-07-23 16:02:13 0 d-----w- c:\program files\iTunes

    ==================== Find3M ====================

    2010-08-21 13:43:18 117971 ----a-w- c:\programdata\nvModes.dat
    2010-08-18 17:41:55 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-08-18 17:41:55 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-08-18 17:41:55 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-05-26 16:53:52 48128 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 16:16:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-26 14:56:53 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-26 14:25:15 289792 ----a-w- c:\windows\syswow64\atmfd.dll
    2009-09-12 13:54:21 174 --sha-w- c:\program files\desktop.ini
    2009-09-12 13:54:21 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-09-12 13:33:34 665600 ----a-w- c:\windows\inf\drvindex.dat
    2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-04-03 02:16:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-04-03 02:16:09 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-04-03 02:16:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2010-04-03 02:16:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-02-01 23:36:13 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 10:15:33.70 ===============
    Last edited by tashi; 2010-08-21 at 20:38. Reason: Copy pasted log into topic, disabled link.

  2. #2
    Junior Member
    Join Date
    Aug 2010
    Posts
    2

    Default Problem solved

    Someone just searched my registry for ProxyOverride and found another entry for that. He deleted it and my problem seems to be solved. Thanks for your help.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •