redirect google search

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

fluided

Thread Starter
Joined
Jul 13, 2007
Messages
3
hi
my problem is: from one week my google home page have a different design , is slow to start, and in all the search's come out the same websites (tripadvisor.com - looksearch.com - upspiral.com ecc..)
I run windowsxp sp2, use firefox, antivir, zoneallarm, all up to date.
tryed to fix problem with: spybot-adAware-avg-spycatcher-spycleanergold-cwsredder- and many other....(n)
some of them found infected file and delete it or quarantine.
but google page is still false, I really don't know how remove it.
any suggestion?
ps...sorry for my bad english...

here my hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 11.29.19, on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\SpyCatcher\DeleteSvc.exe
C:\WINDOWS\stsystra.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmi\Creative\Mixer\CTSVolFE.exe
C:\Programmi\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Dell AIO 810\dlcgmon.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Stickies\Stickies.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fluided\Desktop\spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Programmi\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Programmi\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmi\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Programmi\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programmi\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Programmi\SpyCatcher\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Programmi\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Stickies] C:\Programmi\Stickies\Stickies.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4594CCD0-3CF0-4E7B-8242-CF777740A4A2}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{83A7C495-0D19-433C-A873-8229E384AE13}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{87D1807C-77C7-4E8D-86BF-6C5B087283AE}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{9633994B-F315-4FA1-B19D-AFDBDAEEB127}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9AA8010-D5B8-43F3-9439-8895CCE2B53C}: NameServer = 194.54.90.238
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Programmi\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Programmi\SpyCatcher\DeleteSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Thanks!
 

fluided

Thread Starter
Joined
Jul 13, 2007
Messages
3
after read other thread in the forum, i send you also the combofix log file....can somebody help me please???
thanks




"Fluided" - 2007-07-13 13.47.45 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 10:13 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-07-13 10:13 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\SUPERAntiSpyware.com
2007-07-13 10:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\SUPERAntiSpyware.com
2007-07-13 10:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 09:48 <DIR> d-------- C:\Programmi\Safer Networking
2007-07-09 12:53 <DIR> d-------- C:\Programmi\WhatsRunning
2007-07-09 12:32 <DIR> d-------- C:\Programmi\CCleaner
2007-07-09 10:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\Tenebril
2007-07-09 10:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATIAP~1\Tenebril
2007-07-09 09:50 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-07-09 09:50 <DIR> d-------- C:\Programmi\SpyCatcher
2007-07-09 09:50 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\Tenebril
2007-07-09 09:41 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-07-09 09:41 <DIR> d-------- C:\Programmi\Spy Cleaner Gold
2007-07-09 09:30 <DIR> d-------- C:\Programmi\BillP Studios
2007-07-09 09:30 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\WinPatrol
2007-07-08 15:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\Lavasoft
2007-07-08 13:52 <DIR> d-------- C:\Programmi\Sophos
2007-07-06 18:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-06 10:23 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-07-06 10:22 <DIR> d-------- C:\VEXPLITE
2007-07-05 17:45 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
2007-07-05 11:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-30 09:40 <DIR> d-------- C:\DOCUME~1\Fluided\DATIAP~1\Yahoo!
2007-06-26 18:34 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2007-06-26 18:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-26 18:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-26 18:09 73,728 --a------ C:\WINDOWS\system32\xmltok.dll
2007-06-26 18:09 7,962,624 --a------ C:\WINDOWS\system32\SVI.dll
2007-06-26 18:09 614,400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll
2007-06-26 18:09 61,440 --a------ C:\WINDOWS\system32\libjpegV4.dll
2007-06-26 18:09 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2007-06-26 18:09 466,944 --a------ C:\WINDOWS\system32\ommclient.dll
2007-06-26 18:09 40,960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll
2007-06-26 18:09 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2007-06-26 18:09 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-06-26 18:09 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-06-22 10:50 22,528 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-06-22 10:50 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-06-22 10:04 <DIR> d-------- C:\Programmi\Motorola


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 11:48:40 -------- d-----w C:\Programmi\PeerGuardian2
2007-07-13 08:12:54 -------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-07-13 07:15:47 51,200 ------w C:\WINDOWS\bdoscandel.exe
2007-07-13 07:15:47 49,152 ------w C:\WINDOWS\system32\avisynthEx.dll
2007-07-13 07:15:47 0 ---h--w C:\Programmi\gamespy arcade
2007-07-11 16:02:50 -------- d--h--w C:\Programmi\InstallShield Installation Information
2007-07-11 16:02:20 -------- d-----w C:\Programmi\Avid
2007-07-11 07:41:15 76,322 ----a-w C:\WINDOWS\system32\perfc010.dat
2007-07-11 07:41:15 452,218 ----a-w C:\WINDOWS\system32\perfh010.dat
2007-07-09 15:18:38 -------- d-----w C:\Programmi\WinMX
2007-07-09 10:32:58 -------- d-----w C:\Programmi\Yahoo!
2007-07-08 14:10:27 -------- d-----w C:\Programmi\AdwareAlert
2007-07-08 11:40:10 -------- d-----w C:\Programmi\RegistrySmart
2007-07-06 07:21:40 -------- d-----w C:\Programmi\Dell
2007-07-01 12:15:33 -------- d-----w C:\Programmi\eMule
2007-06-22 08:07:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-06-22 08:07:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-06-22 08:06:57 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-06-22 08:06:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-06-16 07:21:16 -------- d-----w C:\DOCUME~1\Fluided\DATIAP~1\U3
2007-06-16 06:26:22 -------- d-----w C:\Programmi\Dl_cats
2007-06-13 09:12:03 2,557 ----a-w C:\WINDOWS\mozver.dat
2007-06-08 16:30:29 -------- d-----w C:\Programmi\Gadwin Systems
2007-06-07 18:53:51 -------- d--h--w C:\DOCUME~1\Fluided\DATIAP~1\GTek
2007-06-07 18:53:03 -------- d-----w C:\Programmi\DellSupport
2007-06-01 16:02:19 -------- d-----w C:\Programmi\IKEA HomePlanner
2007-05-30 12:29:09 -------- d-----w C:\Programmi\Google
2007-05-16 15:12:56 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:04 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-03-03 01:10:21 88 --sh--r C:\WINDOWS\system32\A190B05EB2.sys
2007-03-03 01:10:24 3,922 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
2005-01-02 22:25 124624 --a------ C:\Programmi\SpyCatcher\SCActiveBlock.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 02:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-06-29 12:41 94208 --a------ C:\Programmi\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"DVDLauncher"="C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"CTSVolFE.exe"="C:\Programmi\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57]
"DMXLauncher"="C:\Programmi\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"ISUSPM Startup"="C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"@"="" []
"MSKDetectorExe"="C:\Programmi\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-24 09:43]
"dlcgmon.exe"="C:\Programmi\Dell AIO 810\dlcgmon.exe" [2005-10-21 03:43]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-08-22 01:01]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-09-09 09:26]
"Dell QuickSet"="C:\Programmi\Dell\QuickSet\Quickset.exe" [2006-04-06 15:58]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" []
"SMSERIAL"="sm56hlpr.exe" []
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"GhostSurfDelSatellite"="C:\Programmi\SpyCatcher\DeleteSatellite.exe" [2005-01-04 11:17]
"SpyCatcher Reminder"="C:\Programmi\SpyCatcher\SpyCatcher.exe" [2004-11-26 17:14]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]
"Stickies"="C:\Programmi\Stickies\Stickies.exe" [2003-02-10 07:07]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"GhostSurfDelSatellite"="C:\Programmi\SpyCatcher\DeleteSatellite.exe" nowait

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b0984a-5456-11db-82a9-0015c53d1e41}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PGFILTER
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL

Contents of the 'Scheduled Tasks' folder
2007-05-17 01:00:00 C:\WINDOWS\tasks\RegCure.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 13:49:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SMSERIAL = sm56hlpr.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 13.50.11
C:\ComboFix2.txt ... 2007-07-13 10:04

--- E O F ---
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!

Run SUPERAntiSpyware and post the resulting log along with a new HJT log.
 

fluided

Thread Starter
Joined
Jul 13, 2007
Messages
3
it's all ok now. thanks.
I fix:
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Programmi\Dell AIO 810\dlcgmon.exe
and google return normal.
:D
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
OK, if you say so.

I think you should check with your ISP and see if these belong to the service.
O17 - HKLM\System\CCS\Services\Tcpip\..\{4594CCD0-3CF0-4E7B-8242-CF777740A4A2}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{83A7C495-0D19-433C-A873-8229E384AE13}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{87D1807C-77C7-4E8D-86BF-6C5B087283AE}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{9633994B-F315-4FA1-B19D-AFDBDAEEB127}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9AA8010-D5B8-43F3-9439-8895CCE2B53C}: NameServer = 194.54.90.238
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top