Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
30 replies to this topic

#1 nnev3

nnev3

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 07 October 2007 - 05:43 AM

Please help me with this someone i'm sure i have a browser hijacker and i've no idea what this all means.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:08, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187270499872
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187270481736
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CC6E506-6E32-4BAE-97AC-4A8F929E208A}: NameServer = 212.139.132.6 212.139.132.7
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4333 bytes

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 07 October 2007 - 06:02 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please include the Combofix.txt in your next reply along with a fresh HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 October 2007 - 11:46 AM

Combo thing log-

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 16:56 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\BitTorrent
2007-09-14 17:34 --------- d-----w C:\Program Files\DivX
2007-09-11 17:00 --------- d-----w C:\Program Files\ActivationManager
2007-09-11 14:57 --------- d-----w C:\Program Files\NCH Swift Sound
2007-09-11 14:56 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\NCH Swift Sound
2007-09-05 15:08 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-09-05 15:08 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-09-04 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-04 16:08 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\DivX
2007-09-03 17:53 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\Audacity
2007-09-03 17:07 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\ICAClient
2007-09-03 17:06 --------- d-----w C:\Program Files\Citrix
2007-09-03 13:30 --------- d-----w C:\Program Files\QuickTime
2007-09-03 13:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-03 13:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-03 13:27 --------- d-----w C:\Program Files\Apple Software Update
2007-09-03 11:59 --------- d-----w C:\Program Files\MSN Messenger
2007-09-03 10:41 --------- d-----w C:\Program Files\BitTorrent
2007-09-02 23:16 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\Google
2007-09-02 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-01 23:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-19 21:53 --------- d-----w C:\Program Files\PC Camera
2007-08-19 21:53 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-08-19 21:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-19 21:46 --------- d-----w C:\Program Files\Windows Media Components
2007-08-19 21:46 --------- d-----w C:\Program Files\Mingjong
2007-08-17 19:01 --------- d-----w C:\Program Files\Windows Live
2007-08-17 19:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-08-17 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-17 16:25 --------- d-----w C:\Program Files\FaxTools
2007-08-17 16:25 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-08-17 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-08-17 16:21 --------- d-----w C:\Program Files\Lexmark 1200 Series
2007-08-16 13:19 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\WinRAR
2007-08-16 12:41 --------- d-----w C:\Program Files\Real
2007-08-16 12:28 --------- d-----w C:\Program Files\Thomson
2007-08-16 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 23:06 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-07-26 23:06 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 23:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 23:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-07-26 23:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 23:03 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-07-26 23:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 23:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-07-26 23:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 23:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-07-26 23:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-07-26 23:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]
2007-09-11 18:00 221184 --a------ C:\Program Files\ActivationManager\ActivationManager.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-20 04:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^The Nevs^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\The Nevs\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

R3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-18 11:29:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-10 13:47:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 17:30:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 17:32:02
C:\ComboFix-quarantined-files.txt ... 2007-10-10 17:31
.
--- E O F ---





New HijackThis Log -



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:07, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187270499872
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187270481736
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CC6E506-6E32-4BAE-97AC-4A8F929E208A}: NameServer = 212.139.132.36 212.139.132.37
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4478 bytes

#4 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 October 2007 - 11:47 AM

oh and i wasn't using any p2p applications when the browser hijacker or whatever it is started.

#5 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 October 2007 - 01:31 PM

cough cough.

sorry just tryin to keep this thread near the top

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 10 October 2007 - 03:10 PM

P2P programs will still bring along malware even if they were not the original cause for infection. Do not bump your topic, I get an email to say you have replied so there is no need to do so; perhaps it would be understandable if you had waited a couple of days, but less than two hours?
The top of your Combofix log has been cut off, please post the full report in your reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 October 2007 - 05:10 PM

Alright calm down no need to attack me, i didn't know you got an email

Anyway heres the full combofix log





ComboFix 07-10-09.3 - The Nevs 2007-10-10 22:49:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.41 [GMT 1:00]
Running from: C:\Documents and Settings\The Nevs\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 17:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 14:51 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 15:10 <DIR> d-------- C:\Program Files\Audacity
2007-10-06 13:35 <DIR> d-------- C:\Documents and Settings\The Nevs\Incomplete
2007-10-06 13:34 <DIR> d-------- C:\Documents and Settings\The Nevs\Application Data\LimeWire
2007-10-06 13:33 <DIR> d-------- C:\Program Files\LimeWire
2007-10-03 20:32 <DIR> d-------- C:\WINDOWS\pss
2007-10-03 20:13 <DIR> d-------- C:\Program Files\IObit
2007-10-03 20:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 18:12 <DIR> d-------- C:\Documents and Settings\The Nevs\Application Data\OpenOffice.org2
2007-10-03 18:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-03 17:55 <DIR> d-------- C:\Program Files\readmes
2007-10-03 17:55 <DIR> d-------- C:\Program Files\licenses
2007-10-01 19:25 <DIR> d-------- C:\Documents and Settings\The Nevs\Application Data\MySpace
2007-09-28 21:56 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-23 20:16 230,432 --a--c--- C:\StiImg.dat
2007-09-22 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-22 17:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-22 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-22 15:59 <DIR> d-------- C:\Documents and Settings\The Nevs\Application Data\SUPERAntiSpyware.com
2007-09-15 22:08 <DIR> d-------- C:\Program Files\3B Software
2007-09-14 17:15 <DIR> d-------- C:\Program Files\Google
2007-09-14 16:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-14 16:23 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-14 15:51 <DIR> d-------- C:\f7386e0135b73ba887dbd7559b5efeee
2007-09-12 19:55 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-12 19:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-12 19:07 <DIR> d-------- C:\Documents and Settings\The Nevs\Application Data\Tenebril
2007-09-12 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-12 19:00 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-09-12 19:00 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-09-11 15:59 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-09-11 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-09-10 18:59 <DIR> d-------- C:\Documents and Settings\The Nevs\Application Data\Help
2007-09-10 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 16:56 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\BitTorrent
2007-09-14 17:34 --------- d-----w C:\Program Files\DivX
2007-09-11 17:00 --------- d-----w C:\Program Files\ActivationManager
2007-09-11 14:57 --------- d-----w C:\Program Files\NCH Swift Sound
2007-09-11 14:56 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\NCH Swift Sound
2007-09-05 15:08 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-09-05 15:08 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-09-04 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-04 16:08 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\DivX
2007-09-03 17:53 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\Audacity
2007-09-03 17:07 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\ICAClient
2007-09-03 17:06 --------- d-----w C:\Program Files\Citrix
2007-09-03 13:30 --------- d-----w C:\Program Files\QuickTime
2007-09-03 13:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-03 13:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-03 13:27 --------- d-----w C:\Program Files\Apple Software Update
2007-09-03 11:59 --------- d-----w C:\Program Files\MSN Messenger
2007-09-03 10:41 --------- d-----w C:\Program Files\BitTorrent
2007-09-02 23:16 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\Google
2007-09-02 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-01 23:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 21:53 --------- d-----w C:\Program Files\PC Camera
2007-08-19 21:53 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-08-19 21:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-19 21:46 --------- d-----w C:\Program Files\Windows Media Components
2007-08-19 21:46 --------- d-----w C:\Program Files\Mingjong
2007-08-17 19:01 --------- d-----w C:\Program Files\Windows Live
2007-08-17 19:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-08-17 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-17 16:25 --------- d-----w C:\Program Files\FaxTools
2007-08-17 16:25 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-08-17 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-08-17 16:21 --------- d-----w C:\Program Files\Lexmark 1200 Series
2007-08-16 13:19 --------- d-----w C:\Documents and Settings\The Nevs\Application Data\WinRAR
2007-08-16 12:41 --------- d-----w C:\Program Files\Real
2007-08-16 12:28 --------- d-----w C:\Program Files\Thomson
2007-08-16 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 23:06 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-07-26 23:06 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 23:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 23:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-07-26 23:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 23:03 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-07-26 23:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 23:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-07-26 23:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 23:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-07-26 23:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-07-26 23:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-10_17.31.02.05 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
----a-w 1,022,976 2007-08-22 12:55:28 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
----a-w 151,040 2007-08-22 12:55:29 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
----a-w 1,054,208 2007-08-22 12:55:30 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
----a-w 357,888 2007-08-22 12:55:30 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
----a-w 205,824 2007-08-22 12:55:31 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
----a-w 55,808 2007-08-22 12:55:31 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
----a-w 18,432 2007-08-21 10:19:39 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
----a-w 251,904 2007-08-22 12:55:32 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
----a-w 96,256 2007-08-22 12:55:32 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
----a-w 16,384 2007-08-22 12:55:32 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
----a-w 3,064,832 2007-08-22 12:55:36 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
----a-w 449,024 2007-08-22 12:55:37 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
----a-w 146,432 2007-08-22 12:55:37 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
----a-w 532,480 2007-08-22 12:55:38 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
----a-w 39,424 2007-08-22 12:55:38 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
----a-w 1,498,112 2007-08-22 12:55:40 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
----a-w 474,112 2007-08-22 12:55:41 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
----a-w 617,984 2007-08-22 12:55:43 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
----a-w 665,600 2007-08-22 12:55:44 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
----a-w 350,720 2007-08-21 10:13:33 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
-c----w 151,040 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
-c----w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB939653$\danim.dll
-c----w 357,888 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
-c----w 205,312 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
-c----w 55,808 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
-c----w 18,432 2007-06-14 14:07:24 C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
-c----w 251,392 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
-c----w 96,256 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
-c----w 16,384 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
-c----w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
-c----w 449,024 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
-c----w 146,432 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
-c----w 532,480 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
-c----w 39,424 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
-c----w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
-c----w 474,112 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
-c----w 615,424 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
-c----w 115,712 2007-06-14 13:39:54 C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 1,022,976 2007-08-22 13:12:15 C:\WINDOWS\system32\browseui.dll
----a-w 151,040 2007-08-22 13:12:15 C:\WINDOWS\system32\cdfview.dll
----a-w 1,054,208 2007-08-22 13:12:16 C:\WINDOWS\system32\danim.dll
----a-w 357,888 2007-08-22 13:12:16 C:\WINDOWS\system32\dxtmsft.dll
----a-w 205,312 2007-08-22 13:12:16 C:\WINDOWS\system32\dxtrans.dll
------w 55,808 2007-08-22 13:12:16 C:\WINDOWS\system32\extmgr.dll
----a-w 251,392 2007-08-22 13:12:16 C:\WINDOWS\system32\iepeers.dll
----a-w 96,256 2007-08-22 13:12:16 C:\WINDOWS\system32\inseng.dll
----a-w 16,384 2007-08-22 13:12:16 C:\WINDOWS\system32\jsproxy.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 3,058,176 2007-08-22 13:12:17 C:\WINDOWS\system32\mshtml.dll
----a-w 449,024 2007-08-22 13:12:17 C:\WINDOWS\system32\mshtmled.dll
----a-w 146,432 2007-08-22 13:12:17 C:\WINDOWS\system32\msrating.dll
----a-w 532,480 2007-08-22 13:12:17 C:\WINDOWS\system32\mstime.dll
----a-w 39,424 2007-08-22 13:12:17 C:\WINDOWS\system32\pngfilt.dll
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
----a-w 1,494,528 2007-08-22 13:12:18 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2007-08-22 13:12:18 C:\WINDOWS\system32\shlwapi.dll
----a-w 615,424 2007-08-22 13:12:18 C:\WINDOWS\system32\urlmon.dll
----a-w 658,944 2007-08-22 13:12:18 C:\WINDOWS\system32\wininet.dll
----a-w 115,712 2007-08-21 10:20:02 C:\WINDOWS\system32\xpsp3res.dll
-c----w 1,022,976 2007-08-22 13:12:15 C:\WINDOWS\system32\dllcache\browseui.dll
-c----w 151,040 2007-08-22 13:12:15 C:\WINDOWS\system32\dllcache\cdfview.dll
-c----w 1,054,208 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\danim.dll
-c----w 357,888 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c----w 205,312 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 55,808 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 18,432 2007-08-21 10:30:45 C:\WINDOWS\system32\dllcache\iedw.exe
-c----w 251,392 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\iepeers.dll
-c----w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 96,256 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\inseng.dll
-c----w 16,384 2007-08-22 13:12:16 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 3,058,176 2007-08-22 13:12:17 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 449,024 2007-08-22 13:12:17 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 146,432 2007-08-22 13:12:17 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 532,480 2007-08-22 13:12:17 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 39,424 2007-08-22 13:12:17 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c----w 1,494,528 2007-08-22 13:12:18 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c----w 474,112 2007-08-22 13:12:18 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c----w 615,424 2007-08-22 13:12:18 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 658,944 2007-08-22 13:12:18 C:\WINDOWS\system32\dllcache\wininet.dll
.
----a-w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\system32\browseui.dll
----a-w 151,040 2007-06-14 18:09:18 C:\WINDOWS\system32\cdfview.dll
----a-w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\system32\danim.dll
----a-w 357,888 2007-06-14 18:09:18 C:\WINDOWS\system32\dxtmsft.dll
----a-w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dxtrans.dll
------w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\extmgr.dll
----a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\iepeers.dll
----a-w 96,256 2007-06-14 18:09:19 C:\WINDOWS\system32\inseng.dll
----a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\system32\mshtml.dll
----a-w 449,024 2007-06-14 18:09:19 C:\WINDOWS\system32\mshtmled.dll
----a-w 146,432 2007-06-14 18:09:19 C:\WINDOWS\system32\msrating.dll
----a-w 532,480 2007-06-14 18:09:20 C:\WINDOWS\system32\mstime.dll
----a-w 39,424 2007-06-14 18:09:20 C:\WINDOWS\system32\pngfilt.dll
----a-w 581,120 2004-08-03 23:56:46 C:\WINDOWS\system32\rpcrt4.dll
----a-w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2007-06-14 18:09:20 C:\WINDOWS\system32\shlwapi.dll
----a-w 615,424 2007-06-14 18:09:20 C:\WINDOWS\system32\urlmon.dll
----a-w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\wininet.dll
------w 115,712 2007-06-14 13:39:54 C:\WINDOWS\system32\xpsp3res.dll
-c----w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\browseui.dll
-c----w 151,040 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\cdfview.dll
-c----w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\danim.dll
-c----w 357,888 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c----w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 18,432 2007-06-14 14:07:24 C:\WINDOWS\system32\dllcache\iedw.exe
-c----w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\iepeers.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 96,256 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\inseng.dll
-c----w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 449,024 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 146,432 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 532,480 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 39,424 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c----w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c----w 474,112 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c----w 615,424 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]
2007-09-11 18:00 221184 --a------ C:\Program Files\ActivationManager\ActivationManager.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-20 04:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^The Nevs^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\The Nevs\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

R3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-18 11:29:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-10 21:24:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 22:54:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 22:55:57
C:\ComboFix-quarantined-files.txt ... 2007-10-10 22:55
C:\ComboFix2.txt ... 2007-10-10 17:32
.
--- E O F ---

Edited by nnev3, 10 October 2007 - 05:12 PM.


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 11 October 2007 - 03:39 PM

I'm not attacking you, I'm merely stating that it is unnecessary.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 13 October 2007 - 09:52 AM

I did the whole panda thing.
Unfortunately it won't work on my computer.
It starts scanning and then after about 5-10 minutes it freezes, my computer starts making this funny noise for ages, and then my whole computer crashes.
I've tried it 4 times with the same result.

Is there anything else i can use instead? Or any other method?

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 13 October 2007 - 04:01 PM

We'll try the Kaspersky WebScanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on Next
Select a target to scan; click on My Computer
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text
Post these results in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 14 October 2007 - 10:07 AM

Kaspersky Scanner Results:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 4:06:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435749
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 46249
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 03:03:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01fe8c3c5e5747079812e8fd53647a96_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04f210b818f1121a46747bf9059919d7_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b651ddf4e993516c337a67214b4e97d_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c4e3d238c97335d9e9d16b06a30b696_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d92be07a8a37f13ce327f452641abbd_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e1b6628c91127d192bde3b448791f42_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f5ebcc057b34adfdeb4943823ee7bf9_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12efd96a063416ce3b84fa34e0e92a6e_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\141be829855b6951737fd449da57fc83_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1490b47310459c05f6df87af5ec82945_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c19ad16a046f44d9ce0b8eeee6742b1_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2514044af0cb7490a88164fa0128e578_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2753c2c215b5cd2ed9f6852055b1a395_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\281560ebd99c9c3de975c734bb959431_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bbe71a63b31a46efbde9e7b0a336e0f_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2be2215752a122773cde5e1bb7d9c781_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f2a9d3ee39a171d239313a980d25b76_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3094b5d1763ce096e5c4c65dc3c47674_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3161c62c99d5e17d007b300428dec8d3_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32cfa302cb352eaad6ac54d8a454e0ff_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3663b2160e5d3d84beae3cbf18efa467_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ac19cf760bc7ef9fb71b91d72bb6c5e_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b3878c9113c9c4bcdb23aa6e6dc8975_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3be73a56a4312c1482338bd31105cb91_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d7c1f9a4d4129ac264fd9e546162cb2_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ec3fe4598e8f7965918d0f111368153_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40a5bd4fe523ed7633caaa6d279d438d_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4135857dc07e575059a5e1610214f6ae_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41401c0c043d5edf409be742c6f27f11_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42ebe033e622cb86417d87e6bf932288_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\460687ffe1c09ad12abd097bd5061ceb_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a3c3485f55c3354fcf44989f12b8673_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4aedc12134f46b1ed137d3018f98fca0_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d13d97cf9c496cc7ab1e0a26ca61f77_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\508b06ae0a2a04e9231b0ffd13ee0f8f_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50f91b2903bb8a1823598abeebd82254_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53cf0b4906abe297acd7926385a3e1cb_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55433cb94bf3229ff326d599bb26f1cf_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b7504d4a4929fe08cb10994f0fc37dd_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cec973ae4c07581162da0e18aa3375b_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e0750047732b1488e394230236e13b8_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e89f4cd7afb21e0f0a69d119cbd12fa_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\609118bedfad8b035d4cdb174b675df4_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65d58a0d55e8554b3f94d33b63fbc70b_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d0666492196066b493c09b6dbaff371_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e81c2ae9645af26d44adc798f58ce4e_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\738e67cd3e714872e37ca1e17c7eb7ac_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74391c8e2006486ba5d67775ed337829_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\778afaddc18b6e9dae4d0d42387be390_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77ac75cd41584d86b970d516666e0c99_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a58dfea531fc75a4201e3519e1fb8f4_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c70693dcfb2e5d2a96ed319d4b0ec82_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cc8a83c7d5a0d09f598425064c04aa8_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80f58f1786126a41186dc13f96562ded_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87d78a53fc85ee9823a85dbb67d2bdb3_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\886ed76e34a2bf30b8d7c4cd8d66f11c_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\895cda9fb2ce5f868ee5e348e65a76eb_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a2d7851e7322d849bec66a7c121ebb0_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8acc9a3e1475dbd354279d0d65f1b1d4_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b593eaf2debad1e7d82e121dabb024f_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93385ddca4b80024e3be5925ea928721_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\964d70ba50ebf22711259762c0e51f8d_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98ebac5e1d7b18041cbed3d06dc215fd_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a752d0bd4c5d0f8a49ce52d9855e755_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ade9078bbf0a5112336f5dff3c7f843_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f88507723eb00c5bce3c2385d99033d_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ffd49fc8a57c133c56c1ca2d921b103_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a26f555f87498b7a5451ae805d0310ea_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3f8df90e66b7090ba3984c9943e5d04_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a45266e0a95bc17455a143a77adf7729_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7c0cce5cf9539db6fe9b6375eb69b86_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa03d66fa84c2190eafd74a0d21ea0f0_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac76dea1dc95041f25afb57a939aa889_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acc0865e602c09d8dc316ae58607977d_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae961d5386218b7cc8139989f55bf959_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b450ab0184e7d33e58b99d398cec982f_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b606e24188ceb34d6f7f873b7d83b3c9_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6eca07f068f201f37555df1aa44392c_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7a58911c9329ae33d74b9c2ed66e195_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\baeb4a6d8511fa073269e1c1c3c49867_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc03e7618228060091a513b005cb4441_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc5e2357c823f7ea496c109fd88bbe19_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd32b98ff8be92e71d21d74462be212a_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0faf2cf57cb3c971994fe3273848b33_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c16935972f62e428e0c962685b701b87_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c380e8bf98085e4c1187b87fac25675e_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c395a4f5c79b9f7f09dd2786aa1fc979_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5ed4b0ad92e34fee352e2c9f25d71b8_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5f284effe7acee0da13ef7051e2350c_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8027a9d8e22440d85493f3618046db2_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c83e02f4371aa656afdbcdd3c376f281_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb40da03fac7437d8fe4b057093b6d77_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d318938f4c18a4d88686ef04d29c0650_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d72f34789b5ecd6e0192003baa52bded_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd9b452a0d832d0421ca4bca3df1883e_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0ffd1317e4d9ae3a3cba122ffd572c7_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec7c7b82938c2a19ddba43ffb9127e62_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f281d0a12894217c635312a65f2602e1_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3a96833ee39e79e24c3a4f8ae5883c8_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4003c122c3e693c6e12cc55c6122b17_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c0031575d5cf8469f3eaf864c3ad99_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcaddd8b4c2596f00d1630e9eb66569f_5709629c-ef7a-4617-99dd-f431bbbc3e41 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09142007-162349.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\The Nevs\Application Data\BitTorrent\bittorrent.log Object is locked skipped
C:\Documents and Settings\The Nevs\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\The Nevs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\The Nevs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\The Nevs\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\The Nevs\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\The Nevs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\The Nevs\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\The Nevs\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ActivationManager\ActivationManager.dll Infected: not-a-virus:AdWare.Win32.BHO.de skipped
C:\Program Files\ActivationManager\ActivationManager.dll.bak Infected: not-a-virus:AdWare.Win32.BHO.de skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8290579E-E930-4ECB-833F-2401F04AEB29}\RP37\A0009948.dll Infected: not-a-virus:AdWare.Win32.BHO.de skipped
C:\System Volume Information\_restore{8290579E-E930-4ECB-833F-2401F04AEB29}\RP46\A0010339.dll Infected: not-a-virus:AdWare.Win32.BHO.de skipped
C:\System Volume Information\_restore{8290579E-E930-4ECB-833F-2401F04AEB29}\RP64\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 16 October 2007 - 04:20 PM

Can I have some information about how things seem to be running now, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 17 October 2007 - 11:42 AM

erm, well...
i think its still redirecting my browser... well it was yesterday. It's not doing it as much but i'm sure its still doing it. It keeps redirecting me to some porn site or delv.co.uk or something. It's not doing it as much but it still redirects me.

AA wait it is still doing it it just took me to some random web search.

Edited by nnev3, 17 October 2007 - 11:44 AM.


#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 18 October 2007 - 12:24 PM

Please download Fixwareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your Desktop and run it by double clicking.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer, please do so.
Your system may take longer than usual to load; this is normal.
Once the Desktop loads save the text that will open (report.txt) and post it in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 nnev3

nnev3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 19 October 2007 - 11:08 AM

Username "The Nevs" - 19/10/2007 16:41:03 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users