Announcement

Collapse
No announcement yet.

Got stumped on a bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Got stumped on a bug

    I'm usually pretty good about not picking up nasties on the web, but I got a tough one today.

    I've had great success with AdAware + Spybot S&D + hijackthis, but they aren't working on this one.

    Sad part is that I got a couple emails warning about this one but forgot all about them this morning when checking email. Got a message from an old high school friend through facebook about 'being in the news' or something similar. Clicked on it for video & was prompted to update Adobe Flash player which I did - & invited in the bug apparently.

    Whatever this thing is, it won't let me search the net for info about it. One of the 4 new processes it created when it first ran was called freddy73.exe. When I google that, I see some topics but if I click on any, I get redirected to silly websites. Anyway, nothing odd shows up under processes tab in task manager, nothing oddball in HJT report, but the bug is still there. It was promting to run a BS virus scan but that has ceased, so HJT has done something.

    I use firefox primarily & it is now incredibly slow. Windows defender & Spybot won't run because it blocks them from downloading updates. Adaware runs but can't get new deinitions so it's missing this thing too.

    I hate to do a reinstall, but am thinking I might be low on options since it won't let me d/l anything that will make it go away. Smart bug, but definetly annoying.

    Running Vista 32

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:05:05 PM, on 11/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O15 - Trusted Zone: *.alpineaccess.com
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://employee.alpineaccess.com/vd...,2009,820,1617
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://employee.alpineaccess.com/vd...,2009,811,2213
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://employee.alpineaccess.com/vd...2009,0828,1616
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://employee.alpineaccess.com/vd...,2009,828,1610
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://employee.alpineaccess.com/vd...,2009,828,1606
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\Windows\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.<br /><br />-- Benjamin Franklin

  • #2
    Re: Got stumped on a bug

    try this:
    http://74.125.95.132/search?q=cache:...&ct=clnk&gl=us
    VERITAS VINCIT
    A CRUCE SALUS

    Comment


    • #3
      Re: Got stumped on a bug

      That sees the issue but doesn't tell me how to get rid of it.

      I took a bunch of crap out of registry & hidden drivers so far, but still have this bug.

      This thing is like the swine flu of PCs.

      I got malwarebytes to d/l & have it running now. hasn't found anything so far, but is still scanning...

      I'll try manually removing the highlighted registry stuff from the link you provided - which did open up just fine & quickly, so maybe I'm making progress. I set TCP/IP settings to autodetect DNS & did ipconfig /flush & I think that at least has given me some control back as to what pages I can visit.
      They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.<br /><br />-- Benjamin Franklin

      Comment

      Working...
      X