Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log


  • Please log in to reply
13 replies to this topic

#1 spookyman15

spookyman15

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 23 December 2007 - 03:42 PM

yes my englsh is bad but i couldnt find my problem in turkish sites and came hear i fed up with this problem actually i have two problems first when i click a site it stops and there comes a error page as ur site cannot be displayed
yes second when i enter a site which is using adobe flash player excidenttly it stops and there comes a error window as there happened a problem with flash9e.ocx and internet explorer have to close yes my log is here :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:26, on 23.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.american-onlines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Kırpma Defteri - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Akıllı Seçim - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197227100263
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 5309 bytes

BC AdBot (Login to Remove)

 


#2 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 December 2007 - 10:40 AM

thnkyou for all ur reply sss
:blink: :thumbsup:

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:04 PM

Posted 09 January 2008 - 02:29 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#4 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 09 January 2008 - 03:57 PM

i have done the steps in guide. Iam having same problems still i dont have time now but in one or two days i will receive my new log again okey see you

#5 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 11 January 2008 - 02:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:05, on 11.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Kırpma Defteri - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Akıllı Seçim - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197227100263
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 5074 bytes


in addition my computer is started to freeze :thumbsup: :S when it freezes i have to restart my computer

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:04 PM

Posted 11 January 2008 - 04:13 PM

So far your clean.
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#7 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 12 January 2008 - 12:48 PM

thnx i scaned and here combofix report is:

ComboFix 08-01-09.2 - Ayfer 2008-01-12 19:36:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.52 [GMT 2:00]
Running from: C:\Documents and Settings\Ayfer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 19:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 18:36 . 2008-01-11 18:36 <DIR> d-------- C:\WINDOWS\ml
2008-01-11 18:36 . 2008-01-11 19:42 <DIR> d-------- C:\Program Files\Winamp
2008-01-10 23:10 . 2008-01-10 23:10 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\Uniblue
2008-01-10 23:09 . 2008-01-10 23:09 <DIR> d-------- C:\Program Files\Uniblue
2008-01-08 00:00 . 2008-01-08 00:00 57 --a------ C:\WINDOWS\wininit.ini
2008-01-06 22:56 . 2008-01-06 22:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 22:28 . 2008-01-06 22:28 <DIR> d-------- C:\Scenes
2008-01-06 22:26 . 2008-01-06 22:33 <DIR> d-------- C:\KD
2008-01-06 22:26 . 2004-11-18 11:49 45,534 --a------ C:\WINDOWS\system32\drivers\eusk3usb.sys
2008-01-06 22:26 . 2004-11-18 11:49 45,277 --a------ C:\WINDOWS\system32\drivers\skeyusb.sys
2008-01-06 22:26 . 2004-11-18 11:49 24,786 --a------ C:\WINDOWS\system32\drivers\eusk2par.sys
2008-01-05 17:00 . 2008-01-05 17:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 16:58 . 2008-01-05 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-31 00:06 . 2007-12-31 00:06 <DIR> d-------- C:\Documents and Settings\Abdullah\Application Data\HPAppData
2007-12-30 20:23 . 2007-12-30 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-12-30 20:21 . 2007-12-30 20:21 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\HPAppData
2007-12-30 20:10 . 2007-12-30 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-12-30 19:56 . 2007-12-30 20:37 154,939 --a------ C:\WINDOWS\hpoins21.dat
2007-12-30 19:56 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2007-12-30 00:45 . 2007-12-30 00:49 110,340 --a------ C:\WINDOWS\hpqins01.dat
2007-12-30 00:43 . 2007-12-30 00:47 154,339 --------- C:\WINDOWS\hpoins21.dat.temp
2007-12-30 00:43 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2007-12-29 21:50 . 2004-08-04 00:45 76,288 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll
2007-12-29 21:50 . 2004-08-04 00:45 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll
2007-12-29 21:50 . 2001-11-22 12:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-29 21:50 . 2001-11-22 12:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-29 21:50 . 2001-11-22 12:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll
2007-12-29 21:48 . 2004-08-04 00:45 456,192 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2007-12-29 21:47 . 2001-11-22 12:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2007-12-29 21:46 . 2001-11-22 12:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2007-12-29 21:46 . 2001-11-22 12:00 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
2007-12-29 21:46 . 2004-08-04 00:45 85,504 --a--c--- C:\WINDOWS\system32\dllcache\metada51.dll
2007-12-29 21:46 . 2001-11-21 21:35 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2007-12-29 21:46 . 2004-08-04 00:45 37,888 --a--c--- C:\WINDOWS\system32\dllcache\md5filt.dll
2007-12-29 21:46 . 2001-11-22 12:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\mdsync.dll
2007-12-29 21:46 . 2004-08-04 00:45 22,528 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2007-12-29 21:46 . 2004-08-04 00:45 19,456 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2007-12-29 21:46 . 2004-08-04 00:45 13,312 --a--c--- C:\WINDOWS\system32\dllcache\lonsint.dll
2007-12-29 21:46 . 2004-08-04 00:45 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2007-12-29 21:44 . 2004-08-04 00:45 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2007-12-29 21:43 . 2001-11-22 12:00 56,320 --a--c--- C:\WINDOWS\system32\dllcache\convlog.exe
2007-12-29 21:42 . 2004-08-04 00:45 370,176 --a--c--- C:\WINDOWS\system32\dllcache\asp51.dll
2007-12-29 21:41 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-12-29 21:40 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-29 21:35 . 2007-12-29 21:35 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-29 21:33 . 2001-11-22 12:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-12-29 21:13 . 2004-08-04 01:30 1,896,690 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2007-12-29 21:12 . 2004-08-04 01:30 1,086,058 -ra------ C:\WINDOWS\SET36.tmp
2007-12-29 21:12 . 2004-08-04 01:34 1,014,537 -ra------ C:\WINDOWS\SET33.tmp
2007-12-29 21:12 . 2004-08-04 01:29 14,913 -ra------ C:\WINDOWS\SET42.tmp
2007-12-26 18:06 . 2007-12-30 13:46 1,348 --a------ C:\WINDOWS\mozver.dat
2007-12-26 17:31 . 2007-12-26 17:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 21:46 . 2007-12-24 21:46 268 --ah----- C:\sqmdata04.sqm
2007-12-24 21:46 . 2007-12-24 21:46 244 --ah----- C:\sqmnoopt04.sqm
2007-12-23 19:37 . 2007-12-23 19:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 19:35 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2007-12-23 19:16 . 2007-12-23 19:16 <DIR> d-------- C:\Documents and Settings\Ayfer\DoctorWeb
2007-12-23 19:10 . 2007-12-23 19:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-23 19:10 . 2007-12-23 19:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-23 18:56 . 2007-12-23 18:56 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-23 18:56 . 2007-12-23 18:56 2,855 --a------ C:\WINDOWS\system32\mem.PIF
2007-12-22 22:55 . 2007-12-22 22:55 <DIR> d-------- C:\Program Files\Netlog 24
2007-12-22 22:55 . 2007-12-22 22:55 159,744 --a------ C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-22 19:16 . 2007-12-25 18:07 <DIR> dr------- C:\Documents and Settings\Ayfer\Sık Kullanılanlar
2007-12-22 18:22 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-21 19:37 . 2007-12-21 19:37 <DIR> d-------- C:\WINDOWS\Sun
2007-12-21 18:14 . 2007-12-21 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 14:19 . 2007-12-21 14:19 1,416 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-19 20:12 . 2007-12-19 20:12 <DIR> d-------- C:\LOSTFILE
2007-12-15 22:04 . 2007-12-15 22:04 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\Media Player Classic
2007-12-14 21:07 . 2007-12-14 21:07 <DIR> d-------- C:\Documents and Settings\Ayfer\LimeWire Store Purchased
2007-12-14 21:07 . 2007-12-14 21:07 <DIR> d-------- C:\Documents and Settings\Ayfer\LimeWire Shared
2007-12-14 21:05 . 2007-12-14 21:05 <DIR> d-------- C:\Documents and Settings\Ayfer\Incomplete
2007-12-14 21:04 . 2008-01-11 21:57 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\LimeWire
2007-12-14 21:03 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-14 21:01 . 2007-12-16 14:13 <DIR> d-------- C:\Program Files\Java
2007-12-14 20:59 . 2007-12-14 20:59 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-14 20:58 . 2007-12-30 17:01 <DIR> d-------- C:\Program Files\LimeWire
2007-12-13 17:43 . 2007-12-13 17:43 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\Minilyrics
2007-12-13 17:26 . 2007-03-08 01:51 43,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-13 17:26 . 2007-03-08 01:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-13 17:26 . 2007-03-08 01:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 13:56 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\HP
2008-01-05 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-30 18:23 --------- d-----w C:\Program Files\HP
2007-12-21 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 11:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-12 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-11 16:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-09 23:56 --------- d-----w C:\Program Files\Windows Live
2007-12-09 23:56 --------- d-----w C:\Program Files\MSN Messenger
2007-12-09 22:47 --------- d-----w C:\Documents and Settings\Abdullah\Application Data\ESET
2007-12-09 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-09 18:22 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\Toshiba
2007-12-09 18:09 --------- d-----w C:\Program Files\Toshiba
2007-12-09 16:21 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\ESET
2007-12-09 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-12-09 15:25 --------- d-----w C:\Program Files\CCleaner
2007-12-09 15:13 --------- d-----w C:\Program Files\Google
2007-12-09 14:16 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\vlc
2007-12-09 14:10 --------- d-----w C:\Program Files\VideoLAN
2007-12-09 13:42 --------- d-----w C:\Program Files\ComboMax
2007-12-09 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2007-12-09 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-12-09 12:45 --------- d-----w C:\Program Files\Common Files\HP
2007-12-09 12:43 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-12-08 22:14 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-08 22:14 --------- d-----w C:\Program Files\Ahead
2007-12-08 22:06 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-08 22:04 --------- d-----w C:\Program Files\Microsoft Works
2007-12-08 21:54 --------- d-----w C:\Program Files\C-Media
2007-12-08 19:03 --------- d-----w C:\Program Files\microsoft frontpage
2003-04-06 09:39 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-14 22:41 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R3 NtApm;NT Apm/Eski Arabirim Sürücüsü;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-11-22 12:00]
R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mini.sys [2000-02-15 13:19]
R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 04:24]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 17:18:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-10 21:10:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 19:41:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 19:43:12
ComboFix-quarantined-files.txt 2008-01-12 17:42:52
.
2007-12-10 23:10:27 --- E O F ---



and here new hijacthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:03, on 12.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Kırpma Defteri - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Akıllı Seçim - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197227100263
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 4640 bytes



okey i will wait. thank for all ur reply

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:04 PM

Posted 14 January 2008 - 02:39 PM

I see some remnants of infections that have been removed, but other than that, nothing else. Let's clean these up to be safe.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::

C:\WINDOWS\SET36.tmp
C:\WINDOWS\SET33.tmp
C:\WINDOWS\SET42.tmp


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#9 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 15 January 2008 - 10:43 AM

ComboFix 08-01-09.2 - Ayfer 2008-01-15 17:27:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.40 [GMT 2:00]
Running from: D:\faruk\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ayfer\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SET33.tmp
C:\WINDOWS\SET36.tmp
C:\WINDOWS\SET42.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SET33.tmp
C:\WINDOWS\SET36.tmp
C:\WINDOWS\SET42.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-13 23:56 . 2008-01-13 23:56 <DIR> d---s---- C:\Documents and Settings\Abdullah\UserData
2008-01-12 19:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 18:36 . 2008-01-11 18:36 <DIR> d-------- C:\WINDOWS\ml
2008-01-11 18:36 . 2008-01-11 19:42 <DIR> d-------- C:\Program Files\Winamp
2008-01-10 23:10 . 2008-01-13 22:02 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\Uniblue
2008-01-08 00:00 . 2008-01-08 00:00 57 --a------ C:\WINDOWS\wininit.ini
2008-01-06 22:56 . 2008-01-06 22:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 22:28 . 2008-01-06 22:28 <DIR> d-------- C:\Scenes
2008-01-06 22:26 . 2008-01-06 22:33 <DIR> d-------- C:\KD
2008-01-06 22:26 . 2004-11-18 11:49 45,534 --a------ C:\WINDOWS\system32\drivers\eusk3usb.sys
2008-01-06 22:26 . 2004-11-18 11:49 45,277 --a------ C:\WINDOWS\system32\drivers\skeyusb.sys
2008-01-06 22:26 . 2004-11-18 11:49 24,786 --a------ C:\WINDOWS\system32\drivers\eusk2par.sys
2008-01-05 17:00 . 2008-01-05 17:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 16:58 . 2008-01-05 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-31 00:06 . 2007-12-31 00:06 <DIR> d-------- C:\Documents and Settings\Abdullah\Application Data\HPAppData
2007-12-30 20:23 . 2007-12-30 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-12-30 20:21 . 2007-12-30 20:21 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\HPAppData
2007-12-30 20:10 . 2007-12-30 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-12-30 19:56 . 2007-12-30 20:37 154,939 --a------ C:\WINDOWS\hpoins21.dat
2007-12-30 19:56 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2007-12-30 00:45 . 2007-12-30 00:49 110,340 --a------ C:\WINDOWS\hpqins01.dat
2007-12-30 00:43 . 2007-12-30 00:47 154,339 --------- C:\WINDOWS\hpoins21.dat.temp
2007-12-30 00:43 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2007-12-29 21:50 . 2004-08-04 00:45 76,288 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll
2007-12-29 21:50 . 2004-08-04 00:45 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll
2007-12-29 21:50 . 2001-11-22 12:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-29 21:50 . 2001-11-22 12:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-29 21:50 . 2001-11-22 12:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll
2007-12-29 21:48 . 2004-08-04 00:45 456,192 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2007-12-29 21:47 . 2001-11-22 12:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2007-12-29 21:46 . 2001-11-22 12:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2007-12-29 21:46 . 2001-11-22 12:00 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
2007-12-29 21:46 . 2004-08-04 00:45 85,504 --a--c--- C:\WINDOWS\system32\dllcache\metada51.dll
2007-12-29 21:46 . 2001-11-21 21:35 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2007-12-29 21:46 . 2004-08-04 00:45 37,888 --a--c--- C:\WINDOWS\system32\dllcache\md5filt.dll
2007-12-29 21:46 . 2001-11-22 12:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\mdsync.dll
2007-12-29 21:46 . 2004-08-04 00:45 22,528 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2007-12-29 21:46 . 2004-08-04 00:45 19,456 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2007-12-29 21:46 . 2004-08-04 00:45 13,312 --a--c--- C:\WINDOWS\system32\dllcache\lonsint.dll
2007-12-29 21:46 . 2004-08-04 00:45 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2007-12-29 21:44 . 2004-08-04 00:45 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2007-12-29 21:43 . 2001-11-22 12:00 56,320 --a--c--- C:\WINDOWS\system32\dllcache\convlog.exe
2007-12-29 21:42 . 2004-08-04 00:45 370,176 --a--c--- C:\WINDOWS\system32\dllcache\asp51.dll
2007-12-29 21:41 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-12-29 21:40 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-29 21:35 . 2007-12-29 21:35 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-29 21:34 . 2007-12-29 21:34 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-29 21:33 . 2001-11-22 12:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-12-29 21:13 . 2004-08-04 01:30 1,896,690 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2007-12-26 18:06 . 2007-12-30 13:46 1,348 --a------ C:\WINDOWS\mozver.dat
2007-12-26 17:31 . 2007-12-26 17:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 21:46 . 2007-12-24 21:46 268 --ah----- C:\sqmdata04.sqm
2007-12-24 21:46 . 2007-12-24 21:46 244 --ah----- C:\sqmnoopt04.sqm
2007-12-23 19:37 . 2007-12-23 19:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 19:35 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2007-12-23 19:16 . 2007-12-23 19:16 <DIR> d-------- C:\Documents and Settings\Ayfer\DoctorWeb
2007-12-23 19:10 . 2007-12-23 19:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-23 19:10 . 2007-12-23 19:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-23 18:56 . 2007-12-23 18:56 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-23 18:56 . 2007-12-23 18:56 2,855 --a------ C:\WINDOWS\system32\mem.PIF
2007-12-22 22:55 . 2007-12-22 22:55 <DIR> d-------- C:\Program Files\Netlog 24
2007-12-22 22:55 . 2007-12-22 22:55 159,744 --a------ C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-22 19:16 . 2007-12-25 18:07 <DIR> dr------- C:\Documents and Settings\Ayfer\Sık Kullanılanlar
2007-12-22 18:22 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-21 19:37 . 2007-12-21 19:37 <DIR> d-------- C:\WINDOWS\Sun
2007-12-21 18:14 . 2007-12-21 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 14:19 . 2007-12-21 14:19 1,416 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-19 20:12 . 2007-12-19 20:12 <DIR> d-------- C:\LOSTFILE
2007-12-15 22:04 . 2007-12-15 22:04 <DIR> d-------- C:\Documents and Settings\Ayfer\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 19:57 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\LimeWire
2008-01-05 13:56 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\HP
2008-01-05 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-30 18:23 --------- d-----w C:\Program Files\HP
2007-12-30 15:01 --------- d-----w C:\Program Files\LimeWire
2007-12-21 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 11:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 12:13 --------- d-----w C:\Program Files\Java
2007-12-14 18:59 --------- d-----w C:\Program Files\Common Files\Java
2007-12-13 15:43 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\Minilyrics
2007-12-12 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-11 16:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-09 23:56 --------- d-----w C:\Program Files\Windows Live
2007-12-09 23:56 --------- d-----w C:\Program Files\MSN Messenger
2007-12-09 22:47 --------- d-----w C:\Documents and Settings\Abdullah\Application Data\ESET
2007-12-09 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-09 18:22 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\Toshiba
2007-12-09 18:09 --------- d-----w C:\Program Files\Toshiba
2007-12-09 16:21 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\ESET
2007-12-09 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-12-09 15:25 --------- d-----w C:\Program Files\CCleaner
2007-12-09 15:13 --------- d-----w C:\Program Files\Google
2007-12-09 14:16 --------- d-----w C:\Documents and Settings\Ayfer\Application Data\vlc
2007-12-09 14:10 --------- d-----w C:\Program Files\VideoLAN
2007-12-09 13:42 --------- d-----w C:\Program Files\ComboMax
2007-12-09 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2007-12-09 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-12-09 12:45 --------- d-----w C:\Program Files\Common Files\HP
2007-12-09 12:43 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-12-08 22:14 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-08 22:14 --------- d-----w C:\Program Files\Ahead
2007-12-08 22:06 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-08 22:04 --------- d-----w C:\Program Files\Microsoft Works
2007-12-08 21:54 --------- d-----w C:\Program Files\C-Media
2007-12-08 19:03 --------- d-----w C:\Program Files\microsoft frontpage
2003-04-06 09:39 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_19.41.57,08 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 17:35:09 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-15 15:26:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 17:35:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-15 15:26:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 17:35:10 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-15 15:26:06 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-12 17:35:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-15 15:26:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 17:35:10 2,592,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-15 15:26:07 2,592,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-12 17:35:10 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 15:26:07 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-14 22:41 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 09:15 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R3 NtApm;NT Apm/Eski Arabirim Sürücüsü;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-11-22 12:00]
R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mini.sys [2000-02-15 13:19]
R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 04:24]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 17:18:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-10 21:10:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 17:34:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 17:36:48
ComboFix-quarantined-files.txt 2008-01-15 15:36:40
ComboFix2.txt 2008-01-12 17:43:14
.
2007-12-10 23:10:27 --- E O F ---










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:03, on 15.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Kırpma Defteri - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Akıllı Seçim - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197227100263
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 4870 bytes

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:04 PM

Posted 15 January 2008 - 11:15 AM

Looks ok..are you still having problems?

#11 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 15 January 2008 - 02:58 PM

yes still my problems go but the stopping of pages got rare. and the problem with adobe flash player is still goes.. :thumbsup:

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:04 PM

Posted 17 January 2008 - 05:47 PM

Uninstall Flash and reinstall it and see if the problem is resolved.

#13 spookyman15

spookyman15
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 18 January 2008 - 11:31 AM

i did it aqain but still goes problem. for ex. i cant see the complition movie when flash installs:S

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:04 PM

Posted 18 January 2008 - 12:17 PM

I do not think this is a malware issue, but rather a windows/IE issue. I would instead post your problem in the following forum as I do not see anything wrong here:

Web Browsing/Email and Other Internet Applications




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users