PDA

View Full Version : Weird internet problem.


Nenya awakens
20-10-09, 09:45
For the last hour when i've been fiddling around on facebook i keep getting a problem where the page suddenly loads to a different page and says the following..


Warning this could be a phishing site

and gives the option to go back or procceed.. obviously i go back.

I've changed my passwords but does anyone know what this is?

EscondeR
20-10-09, 10:24
1. Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report.

2. That may be pop-under ad as well. What page redirects? Facebook itself?

3. Run antivirus scan.

N.B.: To get rid of ads, banners, etc get AdMuncher :tmb:

Nenya awakens
20-10-09, 11:17
Yeah its the actual Facebook page itself, it either asked me to put my password in again or pops up with this screen

http://i14.photobucket.com/albums/a303/veronica5464/untitled-11.jpg

Its only facebook its doing it with, i made sure i changed my password.

I ran a virus scan and i run my Spyware terminator but it found nothing.

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Acronis Scheduler 2"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AcrSch2Svc
Program path & name:
"c:\program files\common files\acronis\schedule2\schedul2.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"Macrovision RTS Service"
Publisher:
"(Not verified) Macrovision"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
C-DillaCdaC11BA
Program path & name:
"c:\windows\system32\drivers\cdac11ba.exe"
Enabled: [V]


Program:
"Prefetches JRE files for faster startup of Java applets and applications"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
JavaQuickStarterService
Program path & name:
"c:\program files\java\jre6\bin\jqs.exe"
Enabled: [V]


Program:
"Event Log Watch"
Publisher:
"(Not verified) Computer Associates"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LogWatch
Program path & name:
"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe"
Enabled: [ ]


Program:
"Manages local and remote debugging for Visual Studio debuggers"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MDM
Program path & name:
"c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
Enabled: [ ]


Program:
"Spyware Terminator Realtime Shield Service"
Publisher:
"(Not verified) Crawler.com"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sp_rssrv
Program path & name:
"c:\program files\spyware terminator\sp_rsser.exe"
Enabled: [V]


Program:
"Monitors Tomb Raider + Gold executables that runs under NTVDM process. On multiprocessor systems sets the CPU affinity to first processor only to avoid game freezing and savegame corruptions."
Publisher:
"(Not verified) RatkovicDesign"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TraiHelper
Program path & name:
"c:\tombraid\traisvcs.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
WLTRYSVC
Program path & name:
c:\windows\system32\wltrysvc.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
67c3633d
Program path & name:
c:\windows\system32\drivers\67c3633d.sys"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ArtFirewall
Program path & name:
c:\windows\system32\drivers\pfwall.sys"
Enabled: [V]


Program:
"ASAPI"
Publisher:
"(Not verified) VOB Computersysteme GmbH"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ASAPIW2K
Program path & name:
"c:\windows\system32\drivers\asapiw2k.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aticdsdr
Program path & name:
File not found: C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avgldx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avgtdix
Program path & name:
"c:\windows\system32\drivers\avgtdix.sys"
Enabled: [V]


Program:
"Macrovision SECURITY Driver"
Publisher:
"(Not verified) Macrovision Europe Ltd"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CdaC15BA
Program path & name:
"c:\windows\system32\drivers\cdac15ba.sys"
Enabled: [V]


Program:
"CPU-Z Driver"
Publisher:
"(Not verified) Windows (R) 2000 DDK provider"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cpuz126
Program path & name:
"c:\program files\pc wizard 2007 orca logic edition\pcwiz32.sys"
Enabled: [V]


Program:
"Universal Serial Bus Camera Driver"
Publisher:
"(Not verified) Service & Quality Technology."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
DCamUSBSQTECH
Program path & name:
"c:\windows\system32\drivers\sqcaptur.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
giveio
Program path & name:
c:\windows\system32\giveio.sys"
Enabled: [V]


Program:
"AEGIS Protocol (IEEE 802.1x) v2.3.1.7"
Publisher:
"(Not verified) Meetinghouse Data Communications"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MDC8021X
Program path & name:
"c:\windows\system32\drivers\mdc8021x.sys"
Enabled: [V]


Program:
"Padus(R) ASPI Shell"
Publisher:
"(Not verified) Padus Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pfc
Program path & name:
"c:\windows\system32\drivers\pfc.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"SafeDisc driver"
Publisher:
"(Not verified) Macrovision Corporation Macrovision Europe Limited and Macrovision Japan and Asia K.K."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Secdrv
Program path & name:
"c:\windows\system32\drivers\secdrv.sys"
Enabled: [V]


Program:
"WinRing0"
Publisher:
"(Verified) Noriyuki MIYAZAKI"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sensorsview32
Program path & name:
"c:\windows\system32\drivers\sensorsview32.sys"
Enabled: [V]


Program:
"Acronis Snapshot API"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
snapman
Program path & name:
"c:\windows\system32\drivers\snapman.sys"
Enabled: [V]


Program:
"SpeedFan Device Driver"
Publisher:
"(Not verified) Windows (R) 2000 DDK provider"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
speedfan
Program path & name:
"c:\windows\system32\speedfan.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sp_rsdrv2
Program path & name:
c:\windows\system32\drivers\sp_rsdrv2.sys"
Enabled: [V]


Program:
"Acronis True Image Backup Archive Explorer"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
timounter
Program path & name:
"c:\windows\system32\drivers\timntr.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wanatw
Program path & name:
File not found: System32\DRIVERS\wanatw4.sys"
Enabled: [ ]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
avgrsstarter
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"BCMLogon DLL"
Publisher:
"(Not verified) Broadcom Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
Entry name:
C:\WINDOWS\System32\BCMLogon.dll
Program path & name:
"c:\windows\system32\bcmlogon.dll"
Enabled: [V]


Program:
"Acronis Relogon Authentication Package"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
relog_ap
Program path & name:
"c:\windows\system32\relog_ap.dll"
Enabled: [V]


Program:
"PCMService MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
PCMService
Program path & name:
c:\program files\medion home cinema xl ii\powercinema\pcmservice.exe"
Enabled: [V]


Program:
"TrueImage"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TrueImageMonitor.exe
Program path & name:
"c:\program files\acronis\trueimagehome\trueimagemonitor.exe"
Enabled: [V]


Program:
"Monitor for Acronis True Image Backup Archive Explorer"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AcronisTimounterMonitor
Program path & name:
"c:\program files\acronis\trueimagehome\timountermonitor.exe"
Enabled: [V]


Program:
"Acronis Scheduler Helper"
Publisher:
"(Not verified) Acronis"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Acronis Scheduler2 Service
Program path & name:
"c:\program files\common files\acronis\schedule2\schedhlp.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
PinnacleDriverCheck
Program path & name:
c:\windows\system32\psdrvcheck.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Not verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
"LVCom Server"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LVCOMSX
Program path & name:
"c:\windows\system32\lvcomsx.exe"
Enabled: [V]


Program:
"Microsoft® Works Update Detection"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
"c:\program files\common files\microsoft shared\works shared\wkufind.exe"
Enabled: [V]


Program:
"Spyware Terminator Realtime Shield"
Publisher:
"(Not verified) Crawler.com"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpywareTerminator
Program path & name:
"c:\program files\spyware terminator\spywareterminatorshield.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"Chicony Multimedia Driver"
Publisher:
"(Not verified) Chicony"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CHotkey
Program path & name:
"c:\windows\mhotkey.exe"
Enabled: [ ]


Program:
"Chicony Multimedia Driver"
Publisher:
"(Not verified) Chicony"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ledpointer
Program path & name:
"c:\windows\cnyhkey.exe"
Enabled: [ ]


Program:
"ImageStudio Tray Application"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LogitechVideoTray
Program path & name:
"c:\program files\logitech\video\logitray.exe"
Enabled: [ ]


Program:
"Logitech QuickCam Startup Application"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LogitechVideoRepair
Program path & name:
"c:\program files\logitech\video\isstart.exe "
Enabled: [ ]


Program:
"Spyware Terminator Realtime Shield"
Publisher:
"(Not verified) Crawler.com"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpywareTerminator
Program path & name:
"c:\program files\spyware terminator\spywareterminatorshield.exe"
Enabled: [ ]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Dit
Program path & name:
c:\windows\dit.exe"
Enabled: [ ]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [ ]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre6\bin\jusched.exe"
Enabled: [ ]


Program:
"Microsoft SharePoint Portal Server Object Model"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
cdo
Program path & name:
"c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"Skype for COM API"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
skype4com
Program path & name:
"c:\program files\common files\skype\skype4com.dll"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"WinZip Executable"
Publisher:
"(Verified) WinZip Computing"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Entry name:
WinZip Quick Pick.lnk
Program path & name:
"c:\program files\winzip\wzqkpick.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Marc Pepperrell\Start Menu\Programs\Startup\AutorunsDisabled
Entry name:
GameSpot Download Manager.lnk
Program path & name:
File not found: C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe"
Enabled: [ ]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Update
Program path & name:
"c:\documents and settings\marc pepperrell\local settings\application data\google\update\googleupdate.exe"
Enabled: [V]


Program:
"PrintScreen captures the contents of the screen with a single keystroke."
Publisher:
"(Not verified) Gadwin Systems Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Gadwin PrintScreen 3.1
Program path & name:
"c:\program files\gadwin systems\printscreen\printscreen.exe"
Enabled: [ ]


Program:
"Logitech Software Update"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
LogitechSoftwareUpdate
Program path & name:
"c:\program files\logitech\video\manifestengine.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BitTorrent DNA
Program path & name:
File not found: C:\Program Files\DNA\btdna.exe"
Enabled: [ ]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
swg
Program path & name:
"c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe"
Enabled: [ ]


Program:
"Skype "
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Skype
Program path & name:
"c:\program files\skype\phone\skype.exe"
Enabled: [ ]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
Driver Robot.job
Program path & name:
File not found: C:\Program Files\Driver Robot\1.0.9.5\DriverRobot.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-2683201396-1347335408-1263696079-1007Core.job
Program path & name:
"c:\documents and settings\marc pepperrell\local settings\application data\google\update\googleupdate.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-2683201396-1347335408-1263696079-1007UA.job
Program path & name:
"c:\documents and settings\marc pepperrell\local settings\application data\google\update\googleupdate.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 6.0 for ActivieX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AcroIEHlprObj Class
Program path & name:
"c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Java(tm) Plug-In SSV Helper
Program path & name:
"c:\program files\java\jre6\bin\ssv.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar2.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Java(tm) Plug-In 2 SSV Helper
Program path & name:
"c:\program files\java\jre6\bin\jp2ssv.dll"
Enabled: [V]


Program:
"Java(TM) Quick Starter binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
JQSIEStartDetectorImpl Class
Program path & name:
"c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\3.1.807.1746\sw g.dll"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MSN helper
Program path & name:
File not found: spnmld.dll"
Enabled: [ ]


Program:
"Microsoft Web Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
"c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"IDisc Shellextension"
Publisher:
"(Not verified) Pinnacle Systems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
CD Copy Shell Extension
Program path & name:
"c:\windows\system32\shellext\cdwshext.dll"
Enabled: [V]


Program:
"IDisc Shellextension"
Publisher:
"(Not verified) Pinnacle Systems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
CD Wizard Shell Extension
Program path & name:
"c:\windows\system32\shellext\cdwshext.dll"
Enabled: [V]


Program:
"RealOne Player Shell Extensions"
Publisher:
"(Not verified) RealNetworks"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshellext.dll"
Enabled: [V]


Program:
"Crawler Spyware Terminator Shell Extension"
Publisher:
"(Not verified) Crawler.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
SPTHandler
Program path & name:
"c:\program files\spyware terminator\sptcontmenu.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"Logitech Namespace2"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
My Logitech Pictures
Program path & name:
"c:\program files\logitech\video\namespc2.dll"
Enabled: [V]


Program:
"VDMSound LaunchPad Shell Extension"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
VDMSound LaunchPad
Program path & name:
c:\program files\vdmsound\launchpad.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled
Entry name:
googletoolbar2.dll
Program path & name:
"c:\program files\google\googletoolbar2.dll"
Enabled: [ ]

EscondeR
20-10-09, 11:44
That's some Firefox Adblocking plugin swearing on some ad on Facebook, disable/reconfigure this plugin and use AdMuncher (more flexible). For now you can try proceeding - will bring you to FB don't worry.

Use Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) to kill completely (right click > Delete) those:

Program:
"Event Log Watch"
Publisher:
"(Not verified) Computer Associates"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LogWatch
Program path & name:
"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe"
Enabled: [ ]


Program:
"Manages local and remote debugging for Visual Studio debuggers"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MDM
Program path & name:
"c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
WLTRYSVC
Program path & name:
c:\windows\system32\wltrysvc.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
67c3633d
Program path & name:
c:\windows\system32\drivers\67c3633d.sys"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ArtFirewall
Program path & name:
c:\windows\system32\drivers\pfwall.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wanatw
Program path & name:
File not found: System32\DRIVERS\wanatw4.sys"
Enabled: [ ]


Program:
"Chicony Multimedia Driver"
Publisher:
"(Not verified) Chicony"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CHotkey
Program path & name:
"c:\windows\mhotkey.exe"
Enabled: [ ]


Program:
"Chicony Multimedia Driver"
Publisher:
"(Not verified) Chicony"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ledpointer
Program path & name:
"c:\windows\cnyhkey.exe"
Enabled: [ ]


Program:
"ImageStudio Tray Application"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LogitechVideoTray
Program path & name:
"c:\program files\logitech\video\logitray.exe"
Enabled: [ ]


Program:
"Logitech QuickCam Startup Application"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LogitechVideoRepair
Program path & name:
"c:\program files\logitech\video\isstart.exe "
Enabled: [ ]


Program:
"Spyware Terminator Realtime Shield"
Publisher:
"(Not verified) Crawler.com"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpywareTerminator
Program path & name:
"c:\program files\spyware terminator\spywareterminatorshield.exe"
Enabled: [ ]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Dit
Program path & name:
c:\windows\dit.exe"
Enabled: [ ]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [ ]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre6\bin\jusched.exe"
Enabled: [ ]


Program:
"Skype for COM API"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
skype4com
Program path & name:
"c:\program files\common files\skype\skype4com.dll"
Enabled: [ ]


Program:
"WinZip Executable"
Publisher:
"(Verified) WinZip Computing"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Entry name:
WinZip Quick Pick.lnk
Program path & name:
"c:\program files\winzip\wzqkpick.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Marc Pepperrell\Start Menu\Programs\Startup\AutorunsDisabled
Entry name:
GameSpot Download Manager.lnk
Program path & name:
File not found: C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe"
Enabled: [ ]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Update
Program path & name:
"c:\documents and settings\marc pepperrell\local settings\application data\google\update\googleupdate.exe"
Enabled: [V]


Program:
"PrintScreen captures the contents of the screen with a single keystroke."
Publisher:
"(Not verified) Gadwin Systems Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Gadwin PrintScreen 3.1
Program path & name:
"c:\program files\gadwin systems\printscreen\printscreen.exe"
Enabled: [ ]


Program:
"Logitech Software Update"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
LogitechSoftwareUpdate
Program path & name:
"c:\program files\logitech\video\manifestengine.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BitTorrent DNA
Program path & name:
File not found: C:\Program Files\DNA\btdna.exe"
Enabled: [ ]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
swg
Program path & name:
"c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe"
Enabled: [ ]


Program:
"Skype "
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Skype
Program path & name:
"c:\program files\skype\phone\skype.exe"
Enabled: [ ]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
Driver Robot.job
Program path & name:
File not found: C:\Program Files\Driver Robot\1.0.9.5\DriverRobot.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-2683201396-1347335408-1263696079-1007Core.job
Program path & name:
"c:\documents and settings\marc pepperrell\local settings\application data\google\update\googleupdate.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-2683201396-1347335408-1263696079-1007UA.job
Program path & name:
"c:\documents and settings\marc pepperrell\local settings\application data\google\update\googleupdate.exe"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar2.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\3.1.807.1746\sw g.dll"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MSN helper
Program path & name:
File not found: spnmld.dll"
Enabled: [ ]


Program:
"Logitech Namespace2"
Publisher:
"(Not verified) Logitech Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
My Logitech Pictures
Program path & name:
"c:\program files\logitech\video\namespc2.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled
Entry name:
googletoolbar2.dll
Program path & name:
"c:\program files\google\googletoolbar2.dll"
Enabled: [ ]


Install some decent firewall - e.g. Zone Alarm free.

Nenya awakens
20-10-09, 11:56
Ok, thanks i'll delete those. I just installed Sygate as im familiar with that.