1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

redirect google search

Discussion in 'Virus & Other Malware Removal' started by fluided, Jul 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. fluided

    fluided Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    3
    hi
    my problem is: from one week my google home page have a different design , is slow to start, and in all the search's come out the same websites (tripadvisor.com - looksearch.com - upspiral.com ecc..)
    I run windowsxp sp2, use firefox, antivir, zoneallarm, all up to date.
    tryed to fix problem with: spybot-adAware-avg-spycatcher-spycleanergold-cwsredder- and many other....(n)
    some of them found infected file and delete it or quarantine.
    but google page is still false, I really don't know how remove it.
    any suggestion?
    ps...sorry for my bad english...

    here my hijackthis log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 11.29.19, on 13/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
    C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\SpyCatcher\DeleteSvc.exe
    C:\WINDOWS\stsystra.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Programmi\Creative\Mixer\CTSVolFE.exe
    C:\Programmi\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Programmi\Dell AIO 810\dlcgmon.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Dell\QuickSet\Quickset.exe
    C:\WINDOWS\system32\dlcgcoms.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Stickies\Stickies.exe
    C:\Programmi\PeerGuardian2\pg2.exe
    C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Fluided\Desktop\spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Programmi\SpyCatcher\SCActiveBlock.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Programmi\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmi\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Programmi\Dell AIO 810\dlcgmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programmi\SpyCatcher\DeleteSatellite.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Programmi\SpyCatcher\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Programmi\SpyCatcher\DeleteSatellite.exe" nowait
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Stickies] C:\Programmi\Stickies\Stickies.exe
    O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4594CCD0-3CF0-4E7B-8242-CF777740A4A2}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{83A7C495-0D19-433C-A873-8229E384AE13}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{87D1807C-77C7-4E8D-86BF-6C5B087283AE}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9633994B-F315-4FA1-B19D-AFDBDAEEB127}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E9AA8010-D5B8-43F3-9439-8895CCE2B53C}: NameServer = 194.54.90.238
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Programmi\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Programmi\SpyCatcher\DeleteSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



    Thanks!
     
  2. fluided

    fluided Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    3
    after read other thread in the forum, i send you also the combofix log file....can somebody help me please???
    thanks




    "Fluided" - 2007-07-13 13.47.45 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 10:13 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
    2007-07-13 10:13 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\SUPERAntiSpyware.com
    2007-07-13 10:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\SUPERAntiSpyware.com
    2007-07-13 10:01 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 09:48 <DIR> d-------- C:\Programmi\Safer Networking
    2007-07-09 12:53 <DIR> d-------- C:\Programmi\WhatsRunning
    2007-07-09 12:32 <DIR> d-------- C:\Programmi\CCleaner
    2007-07-09 10:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\Tenebril
    2007-07-09 10:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATIAP~1\Tenebril
    2007-07-09 09:50 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
    2007-07-09 09:50 <DIR> d-------- C:\Programmi\SpyCatcher
    2007-07-09 09:50 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\Tenebril
    2007-07-09 09:41 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
    2007-07-09 09:41 <DIR> d-------- C:\Programmi\Spy Cleaner Gold
    2007-07-09 09:30 <DIR> d-------- C:\Programmi\BillP Studios
    2007-07-09 09:30 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\WinPatrol
    2007-07-08 15:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\Lavasoft
    2007-07-08 13:52 <DIR> d-------- C:\Programmi\Sophos
    2007-07-06 18:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2007-07-06 10:23 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
    2007-07-06 10:22 <DIR> d-------- C:\VEXPLITE
    2007-07-05 17:45 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
    2007-07-05 11:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-30 09:40 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\Yahoo!
    2007-06-26 18:34 <DIR> d-------- C:\Programmi\Windows Media Connect 2
    2007-06-26 18:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-06-26 18:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-06-26 18:09 73,728 --a------ C:\WINDOWS\system32\xmltok.dll
    2007-06-26 18:09 7,962,624 --a------ C:\WINDOWS\system32\SVI.dll
    2007-06-26 18:09 614,400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll
    2007-06-26 18:09 61,440 --a------ C:\WINDOWS\system32\libjpegV4.dll
    2007-06-26 18:09 5,600 --a------ C:\WINDOWS\system\winaspi.dll
    2007-06-26 18:09 466,944 --a------ C:\WINDOWS\system32\ommclient.dll
    2007-06-26 18:09 40,960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll
    2007-06-26 18:09 4,672 --a------ C:\WINDOWS\system\wowpost.exe
    2007-06-26 18:09 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
    2007-06-26 18:09 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
    2007-06-22 10:50 22,528 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
    2007-06-22 10:50 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2007-06-22 10:04 <DIR> d-------- C:\Programmi\Motorola


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-13 11:48:40 -------- d-----w C:\Programmi\PeerGuardian2
    2007-07-13 08:12:54 -------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
    2007-07-13 07:15:47 51,200 ------w C:\WINDOWS\bdoscandel.exe
    2007-07-13 07:15:47 49,152 ------w C:\WINDOWS\system32\avisynthEx.dll
    2007-07-13 07:15:47 0 ---h--w C:\Programmi\gamespy arcade
    2007-07-11 16:02:50 -------- d--h--w C:\Programmi\InstallShield Installation Information
    2007-07-11 16:02:20 -------- d-----w C:\Programmi\Avid
    2007-07-11 07:41:15 76,322 ----a-w C:\WINDOWS\system32\perfc010.dat
    2007-07-11 07:41:15 452,218 ----a-w C:\WINDOWS\system32\perfh010.dat
    2007-07-09 15:18:38 -------- d-----w C:\Programmi\WinMX
    2007-07-09 10:32:58 -------- d-----w C:\Programmi\Yahoo!
    2007-07-08 14:10:27 -------- d-----w C:\Programmi\AdwareAlert
    2007-07-08 11:40:10 -------- d-----w C:\Programmi\RegistrySmart
    2007-07-06 07:21:40 -------- d-----w C:\Programmi\Dell
    2007-07-01 12:15:33 -------- d-----w C:\Programmi\eMule
    2007-06-22 08:07:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
    2007-06-22 08:07:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
    2007-06-22 08:06:57 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2007-06-22 08:06:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-06-16 07:21:16 -------- d-----w C:\DOCUME~1\Fluided\DATIAP~1\U3
    2007-06-16 06:26:22 -------- d-----w C:\Programmi\Dl_cats
    2007-06-13 09:12:03 2,557 ----a-w C:\WINDOWS\mozver.dat
    2007-06-08 16:30:29 -------- d-----w C:\Programmi\Gadwin Systems
    2007-06-07 18:53:51 -------- d--h--w C:\DOCUME~1\Fluided\DATIAP~1\GTek
    2007-06-07 18:53:03 -------- d-----w C:\Programmi\DellSupport
    2007-06-01 16:02:19 -------- d-----w C:\Programmi\IKEA HomePlanner
    2007-05-30 12:29:09 -------- d-----w C:\Programmi\Google
    2007-05-16 15:12:56 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:04 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
    2007-03-03 01:10:21 88 --sh--r C:\WINDOWS\system32\A190B05EB2.sys
    2007-03-03 01:10:24 3,922 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
    2005-01-02 22:25 124624 --a------ C:\Programmi\SpyCatcher\SCActiveBlock.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2004-12-06 02:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    2006-06-29 12:41 94208 --a------ C:\Programmi\BAE\BAE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
    "ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
    "SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
    "IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
    "IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
    "DVDLauncher"="C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
    "CTSVolFE.exe"="C:\Programmi\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57]
    "DMXLauncher"="C:\Programmi\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
    "ISUSPM Startup"="C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
    "ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
    "@"="" []
    "MSKDetectorExe"="C:\Programmi\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05]
    "avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-24 09:43]
    "dlcgmon.exe"="C:\Programmi\Dell AIO 810\dlcgmon.exe" [2005-10-21 03:43]
    "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-08-22 01:01]
    "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-09-09 09:26]
    "Dell QuickSet"="C:\Programmi\Dell\QuickSet\Quickset.exe" [2006-04-06 15:58]
    "RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" []
    "SMSERIAL"="sm56hlpr.exe" []
    "ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    "!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "GhostSurfDelSatellite"="C:\Programmi\SpyCatcher\DeleteSatellite.exe" [2005-01-04 11:17]
    "SpyCatcher Reminder"="C:\Programmi\SpyCatcher\SpyCatcher.exe" [2004-11-26 17:14]
    "Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]
    "Stickies"="C:\Programmi\Stickies\Stickies.exe" [2003-02-10 07:07]
    "PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
    "SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "GhostSurfDelSatellite"="C:\Programmi\SpyCatcher\DeleteSatellite.exe" nowait

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\WINDOWS\warnhp.html
    FriendlyName= Desktop Uninstall

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Programmi\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b0984a-5456-11db-82a9-0015c53d1e41}]
    AutoRun\command- F:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PGFILTER
    *Newly Created Service* - SASDIFSV
    *Newly Created Service* - SASENUM
    *Newly Created Service* - SASKUTIL

    Contents of the 'Scheduled Tasks' folder
    2007-05-17 01:00:00 C:\WINDOWS\tasks\RegCure.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 13:49:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    SMSERIAL = sm56hlpr.exe?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 13.50.11
    C:\ComboFix2.txt ... 2007-07-13 10:04

    --- E O F ---
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Run SUPERAntiSpyware and post the resulting log along with a new HJT log.
     
  4. fluided

    fluided Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    3
    it's all ok now. thanks.
    I fix:
    O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Programmi\Dell AIO 810\dlcgmon.exe
    and google return normal.
    :D
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, if you say so.

    I think you should check with your ISP and see if these belong to the service.
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4594CCD0-3CF0-4E7B-8242-CF777740A4A2}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{83A7C495-0D19-433C-A873-8229E384AE13}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{87D1807C-77C7-4E8D-86BF-6C5B087283AE}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9633994B-F315-4FA1-B19D-AFDBDAEEB127}: NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E9AA8010-D5B8-43F3-9439-8895CCE2B53C}: NameServer = 194.54.90.238
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595213

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice