Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Something


  • Please log in to reply
35 replies to this topic

#1 darko886

darko886

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 27 July 2007 - 05:47 PM

Hello, I don't know where I got infected and my norton nor my adaware would not detect anything, so I did a HijackThis scan, and this is what it came up with:

By the way, I get tons of popups directing me to varius websites, and I also get audio playing when there is nothing open on the screen (I have to goto the task manager processes and terminate every IEXPLORE.exe and it will turn the sound off, seems like it opens internet explorers in the background)


Logfile of HijackThis v1.99.1
Scan saved at 6:38:07 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\yuekifec.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://203.86.233.52:8443/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{844E5C51-9663-4809-86CD-8C93D781E496}: NameServer = 192.168.2.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


Any help would be appreciated


Thanks!
Darko

BC AdBot (Login to Remove)

 


#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:07:59 PM

Posted 27 July 2007 - 10:09 PM

Hello darko886,

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#3 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 28 July 2007 - 12:00 AM

"Niko Nikic" - 2007-07-28 0:48:00 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.bak2
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\vybeg.tmp
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.bak2
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\vybeg.tmp
C:\WINDOWS\system32\gebyv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\NIKONI~1\Desktop\internet.lnk
C:\WINDOWS\144.exe
C:\WINDOWS\httpconf.dat


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


2007-07-28 17:08 <DIR> d-------- C:\Program Files\QuickTime
2007-07-28 02:11 31,254 --a------ C:\WINDOWS\system32\qomnkhh.dll
2007-07-28 00:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 00:10 <DIR> d-------- C:\DOCUME~1\NIKONI~1\Shared
2007-07-28 00:10 <DIR> d-------- C:\DOCUME~1\NIKONI~1\Incomplete
2007-07-28 00:10 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\LimeWire
2007-07-27 21:53 <DIR> d-------- C:\Program Files\Install Creator
2007-07-27 21:51 <DIR> d-------- C:\Program Files\Patch Maker
2007-07-27 21:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1.LUD\APPLIC~1\Likno
2007-07-27 21:04 524,288 --ah----- C:\DOCUME~1\ADMINI~1.LUD\NTUSER.DAT
2007-07-27 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-27 17:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-27 17:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-27 17:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-27 17:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-27 17:28 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-27 17:26 126,016 --a------ C:\WINDOWS\system32\yuekifec.dll
2007-07-27 17:23 69,184 --a------ C:\WINDOWS\system32\wwchnonn.dll
2007-07-27 15:23 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-27 15:23 <DIR> d-------- C:\Fraps
2007-07-27 12:08 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-27 00:56 388 --a------ C:\WINDOWS\urls.dat
2007-07-26 00:05 <DIR> d-------- C:\Program Files\Microsoft Games
2007-07-25 17:24 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-25 17:24 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\Talkback
2007-07-25 17:23 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2007-07-24 22:42 2,621,440 --a------ C:\DOCUME~1\NIKONI~1\ntuser.dat
2007-07-24 22:33 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-07-24 22:33 <DIR> d-------- C:\Program Files\SWiSHmax
2007-07-23 14:27 49,152 --a------ C:\WINDOWS\system32\MSCDRUN.DLL
2007-07-23 13:53 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-07-23 13:53 153,088 --a------ C:\WINDOWS\UNWISE.EXE
2007-07-23 13:53 <DIR> d-------- C:\Program Files\AllWebMenus4
2007-07-23 13:53 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\Likno
2007-07-23 13:34 13 C:\DOCUME~1\ALLUSE~1\APPLIC~1\YA>O3113>.sys
2007-07-23 13:34 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-23 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-07-22 15:00 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-22 15:00 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-22 15:00 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-22 15:00 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-22 15:00 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-22 15:00 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-22 12:33 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-22 12:33 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-22 12:33 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-22 12:33 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-22 12:33 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-22 12:33 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-22 00:07 <DIR> d-------- C:\Program Files\THQ
2007-07-22 00:00 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-22 00:00 <DIR> dr-h----- C:\DOCUME~1\NIKONI~1\APPLIC~1\SecuROM
2007-07-21 20:51 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-21 20:51 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-21 20:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-21 18:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-07-21 18:54 <DIR> d-------- C:\Program Files\DkZ Studio
2007-07-21 18:42 <DIR> d-------- C:\Program Files\KONAMI
2007-07-21 15:23 <DIR> d-------- C:\Program Files\WorldUnlock Codes Calculator
2007-07-21 13:10 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\Sports Interactive
2007-07-21 12:56 <DIR> d-------- C:\Program Files\Sports Interactive
2007-07-21 10:32 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\Corel
2007-07-21 10:31 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-07-21 10:30 88 -r-hs---- C:\WINDOWS\system32\A5CD172802.sys
2007-07-21 10:30 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-21 10:29 <DIR> d-------- C:\Program Files\Corel
2007-07-20 23:26 <DIR> d-------- C:\Program Files\Xfire
2007-07-20 23:26 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\Xfire
2007-07-20 22:48 <DIR> d-------- C:\Program Files\Audacity
2007-07-20 22:46 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-20 21:56 <DIR> d-------- C:\Program Files\Download Manager
2007-07-20 21:56 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\IGN_DLM
2007-07-20 19:57 <DIR> d-------- C:\WINDOWS\E31C348B63A94CBF8D7FD932ABB63244.TMP
2007-07-20 19:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-20 19:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 19:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-20 19:08 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\WinRAR
2007-07-20 18:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-20 18:50 <DIR> d-------- C:\Program Files\Bonjour
2007-07-20 18:45 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-20 18:32 <DIR> d-------- C:\Program Files\Whisper Technology
2007-07-20 13:26 <DIR> d-------- C:\Program Files\BitTornado
2007-07-20 13:26 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\.BitTornado
2007-07-20 11:23 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-07-20 11:23 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-07-20 11:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-07-20 11:23 <DIR> d-------- C:\Program Files\D-Tools
2007-07-20 11:01 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-07-20 11:01 <DIR> d-------- C:\DOCUME~1\NIKONI~1\APPLIC~1\teamspeak2
2007-07-19 21:31 <DIR> d--hs---- C:\RECYCLER
2007-07-19 16:12 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-19 16:12 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-19 16:12 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-07-19 16:11 <DIR> d-------- C:\Program Files\Symantec
2007-07-19 16:11 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-19 16:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-19 15:29 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-19 15:24 <DIR> d---s---- C:\DOCUME~1\NIKONI~1\UserData
2007-07-19 15:08 <DIR> dr------- C:\DOCUME~1\NIKONI~1\APPLIC~1\Brother
2007-07-19 15:07 81,920 --a------ C:\WINDOWS\system32\BrWebIns.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 04:56:44 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-07-20 17:26:22 -------- d-----w C:\DOCUME~1\NIKONI~1\APPLIC~1\.BitTornado
2007-07-19 20:12:49 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-19 20:12:49 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-27 02:27:54 44,240 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-27 01:59:38 344,064 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-27 01:58:35 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-06-27 01:58:17 2,303,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-27 01:56:43 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-27 01:51:21 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-27 01:51:09 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-27 01:51:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-27 01:50:54 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-27 01:50:42 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-27 01:49:21 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-27 01:48:32 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-27 01:44:55 8,232,960 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-27 01:41:08 2,940,992 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-06-27 01:31:03 1,519,744 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-06-27 01:30:45 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-27 01:30:45 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-27 01:30:45 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-27 01:19:33 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-27 01:17:35 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-27 01:16:12 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-27 01:15:32 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-27 01:14:30 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-27 01:10:32 376,832 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-06-05 17:40:44 149,278 ----a-w C:\WINDOWS\system32\atiicdxx.dat
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
2007-07-28 02:11 31254 --a------ C:\WINDOWS\system32\qomnkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-27 17:23 69184 --a------ C:\WINDOWS\system32\wwchnonn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 06:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 22:05]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-26 01:00]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-28 17:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-07-19 15:07:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3964D8D6-86D0-493A-B460-A805B5401114}"= C:\WINDOWS\system32\qomnkhh.dll [2007-07-28 02:11 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnkhh]
qomnkhh.dll 2007-07-28 02:11 31254 C:\WINDOWS\system32\qomnkhh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6591845-35fd-11dc-88bf-806d6172696f}]
AutoRun\command- D:\ASUSACPI.exe


Contents of the 'Scheduled Tasks' folder
2007-07-24 01:25:29 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Niko Nikic.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 00:54:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 0:55:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-28 00:55

--- E O F ---






and new hijackthis scan:




Logfile of HijackThis v1.99.1
Scan saved at 12:59:09 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\qomnkhh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\wwchnonn.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://203.86.233.52:8443/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{844E5C51-9663-4809-86CD-8C93D781E496}: NameServer = 192.168.2.1
O20 - Winlogon Notify: qomnkhh - C:\WINDOWS\SYSTEM32\qomnkhh.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe




by the way, i just did a couple of spybot searches and it keeps finding things and i delete them and do a scan right afterwards and it finds the same things again... I tried it in safe mode and it didnt find anything.

#4 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 28 July 2007 - 01:34 AM

ohh, and the things it finds in spybot include DoubleClick, FastClick, MediaPlex.

#5 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 28 July 2007 - 11:57 AM

Hi, can anyone please help me with this, it is getting really really frustrating

#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:07:59 PM

Posted 28 July 2007 - 12:11 PM

Hello darko886,

Please don't bump your post, it will only delay a reply from me. I assure you this is not easy work we do here, please be patient for a response.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\qomnkhh.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\wwchnonn.dll
O20 - Winlogon Notify: qomnkhh - C:\WINDOWS\SYSTEM32\qomnkhh.dll


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6591845-35fd-11dc-88bf-806d6172696f}]

Save it to your desktop as fix133.reg and as Type "All files"
Double click on fix133.reg and allow when prompted to let it merge with the registry.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\qomnkhh.dll
C:\WINDOWS\system32\wwchnonn.dll
C:\WINDOWS\system32\yuekifec.dll
C:\WINDOWS\urls.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAŽ>O3113>.sys
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Edited by __RiP_ChAiN_, 28 July 2007 - 12:22 PM.

Posted Image

#7 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 28 July 2007 - 12:30 PM

Hi, sorry for bumping, i thought you forgot about me :thumbsup:.... Anyway, I did what you said and here are the new 2 logs (btw the things you asked me to check in hijackthis and fix were not there when i scanned)

Logfile of HijackThis v1.99.1
Scan saved at 1:27:29 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\cnloakln.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://203.86.233.52:8443/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{844E5C51-9663-4809-86CD-8C93D781E496}: NameServer = 192.168.2.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe




and the other log



DllUnregisterServer procedure not found in C:\WINDOWS\system32\qomnkhh.dll
C:\WINDOWS\system32\qomnkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\qomnkhh.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\wwchnonn.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yuekifec.dll
C:\WINDOWS\system32\yuekifec.dll NOT unregistered.
C:\WINDOWS\system32\yuekifec.dll moved successfully.
C:\WINDOWS\urls.dat moved successfully.
File/Folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAŽ>O3113>.sys not found.

Created on 07/28/2007 13:29:41

#8 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:07:59 PM

Posted 28 July 2007 - 12:38 PM

Hello darko886,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\cnloakln.dll",sitypnow

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\cnloakln.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#9 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 28 July 2007 - 01:00 PM

OTMoveIt

DllUnregisterServer procedure not found in C:\WINDOWS\system32\cnloakln.dll
C:\WINDOWS\system32\cnloakln.dll NOT unregistered.
C:\WINDOWS\system32\cnloakln.dll moved successfully.

Created on 07/28/2007 13:59:37


HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:00:19 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://203.86.233.52:8443/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{844E5C51-9663-4809-86CD-8C93D781E496}: NameServer = 192.168.2.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#10 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:07:59 PM

Posted 28 July 2007 - 01:17 PM

Hello darko886,

Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.
Posted Image

#11 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 28 July 2007 - 06:04 PM

Ok, I did that and deleted some spyware and trojans but I still get a whole bunch of popups and stuff....

#12 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:07:59 PM

Posted 28 July 2007 - 09:52 PM

Can you post the log it produced?
Posted Image

#13 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 29 July 2007 - 11:02 AM

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=LUDI
Time=Sat Jul 28 22:33:35 2007
Product Version=3, 0, 1, 25
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Windows Shell Settings: Found '{3964D8D6-86D0-493A-B460-A805B5401114}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks'
Started Backup
Finished Backup
Started Cleaning
UnregisterDll - Using Regsvr32.exe. Cmd='C:\WINDOWS\system32\regsvr32.exe /u /s "C:\WINDOWS\system32\qomnkhh.dll"'
Windows Shell Settings: Cleaned '{3964D8D6-86D0-493A-B460-A805B5401114}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks'
Finished Cleaning
Windows Shell Settings: Found '{3964D8D6-86D0-493A-B460-A805B5401114}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks'
Started Scanning
Internet Cookies
Internet Cookies: Found 'sb.pch.com' in 'Internet Explorer Cache'
Internet Cookies: Found '2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'about.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'adultfriendfinder.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'atdmt.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'atwola.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'com.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'edge.ru4.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'exitexchange.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'indiads.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'msnportal.112.2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'realmedia.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'sb.pch.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'tacoda.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'trafficmp.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'tribalfusion.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Internet Cookies: Cleaned 'sb.pch.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned '2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'about.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'ads.pointroll.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'adultfriendfinder.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'atdmt.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'atwola.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'com.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'edge.ru4.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'exitexchange.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'indiads.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'msnportal.112.2o7.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'realmedia.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'sb.pch.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'tacoda.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'trafficmp.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'tribalfusion.com' in 'Internet Explorer Cache'
Finished Cleaning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Internet Browser History
Delete History Items on Startup: Cleaned 'Internet Browser History' in ''
AOL URL History
Delete History Items on Startup: Cleaned 'AOL URL History' in ''
Media Player history
Delete History Items on Startup: Cleaned 'Media Player history' in ''
RealPlayer History
Delete History Items on Startup: Cleaned 'RealPlayer History' in ''
Windows common dialog recently used file list
Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in ''
Windows Search History
Delete History Items on Startup: Cleaned 'Windows Search History' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Windows Document History
Delete History Items on Startup: Cleaned 'Windows Document History' in ''
Windows Run History
Delete History Items on Startup: Cleaned 'Windows Run History' in ''
Recycle Bin
Delete History Items on Startup: Cleaned 'Recycle Bin' in ''
Start Menu Order/Click History
Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in ''
MS Download Temp Directory
Delete History Items on Startup: Cleaned 'MS Download Temp Directory' in ''
Google Search History
Delete History Items on Startup: Cleaned 'Google Search History' in ''
Winzip Recent File List
Delete History Items on Startup: Cleaned 'Winzip Recent File List' in ''
Adobe Acrobat recent file list
Delete History Items on Startup: Cleaned 'Adobe Acrobat recent file list' in ''
Microsoft Word recent file list
Delete History Items on Startup: Cleaned 'Microsoft Word recent file list' in ''
Microsoft Excel recent file list
Delete History Items on Startup: Cleaned 'Microsoft Excel recent file list' in ''
Microsoft PowerPoint recent file list
Delete History Items on Startup: Cleaned 'Microsoft PowerPoint recent file list' in ''
Microsoft Access recent file list
Delete History Items on Startup: Cleaned 'Microsoft Access recent file list' in ''
Internet Explorer Auto-complete data
Delete History Items on Startup: Cleaned 'Internet Explorer Auto-complete data' in ''
Jasc Paint Shop Pro History
Delete History Items on Startup: Cleaned 'Jasc Paint Shop Pro History' in ''
AOL Instant Messenger Recent Users
Delete History Items on Startup: Cleaned 'AOL Instant Messenger Recent Users' in ''
AOL Instant Messenger Download Folder
Delete History Items on Startup: Cleaned 'AOL Instant Messenger Download Folder' in ''
Yahoo Messenger User Profiles
Delete History Items on Startup: Cleaned 'Yahoo Messenger User Profiles' in ''
Yahoo Messenger Transaction Log
Delete History Items on Startup: Cleaned 'Yahoo Messenger Transaction Log' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning
Services: Found 'Ares Chatroom server' in ''
Program Startup Areas: Found 'ares' in 'S-1-5-21-1229272821-1482476501-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
--------------------------------- Anti-Spyware session ended ---------------------------------


thanks

#14 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:07:59 PM

Posted 29 July 2007 - 12:08 PM

This does not appear to be a log from AVG Anti-Spyware, try posting it again. It should be located here: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\Report-Scan-20060620-142816.txt (It should look similiar to the log on the left.)

Edited by __RiP_ChAiN_, 29 July 2007 - 12:08 PM.

Posted Image

#15 darko886

darko886
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 29 July 2007 - 01:39 PM

sorry, wrong report, anyway, i guess this is it... I didnt have anything in the reports folder but i clicked on reports in the actual program and this is what I got


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:06:15 PM 7/28/2007

+ Scan result:



C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@e-2dj6wjnyandzcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Niko Nikic\Cookies\niko nikic@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users