 Log Looks Dirty, Lots of svchost's and one takes alot of Mem in task manager. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 13 2007, 02:53 PM
Post
#16
|
|
|
Forum Addict  Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920  |
 |
 |
 
|
|
Jul 13 2007, 02:54 PM
Post
#17
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
Hello, I'm sUBs. I apologise for making that stupid tool, ComboFix that's currently tormenting you
I have something for you to try. This is what would like you to do: Please read these instructions carefully, and ask any questions you might have before proceeding. Take care to follow the instructions precisely. Delete your existing version of ComboFix. Download combofix.exe to your desktop. Then download this file: http://download.bleepingcomputer.com/sUBs/.../CF-Collect.zip There's 2 files within:
Do not run ComboFix.exe. Instead run 1.exe first by doubleclicking on it. A black DOS window appears. If it runs to completion, a ComboFix.txt log will be produced. There's no need to run 2.exe. Post that log. If DOS window from 1.exe doesn't produce log after 15 minutes OR if DOS window closes on it's own without producing a log, run 2.exe , (without closing the first window), by doubleclicking on it. It will produce a zipped file named catchme.zip which will be located on your desktop. If you needed to run 2.exe, please then upload the catchme.zip file located on your desktop to this site: http://www.bleepingcomputer.com/submit-malware.php?channel=4 and be sure to include a link to this topic in the message. This post has been edited by sUBs: Jul 13 2007, 02:55 PM |
|
|
|
|
Jul 13 2007, 07:04 PM
Post
#18
|
|
 Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
Another failed attempt.
 I deleted combofix from my desktop and the folder in C:\ then re downloaded combofix and the 1.exe and 2.exe. Like instructed. Ran 1.exe from my desktop and waited a good 30mins and the DOS window just sat there staring at me the whole time.  So i ran 2.exe and waited for it to make catchme.exe and now I have uploaded it. I'm totally stumped. -------------------- |
|
|
|
|
Jul 13 2007, 07:06 PM
Post
#19
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
Thank you for submitting the file. Please allow me some time to go through it. I shall reply later.
|
|
|
|
|
Jul 13 2007, 08:18 PM
Post
#20
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
Alright Justin, I made you a file --> http://download.bleepingcomputer.com/sUBs/..._for_justin.exe
This file is a little subroutine taken from ComboFix. It attempts to simulate what ComboFix was doing when it hung. Double click to run the file. You shall see series of text scrolling past the screen. When it comes to the part where ComboFix stalled, it shall stop at that particular line. I need you to copy down the last 2 lines on the screen & post it here. Thanks |
|
|
|
|
Jul 14 2007, 12:18 AM
Post
#21
|
|
|
Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
Oh wow, I think the problem all along may have been that i was not running the scan long enough. Maybe I'm wrong, I dont know.. =)
This file you gave me took about 3 hours to get done and the last 2 lines where "pause" "Press any key to continue . . ." I attached a screen shot of the DOS window. This post has been edited by ibLah: Jul 14 2007, 12:22 AM
Attached File(s)
-------------------- |
|
|
|
|
Jul 14 2007, 01:37 AM
Post
#22
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
That's just wierd. It should take at most 2-3 minutes to complete. Did it at any stage appear to stall for a moment?
Do me a favor & run it again. When it appears to stall for a few secs, mouse click on the screen to pause it. |
|
|
|
|
Jul 14 2007, 03:19 AM
Post
#23
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
@Justin, what is this program C:\ibLabbo\ibLabbo hoteL\server.exe, for?
|
|
|
|
|
Jul 14 2007, 03:01 PM
Post
#24
|
|
|
Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
iblabbo is the name of a habbohotel retro server I run.
Its like a game server and thats probly where its taking so long to scan, because instead of using a database like MSSQL it just makes a file for all the info. :S I deleted as much of it as I could. Also the scanner stalls at a few files in C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5. Is it ok to delete that folder? Should I just let combofix run over night? -------------------- |
|
|
|
|
Jul 15 2007, 03:49 PM
Post
#25
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
iblah, how are things on your side? Still getting ComboFix hangs?
If it still persist, I will have to make you a special copy of ComboFIx that'll skip that subroutine. This post has been edited by sUBs: Jul 15 2007, 03:51 PM |
|
|
|
|
Jul 15 2007, 06:36 PM
Post
#26
|
|
|
Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
Tonight I will turn it on before I go to bed and will let you know how it goes in the morning.
I have not had time to run it lately. -------------------- |
|
|
|
|
Jul 16 2007, 06:47 AM
Post
#27
|
|
|
Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
It Worked.
 Heres Combofix log and HJT log. "Justin" - 2007-07-16 1:25:04 - ComboFix 07-07-14.3 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\winupdates C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\nm -------\NPF ((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 ))))))))))))))))))))))))))))))) 2007-07-14 23:25 <DIR> d-------- C:\Jabbo 2007-07-11 16:55 <DIR> d-------- C:\Program Files\Habbzo.co.uk 2007-07-11 16:36 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\Habbzo.co.uk 2007-07-11 13:24 <DIR> d-------- C:\Deckard 2007-07-10 01:24 42,496 --a------ C:\WINDOWS\system32\libusb0.dll 2007-07-10 01:24 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2007-07-08 18:21 <DIR> d-------- C:\Program Files\TightVNC 2007-07-08 10:11 <DIR> d-------- C:\DOCUME~1\MAXORL~1\APPLIC~1\Talkback 2007-07-07 21:57 <DIR> d-------- C:\magistral 2007-07-07 20:26 <DIR> d-------- C:\Program Files\EtherDetect 2007-07-07 18:35 <DIR> d-------- C:\No-IP 2007-07-07 16:51 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-06 20:23 <DIR> d-------- C:\PrecessExplorer 2007-07-06 18:35 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-07-02 15:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-07-02 15:18 <DIR> d-------- C:\Program Files\Bonjour 2007-07-02 14:57 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-07-02 08:35 <DIR> d-------- C:\DOCUME~1\MAXORL~1\APPLIC~1\Help 2007-07-02 08:33 <DIR> d-------- C:\Program Files\TimeSink 2007-07-02 08:07 <DIR> d-------- C:\DOCUME~1\MAXORL~1\WINDOWS 2007-07-02 08:06 <DIR> d-------- C:\DOGZ.MAX 2007-07-02 08:02 26,112 --a------ C:\WINDOWS\system\WAVEMIX.DLL 2007-07-02 08:01 <DIR> d-------- C:\ODDBALLZ.MAX 2007-07-02 07:57 <DIR> d-------- C:\CATZ.MAX 2007-06-30 15:29 <DIR> d-------- C:\Program Files\WinPcap 2007-06-26 19:27 <DIR> d-------- C:\Program Files\Notepad++ 2007-06-26 19:27 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\Notepad++ 2007-06-25 14:44 <DIR> d-------- C:\ibLabbo 2007-06-22 21:39 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\My Games 2007-06-22 20:46 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\Firaxis Games 2007-06-22 20:13 <DIR> d-------- C:\Program Files\Steam 2007-06-22 20:04 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-06-22 17:32 <DIR> d-------- C:\Program Files\Guild Wars 2007-06-21 11:44 <DIR> d-------- C:\Program Files\Lineage II 2007-06-20 23:01 <DIR> d-------- C:\Program Files\IGN 2007-06-20 23:01 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\IGN_DLM 2007-06-19 17:59 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\CrystalSpace 2007-06-19 17:59 <DIR> d-------- C:\DOCUME~1\Justin\APPLIC~1\CrystalApp 2007-06-18 14:00 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-16 00:30:04 -------- d-----w C:\DOCUME~1\Justin\APPLIC~1\Azureus 2007-07-15 11:00:30 -------- d-----w C:\Program Files\Big Kahuna Reef 2 2007-07-06 23:03:42 -------- d-----w C:\Program Files\Common Files\SourceTec 2007-07-06 22:55:47 -------- d-----w C:\Program Files\Crimson Editor 2007-07-02 14:32:56 -------- d-----w C:\Program Files\MSN Messenger 2007-06-30 06:42:14 -------- d-----w C:\Program Files\Azureus 2007-06-22 21:29:24 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-21 14:48:47 -------- d-----w C:\Program Files\Kids Cam Show and Share Creativity Center 2007-06-21 00:34:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-12 21:55:01 14,336 ----a-w C:\WINDOWS\system32\shell64.dll 2007-06-11 22:59:03 238 ----a-w C:\WINDOWS\Stop_BigApache.cmd 2007-06-11 19:12:24 -------- d-----w C:\Program Files\FileZilla Server 2007-06-10 23:05:10 -------- d-----w C:\Program Files\No-IP 2007-06-10 19:41:52 -------- d-----w C:\Program Files\Microsoft SQL Server 2007-05-27 05:26:42 1,210,960 ----a-w C:\WINDOWS\Haste MuOnline Uninstaller.exe 2007-05-26 20:16:14 -------- d-----w C:\Program Files\Sol Edit 2007-04-17 20:58:08 249,856 ------w C:\WINDOWS\Setup1.exe 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll Logfile of HijackThis v1.99.1 Scan saved at 07:45, on 2007-07-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\No-IP\DUC20.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Shortcut to DUC20.exe.lnk = C:\No-IP\DUC20.exe O4 - Global Startup: Habbzo Hotel Auto-Start.exe.lnk = C:\Program Files\Habbzo\Habbzo Hotel Emulator ~ Release 8.6.0.0.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{729F5C05-D1D1-489B-BFA2-0E33112B0160}: NameServer = 66.181.124.254,66.181.127.131 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) -------------------- |
|
|
|
|
Jul 19 2007, 11:08 AM
Post
#28
|
|
|
Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
Hmm..
Are you guys still there? Did i do something wrong or miss something? =/ -------------------- |
|
|
|
|
Jul 19 2007, 11:36 AM
Post
#29
|
|
|
Forum Addict Group: HJT Team Posts: 2,153 Joined: 19-May 05 Member No.: 20,675 |
Sorry bout that. I didn't receive notification of your last reply.
Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner Answer Yes, when prompted to install an ActiveX component.
It does not provide an option to clean/disinfect. * If you're downloading torrents in the background, please disconnect all of them. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. |
|
|
|
|
Jul 25 2007, 11:55 AM
Post
#30
|
|
|
Member Group: Members Posts: 23 Joined: 6-July 07 From: United States of America Member No.: 141,867 |
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Wednesday, July 25, 2007 12:53:08 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 25/07/2007 Kaspersky Anti-Virus database records: 367514 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ E:\ G:\ Scan Statistics: Total number of scanned objects: 572845 Number of viruses found: 17 Number of infected objects: 54 Number of suspicious objects: 0 Duration of the scan process: 03:15:49 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6ccffeebf26f3b53bf560ce3ebc894a3_0b3c4895-e7eb-4be9-822c-ef16168a7cec Object is locked skipped C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\Justin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Justin\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Justin\Desktop\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Justin\Desktop\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Justin\Desktop\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\ibllah@gmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\ibllah@gmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\ibllah@gmail.com\SharingMetadata\Working\database_2630_3BB_3003_90CB\dfsr.db Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\ibllah@gmail.com\SharingMetadata\Working\database_2630_3BB_3003_90CB\fsr.log Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\ibllah@gmail.com\SharingMetadata\Working\database_2630_3BB_3003_90CB\fsrtmp.log Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\ibllah@gmail.com\SharingMetadata\Working\database_2630_3BB_3003_90CB\tmp.edb Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows Live Contacts\ibllah@gmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows Live Contacts\ibllah@gmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Justin\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Justin\Local Settings\History\History.IE5\MSHist012007072420070725\index.dat Object is locked skipped C:\Documents and Settings\Justin\Local Settings\History\History.IE5\MSHist012007072520070726\index.dat Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temp\~DF66C4.tmp Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temp\~DF6704.tmp Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temp\~DF8D13.tmp Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temp\~DF8D21.tmp Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temp\~DFF91C.tmp Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temp\~DFFA5D.tmp Object is locked skipped C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Justin\ntuser.dat Object is locked skipped C:\Documents and Settings\Justin\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Desktop\BearShareV6.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped C:\Documents and Settings\Owner\Desktop\BearShareV6.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped C:\Documents and Settings\Owner\Desktop\BearShareV6.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped C:\Documents and Settings\Owner\Desktop\BearShareV6.exe WiseSFX: infected - 3 skipped C:\Documents and Settings\Owner\Desktop\BearShareV6.exe WiseSFX Dropper: infected - 3 skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\eGames\BlastThru\Game\bt.exe Infected: Trojan-Dropper.Win32.Agent.zc skipped C:\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\mIRC\6.21\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\mIRC\6.21\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\mIRC\6.21\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\mIRC\6.21\mirc621.exe NSIS: infected - 2 skipped C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\No-IP\DUC - Justin.log Object is locked skipped C:\Program Files\DAP\History\Owner\_lasthist.dat Object is locked skipped C:\Program Files\EtherDetect\EtherD.exe Infected: not-a-virus:NetTool.Win32.EtherDetect skipped C:\Program Files\Mozilla Firefox\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\Mozilla Firefox\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\Mozilla Firefox\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\Mozilla Firefox\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\Mozilla Firefox\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped C:\Program Files\TimeSink\AdGateway\TSAdBot.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped C:\PSP\PVNC\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped C:\PSP\PVNC\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped C:\PSP\PVNC\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped C:\PSP\RemotejoySDLGUI\RemotejoySDLGUI\PC\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\PSP\RemotejoySDLGUI.zip/RemotejoySDLGUI/PC/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\PSP\RemotejoySDLGUI.zip ZIP: infected - 1 skipped C:\RECYCLER\S-1-5-21-507921405-1229272821-725345543-1003\Dc36.exe/data0006 Infected: not-a-virus:FraudTool.Win32.SpywareHeal.21 skipped C:\RECYCLER\S-1-5-21-507921405-1229272821-725345543-1003\Dc36.exe NSIS: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{53EE3A1C-EE1E-4B1F-A1CB-95E291CE2E6B}\RP145\A0050825.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{53EE3A1C-EE1E-4B1F-A1CB-95E291CE2E6B}\RP146\change.log Object is locked skipped C:\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped C:\vnc-4_1_2-x86_win32.zip/vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32.zip/vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32.zip/vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32.zip/vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32.zip/vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-4_1_2-x86_win32.zip ZIP: infected - 5 skipped C:\vnc-E4_2_9-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\vnc-E4_2_9-x86_win32.exe Inno: infected - 1 skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\gtg293.exe/file1 Infected: Trojan.Win32.Delf.px skipped C:\WINDOWS\gtg293.exe/file2 Infected: Trojan.Win32.Delf.px skipped C:\WINDOWS\gtg293.exe Inno: infected - 2 skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd4525.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\NTInvisible.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped C:\WINDOWS\system32\shell64.dll Infected: Backdoor.Win32.IRCBot.od skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TSAd.dll_tobedeleted_old Infected: not-a-virus:AdWare.Win32.TimeSink.c skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. -------------------- |
|
|
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th July 2009 - 06:29 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.