www.tombraiderforums.com  

Go Back   www.tombraiderforums.com > Community Forums > Technical Support

Reply
 
Thread Tools
Old 05-09-12, 14:16   #1
Reggie
Tomb Raider
 
Reggie's Avatar
 
Join Date: Jan 2006
Location: Visa Versace
Posts: 22,243
Default Smart HDD Virus Please Help!

So I tried to follow these instructions:
http://www.google.co.uk/url?sa=t&rct...SaIg1mA4jcayMg

I ran rkill before Malware Bytes was left to do a full scan - this repeatedly fails to pick up on the Smart HDD virus Rkill has no problem detecting. I then tried my usual AVG software which again, did nothing.

I've already ran Unhide.exe and this has brought back my files and eradicated desktop symptoms of the virus but it is still redirecting search results online to infected websites.

Any help would be appreciated.
Reggie is offline   Reply With Quote
Old 05-09-12, 15:17   #2
dox online
Gold Membership
 
dox online's Avatar
 
Join Date: Dec 2006
Location: United Kingdom Attempting to Play: Morrowind
Posts: 2,763
Default

You must change your proxy settings back to not using a proxy. (This is an earlier step in the guide.)
This may also be the reason that Malwarebytes is not detecting the program. If it cannot update due to internet access being redirected, then it cannot download new signatures and cannot detect anything that is not in the base definition file that comes with the program. Do a manual update of Malwarebytes after doing this.
If MBAM still doesn't detect it, then skip ahead and run Hitman Pro.
__________________
Get To The Core Of The Mαtter

Last edited by dox online; 05-09-12 at 15:30.
dox online is offline   Reply With Quote
Old 05-09-12, 15:20   #3
TRfan23
Gold Membership
 
TRfan23's Avatar
 
Join Date: Dec 2007
Location: UK - Kent
Posts: 9,901
Default

Run Ardiag and post the report.
__________________
BOSE = Buy Other Sound Equipment
TRfan23 is offline   Reply With Quote
Old 05-09-12, 17:07   #4
Reggie
Tomb Raider
 
Reggie's Avatar
 
Join Date: Jan 2006
Location: Visa Versace
Posts: 22,243
Default

I did a fresh install of Opera just to be sure and the redirecting has stopped. Nothing showing up on proxies. Is that ok?

Here's the report:

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------

Code:
 
Program: 
"AVG Resident Shield Service"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name: 
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgrsa.exe"
Enabled: [V]
 
 
Program: 
"Adobe Acrobat Updater keeps your Adobe software up to date."
Publisher: 
"(Verified) Adobe Systems Incorporated"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AdobeARMservice
Program path & name: 
"c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
Enabled: [V]
 
 
Program: 
"Provides Identity Protection Against Cyber Crime."
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AVGIDSAgent
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgidsagent.exe"
Enabled: [V]
 
 
Program: 
"AVG Watchdog Service"
Publisher: 
"(Verified) AVG Technologies"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
avgwd
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
Enabled: [V]
 
 
Program: 
"Enable Bec updates"
Publisher: 
"(Verified) Birdstep Technology AB"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
BecHelperService
Program path & name: 
"c:\program files (x86)\3 mobile broadband\3connect\bechelperservice.exe"
Enabled: [V]
 
 
Program: 
"Controller service for BT Connection Manager remote access products"
Publisher: 
"(Not verified) British Telecommunications Plc."
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
BT Connection Manager
Program path & name: 
"c:\program files (x86)\bt connection manager\btomosrv.exe"
Enabled: [V]
 
 
Program: 
"Provides licensing
Publisher: 
 security and parental control services for EasyBits applications. If this service is stopped or disabled these applications will not function properly."
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
ezSharedSvc
Program path & name: 
"c:\windows\system32\ezsharedsvchost.exe"
Enabled: [V]
 
 
Program: 
"HP Support Assistant Service"
Publisher: 
"(Verified) Hewlett-Packard Company"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
HP Support Assistant Service
Program path & name: 
"c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
Enabled: [V]
 
 
Program: 
"This service monitors the wireless devices in this computer and allows the HP Wireless Assistant application to turn devices on and off."
Publisher: 
"(Verified) Hewlett-Packard Company"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
HP Wireless Assistant Service
Program path & name: 
"c:\program files\hewlett-packard\hp wireless assistant\hpwa_service.exe"
Enabled: [V]
 
 
Program: 
"HP Quick Synchronization Service"
Publisher: 
"(Verified) Hewlett-Packard Company"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
HPDrvMntSvc.exe
Program path & name: 
"c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
HPWMISVC
Program path & name: 
c:\program files\hewlett-packard\hp quick launch\hpwmisvc.exe"
Enabled: [V]
 
 
Program: 
"Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."
Publisher: 
"(Not verified) Hewlett-Packard Company"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
LightScribeService
Program path & name: 
"c:\program files (x86)\common files\lightscribe\lssrvc.exe"
Enabled: [V]
 
 
Program: 
"Malwarebytes Anti-Malware service"
Publisher: 
"(Verified) Malwarebytes Corporation"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
MBAMService
Program path & name: 
"c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
MSCamSvc
Program path & name: 
File not found: C:\Program Files\Microsoft LifeCam\MSCamS64.exe"
Enabled: [V]
 
 
Program: 
"Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
WMPNetworkSvc
Program path & name: 
File not found: C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"
Enabled: [V]
 
 
Program: 
"AVG Technologies IDS Application Activity Monitor Driver"
Publisher: 
"(Verified) AVG Technologies"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AVGIDSDriver
Program path & name: 
"c:\windows\system32\drivers\avgidsdrivera.sys"
Enabled: [V]
 
 
Program: 
"AVG Technologies IDS Application Activity Monitor Filter Driver"
Publisher: 
"(Verified) AVG Technologies"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AVGIDSFilter
Program path & name: 
"c:\windows\system32\drivers\avgidsfiltera.sys"
Enabled: [V]
 
 
Program: 
"AVG Technologies IDS Application Activity Monitor Helper Driver"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AVGIDSHA
Program path & name: 
"c:\windows\system32\drivers\avgidsha.sys"
Enabled: [V]
 
 
Program: 
"AVG AVI Loader Driver"
Publisher: 
"(Verified) AVG Technologies"
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
Avgldx64
Program path & name: 
"c:\windows\system32\drivers\avgldx64.sys"
Enabled: [V]
 
 
Program: 
"AVG Network connection watcher"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
Avgtdia
Program path & name: 
"c:\windows\system32\drivers\avgtdia.sys"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
ewusbnet
Program path & name: 
File not found: system32\DRIVERS\ewusbnet.sys"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
GEARAspiWDM
Program path & name: 
File not found: system32\DRIVERS\GEARAspiWDM.sys"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
hwusbdev
Program path & name: 
File not found: system32\DRIVERS\ewusbdev.sys"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
Entry name: 
rdpclip
Program path & name: 
File not found: rdpclip"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
SynTPEnh
Program path & name: 
File not found: C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe"
Enabled: [V]
 
 
Program: 
"Realtek OSD for Volume/Mute"
Publisher: 
"(Not verified) Realtek Semiconductor Corp."
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
RtkOSD
Program path & name: 
"c:\program files (x86)\realtek\audio\osd\rtvosd64.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
"(Not verified) Hewlett-Packard Company"
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HP Quick Launch
Program path & name: 
"c:\program files\hewlett-packard\hp quick launch\hpmsgsvc.exe"
Enabled: [V]
 
 
Program: 
"Java(TM) Platform SE binary"
Publisher: 
"(Not verified) Sun Microsystems Inc."
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
SunJavaUpdateSched
Program path & name: 
"c:\program files\java\jre6\bin\jusched.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HPWirelessAssistant
Program path & name: 
c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe"
Enabled: [V]
 
 
Program: 
"Catalyst® Control Center Launcher"
Publisher: 
"(Not verified) Advanced Micro Devices Inc."
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
StartCCC
Program path & name: 
"c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
Enabled: [V]
 
 
Program: 
"Norton Online Backup Service"
Publisher: 
"(Verified) Symantec Corporation"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
NortonOnlineBackupReminder
Program path & name: 
"c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
"(Verified) EasyBits Software AS"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
Easybits Recovery
Program path & name: 
"c:\program files (x86)\easybits for kids\ezrecover.exe"
Enabled: [V]
 
 
Program: 
"DivX Update"
Publisher: 
"(Verified) DivX LLC"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
DivXUpdate
Program path & name: 
"c:\program files (x86)\divx\divx update\divxupdate.exe"
Enabled: [V]
 
 
Program: 
"AVG Tray Monitor"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
AVG_TRAY
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgtray.exe"
Enabled: [V]
 
 
Program: 
"hpwuSchd Application"
Publisher: 
"(Verified) Hewlett-Packard Company"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HP Software Update
Program path & name: 
"c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
Enabled: [V]
 
 
Program: 
"Malwarebytes Anti-Malware"
Publisher: 
"(Verified) Malwarebytes Corporation"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
Malwarebytes' Anti-Malware
Program path & name: 
"c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
Enabled: [V]
 
 
Program: 
"Adobe Reader and Acrobat Manager"
Publisher: 
"(Verified) Adobe Systems Incorporated"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Entry name: 
Adobe ARM
Program path & name: 
"c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
Enabled: [V]
 
 
Program: 
"Safe Search pluggable protocol"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
linkscanner
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgppa.dll"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
"(Verified) Hewlett-Packard Company"
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
Entry name: 
LightScribe Control Panel
Program path & name: 
"c:\program files (x86)\common files\lightscribe\lsrunonce.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Entry name: 
WebCheck
Program path & name: 
File not found: CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Entry name: 
WebCheck
Program path & name: 
File not found: CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32"
Enabled: [V]
 
 
Program: 
"HP Advisor Dock"
Publisher: 
"(Verified) Hewlett-Packard Company"
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HPAdvisorDock
Program path & name: 
"c:\program files (x86)\hewlett-packard\hp advisor\dock\hpadvisordock.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
"(Not verified) Hewlett-Packard Company"
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
LightScribe Control Panel
Program path & name: 
"c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
WOSB
Program path & name: 
c:\users\currys\appdata\roaming\wosb_autostart_run.bat"
Enabled: [V]
 
 
Program: 
"Main program for Octoshape client"
Publisher: 
"(Verified) Octoshape"
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
Octoshape Streaming Services
Program path & name: 
"c:\users\currys\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
"(Verified) Spotify Ltd"
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
Spotify Web Helper
Program path & name: 
"c:\users\currys\appdata\roaming\spotify\data\spotifywebhelper.exe"
Enabled: [V]
 
 
Program: 
"TODO: <File description>"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
AVG Do Not Track
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgdtiea.dll"
Enabled: [V]
 
 
Program: 
"Safe Search for Internet Explorer"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
AVG Safe Search
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgssiea.dll"
Enabled: [V]
 
 
Program: 
"Java(TM) Platform SE binary"
Publisher: 
"(Not verified) Sun Microsystems Inc."
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Java(tm) Plug-In 2 SSV Helper
Program path & name: 
"c:\program files\java\jre6\bin\jp2ssv.dll"
Enabled: [V]
 
 
Program: 
"Adobe PDF Helper for Internet Explorer"
Publisher: 
"(Verified) Adobe Systems Incorporated"
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Adobe PDF Link Helper
Program path & name: 
"c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
Enabled: [V]
 
 
Program: 
"TODO: <File description>"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
AVG Do Not Track
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgdtiex.dll"
Enabled: [V]
 
 
Program: 
"DivX Web Player version 2.1.1.94"
Publisher: 
"(Verified) DivX LLC"
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
DivX Plus Web Player HTML5 <video>
Program path & name: 
"c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
Enabled: [V]
 
 
Program: 
"Safe Search for Internet Explorer"
Publisher: 
"(Verified) AVG Technologies CZ s.r.o."
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
AVG Safe Search
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgssie.dll"
Enabled: [V]
 
 
Program: 
"DivX Web Player version 2.1.1.94"
Publisher: 
"(Verified) DivX LLC"
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
DivX HiQ
Program path & name: 
"c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
Enabled: [V]
 
 
Program: 
"Java(TM) Platform SE binary"
Publisher: 
"(Verified) Sun Microsystems Inc."
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Java(tm) Plug-In SSV Helper
Program path & name: 
"c:\program files (x86)\java\jre6\bin\ssv.dll"
Enabled: [V]
 
 
Program: 
"Java(TM) Platform SE binary"
Publisher: 
"(Verified) Sun Microsystems Inc."
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Java(tm) Plug-In 2 SSV Helper
Program path & name: 
"c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
Enabled: [V]
 
 
Program: 
"EasyBits Security Shield component"
Publisher: 
"(Verified) EasyBits Software AS"
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Entry name: 
EasyBits Security Shield Hook - prevents launching insecure programs by kids
Program path & name: 
"c:\windows\syswow64\ezupbhook.dll"
Enabled: [V]
 
 
Program: 
"MyInProcServer Module"
Publisher: 
"(Verified) CyberLink"
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
NSE_WithSubFld
Program path & name: 
"c:\program files (x86)\hewlett-packard\recovery\protect.dll"
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Synaptics Control Panel
Program path & name: 
File not found: C:\Program Files (x86)\Synaptics\SynTP\SynTPCpl.dll"
Enabled: [V]
 
 
Program: 
"AMD Desktop Control Panel"
Publisher: 
"(Not verified) Advanced Micro Devices Inc."
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Display CPL Extension
Program path & name: 
"c:\program files (x86)\ati technologies\ati.ace\core-static\atiama64.dll"
Enabled: [V]
 
 
Program: 
"AMD Desktop Control Panel"
Publisher: 
"(Not verified) Advanced Micro Devices Inc."
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Catalyst Context Menu extension
Program path & name: 
"c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
Enabled: [V]
 
 
Program: 
"AVG Shell Extension"
Publisher: 
"(Verified) AVG Technologies"
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
AVG Shell Extension
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgsea.dll"
Enabled: [V]
 
 
Program: 
"7-Zip Shell Extension"
Publisher: 
"(Not verified) Igor Pavlov"
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
7-Zip Shell Extension
Program path & name: 
"c:\program files (x86)\7-zip\7-zip.dll"
Enabled: [V]
 
 
Program: 
"AVG Shell Extension"
Publisher: 
"(Verified) AVG Technologies"
Entry path: 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
AVG Shell Extension
Program path & name: 
"c:\program files (x86)\avg\avg2012\avgse.dll"
Enabled: [V]
 
 
Program: 
"PDF Shell Extension"
Publisher: 
"(Verified) Adobe Systems Incorporated"
Entry path: 
HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
Entry name: 
PDF Shell Extension
Program path & name: 
"c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]
Reggie is offline   Reply With Quote
Old 05-09-12, 17:27   #5
dox online
Gold Membership
 
dox online's Avatar
 
Join Date: Dec 2006
Location: United Kingdom Attempting to Play: Morrowind
Posts: 2,763
Default

Nothing looks to be there.
Are you having any further problems or traces of Smart HDD?
If you are, then you should update Malwarebytes and run a full scan with it.
If not, then you're probably clean.
You should still run a scan with Hitman Pro, just to be safe.
To prevent getting infected in the future, I'd recommend switching from AVG to Comodo Internet Security. Configure it as illustrated here. You may also consider using WoT for Opera, to determine the reputation of websites that you visit.
__________________
Get To The Core Of The Mαtter
dox online is offline   Reply With Quote
Old 05-09-12, 17:56   #6
EscondeR
Sage
 
EscondeR's Avatar
 
Join Date: Jan 2005
Location: Russia
Posts: 51,183
Default

Can you post the content of that file

c:\users\currys\appdata\roaming\wosb_autostart_run .bat

The entry:

Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
WOSB
Program path & name:
c:\users\currys\appdata\roaming\wosb_autostart_run .bat"
Enabled: [V]

looks fishy.

And use Kaspersky or Dr.Web instead of AVG if you can afford.
__________________
The Truth is out there...
EscondeR is offline   Reply With Quote
Old 05-09-12, 18:06   #7
dox online
Gold Membership
 
dox online's Avatar
 
Join Date: Dec 2006
Location: United Kingdom Attempting to Play: Morrowind
Posts: 2,763
Default

Quote:
Originally Posted by EscondeR View Post
Can you post the content of that file

c:\users\currys\appdata\roaming\wosb_autostart_run .bat

The entry:

Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
WOSB
Program path & name:
c:\users\currys\appdata\roaming\wosb_autostart_run .bat"
Enabled: [V]

looks fishy.

And use Kaspersky or Dr.Web instead of AVG if you can afford.
I think it may be something to do with this.
__________________
Get To The Core Of The Mαtter
dox online is offline   Reply With Quote
Old 05-09-12, 18:11   #8
Reggie
Tomb Raider
 
Reggie's Avatar
 
Join Date: Jan 2006
Location: Visa Versace
Posts: 22,243
Default

^Right, downloaded Hitman Pro which picked up on a few things.
Seems the consensus is I should update my protection as well - I'll keep that in mind.


Now that's wosb_autostart been bothering me for a long time. Its been on this thing for about a year. :/

I entered the location in and this came up:



The same as when I always log in.

I did actually attempt to try and find this file directly but had trouble doing so.

@Dox: YES haha I downloaded that a long time ago and tried to uninstall but it went all corrupted on me - hence I keep getting that message come up. Any ideas on how to get rid?

Last edited by Reggie; 05-09-12 at 18:13.
Reggie is offline   Reply With Quote
Old 05-09-12, 18:15   #9
dox online
Gold Membership
 
dox online's Avatar
 
Join Date: Dec 2006
Location: United Kingdom Attempting to Play: Morrowind
Posts: 2,763
Default

Quote:
Originally Posted by Reggie View Post
^Right, downloaded Hitman Pro which picked up on a few things.
Seems the consensus is I should update my protection as well - I'll keep that in mind.


Now that's wosb_autostart been bothering me for a long time. Its been on this thing for about a year. :/

I entered the location in and this came up:

[snip]

The same as when I always log in.

I did actually attempt to try and find this file directly but had trouble doing so.

@Dox: YES haha I downloaded that a long time ago and tried to uninstall but it went all corrupted on me - hence I keep getting that message come up. Any ideas on how to get rid?
The same as usual.
Just download Autoruns and delete the entry :
Code:
Program: 
 N/A
 Publisher: 
 N/A
 Entry path: 
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 Entry name: 
 WOSB
 Program path & name: 
 c:\users\currys\appdata\roaming\wosb_autostart_run .bat"
 Enabled: [V]
__________________
Get To The Core Of The Mαtter

Last edited by dox online; 05-09-12 at 18:16.
dox online is offline   Reply With Quote
Old 06-09-12, 11:58   #10
Reggie
Tomb Raider
 
Reggie's Avatar
 
Join Date: Jan 2006
Location: Visa Versace
Posts: 22,243
Default

Guys My computer is still running very slowly and I'm getting the re-direct problem again!

Report from rkill:

Rkill 2.3.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/06/2012 12:49:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Program Files\Java\jre6\bin\jusched.exe (PID: 3952) [FI]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/06/2012 12:49:59 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

Double checking proxy settings, this is what I'm seeing:

Reggie is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT. The time now is 01:39.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.