Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help! search13. net browser hijacker


  • Please log in to reply
15 replies to this topic

#1 carsolin

carsolin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 08 November 2009 - 08:29 AM

a few days ago I downloaded a file named stylish profile mainly intended to bring color to my facebook profile. i just wanted to try it out, i uninstalled it after a few minutes. upon uninstalling i noticed the that the folder stylish profile is still in my program files so i deleted that too. i use firefox as my default browser. now, whenever i open a new tab, the default site is on search13.net, wherein a pop-up from google appears at the top that this site is in russian (and if i want to translate it) but its not. it seems to be a search engine. i read somewhere that this change is due to the stylish profile. how do i delete search13.net hijacker? below is my hijack this log. thanks!!!

p.s. i checked it on internet explorer, then same happens when i open a new tab.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:21 PM, on 11/8/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\My World\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\My World\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6994 bytes

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 13 November 2009 - 03:01 AM

Hello :(

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)



Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Let's clear temp files:

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Reboot your computer.


Let's scan your system with Mbam:

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Please post Mbam results and a fresh HijackThis log back here :(
Posted Image

#3 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 15 November 2009 - 06:35 AM

thanks for your time sir!! i did everything you said sir.. but still i have the search13.net hijacker. here are the logfiles. there was no infection according to MbaM.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:21 PM, on 11/15/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\My World\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14200&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5706 bytes


Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 6.1.7600

11/15/2009 7:04:11 PM
mbam-log-2009-11-15 (19-04-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 198555
Time elapsed: 1 hour(s), 12 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 15 November 2009 - 06:36 AM

Hello :(

Download DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please downloadDDS from one of the links below and save it to your desktop:

Posted Image
Download DDS and save it to your desktop from Link1
Link2
Link3
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
In your next reply, please post:
  • DDS.txt
  • Attach.txt

Posted Image

#5 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 16 November 2009 - 07:24 AM

thanks again for helping me out on this hijack problem!! :(

PS. O yeah! I upgraded to Windows 7 a few days ago. Hope it has no effect on whatever I had previously done. The report I posted earlier is on Windows 7 already.


DDS (Ver_09-10-26.01) - NTFSx86
Run by My World at 20:19:22.93 on Mon 11/16/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1499.726 [GMT 8:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\conhost.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\My World\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14200&l=dis
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\myworl~1\appdata\roaming\mozilla\firefox\profiles\0tgisqrh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - component: c:\users\my world\appdata\roaming\mozilla\firefox\profiles\0tgisqrh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-9 269648]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-14 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-2-25 112992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-9 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

=============== Created Last 30 ================

2009-11-14 17:22:31 8 ----a-w- c:\windows\system32\dp.ini
2009-11-14 17:10:06 0 d-----w- c:\windows\Panther
2009-11-14 16:56:44 0 d--h--w- C:\$WINDOWS.~Q
2009-11-14 16:53:32 0 d--h--w- C:\$INPLACE.~TR
2009-11-14 16:01:14 4267 ----a-w- c:\windows\system32\ht.com_science__ob=MImg&_imagekey=B7W61-4VGDNXG-1-3&_cdi=28537&_user=10&_orig=browse&_coverDate=02_28_2009&_sk=999849998&view=c&wchp=dGLbVlW-zSkzS&md5=e5f5b06a5703654c7e1c0f505804ce30&ie=_sdarticle.lnk
2009-11-14 04:59:17 4267 ----a-w- c:\windows\system32\ht.com_science__ob=MImg&_imagekey=B7W61-4TFDY81-1-9&_cdi=28537&_user=10&_orig=browse&_coverDate=02_28_2009&_sk=999849998&view=c&wchp=dGLzVtb-zSkWb&md5=63bbca67bffeed28d6dfd25e704dca4e&ie=_sdarticle.lnk
2009-11-14 03:05:16 0 d-----w- c:\program files\Microsoft Security Essentials
2009-11-14 02:55:02 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-14 02:53:19 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-14 02:53:18 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-14 02:53:17 2613248 ----a-w- c:\windows\explorer.exe
2009-11-14 02:53:16 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-14 02:53:16 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-14 02:53:16 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-14 02:53:15 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-14 02:53:15 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-14 02:53:14 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-14 02:52:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-14 02:50:38 8192 ----a-w- C:\bootsect.lxe.bak
2009-11-14 02:50:38 383592 --sh--r- C:\gdrop
2009-11-14 02:50:38 171136 --sh--r- C:\xeldr
2009-11-14 01:57:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-14 01:51:59 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-11-14 01:51:38 0 d-----w- c:\windows\system32\wbem\Performance
2009-11-14 01:50:58 20 --sh--w- c:\users\my world\ntuser.ini
2009-11-14 01:49:47 0 d-sh--w- C:\Recovery
2009-11-14 01:36:46 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-14 01:14:35 0 d-----w- c:\program files\LSI SoftModem
2009-11-14 01:14:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-11-14 01:14:24 0 d-----w- c:\program files\Apoint2K
2009-11-14 01:14:22 10288 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2009-11-14 01:14:22 10288 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2009-11-14 01:14:10 885782 ----a-w- c:\windows\system32\oem7.inf
2009-11-14 00:16:49 1890 ----a-w- c:\windows\diagwrn.xml
2009-11-14 00:16:49 1890 ----a-w- c:\windows\diagerr.xml
2009-11-13 15:48:34 0 d-----w- c:\users\my world\PSP
2009-11-10 12:18:31 0 d-----w- c:\users\myworl~1\appdata\roaming\FrostWire
2009-11-09 23:49:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-09 23:48:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 00:33:02 0 d-----w- c:\users\myworl~1\appdata\roaming\Malwarebytes
2009-11-09 00:32:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 00:32:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 00:32:54 0 d-----w- c:\programdata\Malwarebytes
2009-11-09 00:32:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 18:43:59 0 ----a-w- c:\windows\system32\SBRC.dat
2009-11-08 18:08:14 0 d-----w- c:\programdata\Sunbelt
2009-11-08 05:18:05 0 d-----w- c:\programdata\WindowsSearch
2009-10-26 18:33:44 0 d-----w- c:\programdata\Apple Computer
2009-10-26 18:29:17 0 d-----w- c:\programdata\Apple
2009-10-26 18:12:47 0 d-----w- c:\programdata\InstallShield
2009-10-26 18:01:26 0 d-----w- c:\program files\Nokia
2009-10-26 11:10:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-26 10:57:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-23 09:19:54 0 d-----w- c:\programdata\CyberLink
2009-10-22 19:43:17 168332 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-22 19:41:20 0 d-----w- c:\programdata\Digsby
2009-10-22 19:34:12 0 d-----w- c:\users\myworl~1\appdata\roaming\Digsby
2009-10-22 19:32:47 0 d-----w- c:\program files\Digsby
2009-10-22 11:58:42 0 d-----w- c:\windows\pss
2009-10-22 02:48:07 0 d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2009-10-20 02:26:07 0 d-----w- c:\programdata\WEBREG
2009-10-20 02:01:05 0 d-----w- c:\programdata\HP Product Assistant
2009-10-20 01:57:57 0 d-----w- c:\program files\common files\HP
2009-10-20 01:54:02 0 d-----w- c:\program files\HP
2009-10-20 01:49:03 0 d-----w- c:\programdata\Hewlett-Packard
2009-10-20 01:45:10 787 ----a-w- c:\windows\hphmdl26.dat.temp
2009-10-20 01:45:10 332183 ----a-w- c:\windows\hphins26.dat.temp
2009-10-20 01:43:33 157248 ----a-w- c:\windows\hphins26.dat
2009-10-20 01:42:41 0 d-----w- c:\programdata\HP
2009-10-19 23:08:44 0 d-----w- c:\program files\danny_kay1710
2009-10-18 18:43:14 0 d-----w- c:\programdata\WhiteCap (Holiday Edition)
2009-10-17 14:04:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-17 13:58:15 0 d-----r- c:\program files\Skype
2009-10-17 13:58:08 0 d-----w- c:\programdata\Skype

==================== Find3M ====================

2009-11-14 00:06:59 667658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-14 00:06:59 123076 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-02 12:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-15 14:38:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-15 14:36:59 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-10-15 14:36:59 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2009-10-15 14:36:59 3858432 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-10-15 14:36:59 3538944 ----a-w- c:\windows\system32\bcmihvui.dll
2009-10-15 14:36:59 1880056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-10-15 14:01:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:20:13.64 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/14/2009 9:50:47 AM
System Uptime: 11/16/2009 8:10:50 PM (0 hours ago)

Motherboard: Compal | | 3607
Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz | CPU | 2000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 45.316 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 40.157 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ACPI\ENE0100\3&33FD14CA&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&33FD14CA&0
Service:

==== System Restore Points ===================

RP1: 11/14/2009 10:07:33 AM - Windows Update
RP2: 11/14/2009 10:53:41 AM - Windows Update
RP3: 11/14/2009 11:08:58 AM - Windows Update
RP4: 11/15/2009 2:40:45 AM - Windows Update
RP5: 11/16/2009 1:03:00 PM - Windows Update

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Agere Systems HDA Modem
Alps Touch Pad Driver
Apple Application Support
Apple Software Update
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CCleaner (remove only)
CustomerResearchQFolder
CyberLink YouCam
D1500
D1500_Help
DeviceDiscovery
DeviceManagementQFolder
Digsby
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
ESET NOD32 Antivirus
eSupportQFolder
FrostWire 4.18.4
GPBaseService
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
ImgBurn
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 16
JMicron Flash Media Controller Driver
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Antimalware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monopoly Here & Now Edition
Mozilla Firefox (3.5.5)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
PSP ISO Compressor
PSSWCORE
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RocketDock 1.3.5
Shop for HP Supplies
Skype web features
Skypeā„¢ 4.1
SmartWebPrintingOC
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
USB Disk Security
VideoToolkit01
VLC media player 1.0.2
WebReg
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

11/9/2009 8:26:38 AM, Error: Service Control Manager [7023] - The CounterSpy Antispyware service terminated with the following error: The class is configured to run as a security id different from the caller
11/9/2009 2:12:04 AM, Error: Service Control Manager [7030] - The CounterSpy Antispyware service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/16/2009 8:12:33 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/14/2009 9:31:32 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
11/14/2009 9:31:04 AM, Error: Service Control Manager [7030] - The Eset Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/14/2009 8:31:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/14/2009 8:31:56 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2009 8:31:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/14/2009 8:03:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
11/14/2009 8:03:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Eset Nod32 Boot service to connect.
11/14/2009 8:03:10 AM, Error: Service Control Manager [7000] - The Eset Nod32 Boot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2009 11:21:26 AM, Error: EventLog [6008] - The previous system shutdown at 11:16:48 AM on 11/12/2009 was unexpected.
11/10/2009 9:55:26 PM, Error: EventLog [6008] - The previous system shutdown at 9:54:25 PM on 11/10/2009 was unexpected.

==== End Of File ===========================

Edited by carsolin, 16 November 2009 - 07:27 AM.


#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 16 November 2009 - 08:20 AM

Hello

Yes there's things left from search13. Let's run Combofix and then we can use CFScript.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
Posted Image

#7 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 17 November 2009 - 01:58 PM

here's the logfile sir. my computer did not restart after running combofix, does that mean it did not detect any infection? and i still have the search13.net hijacker. is it a really powerful infection?

Attached Files



#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 18 November 2009 - 12:27 AM

Hello :(

Please click your Start button then Click on Run and type in the following without the quotes: "notepad" Then copy (Ctrl C) and paste (Ctrl V) the following text in the codebox,
Firefox::
uStart Page = hxxp://www.ask.com?o=14200&l=dis
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.
To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.


Please, send the Panda activescan report, Combofix log and a fresh HijackThis log back here :(
Posted Image

#9 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 21 November 2009 - 08:17 AM

i can't seem to finish the active panda scan, my firefox always crashes even before it reaches 20%. is there anything i can do to stop it from crashing so my system can be scanned completely?

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 21 November 2009 - 08:41 AM

Hello

Please try again using Internet Explorer :(
Posted Image

#11 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 21 November 2009 - 09:38 AM

hi! finally i got the active scan working. here are the logfiles:

Activescan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-21 22:30:00
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@atdmt[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@tribalfusion[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\my world\appdata\roaming\microsoft\windows\cookies\low\my_world@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\my world\appdata\roaming\microsoft\windows\cookies\my_world@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\my world\appdata\roaming\microsoft\windows\cookies\my_world@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\my world\appdata\roaming\microsoft\windows\cookies\my_world@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\low\nestley@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\nestley\appdata\roaming\microsoft\windows\cookies\nestley@zedo[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


end of activescan


ComboFix 09-11-18.01 - My World 11/18/2009 2:39.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1499.741 [GMT 8:00]
Running from: c:\users\My World\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\oem5.inf
c:\windows\system32\oem7.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 18:49 . 2009-11-17 18:49 -------- d-----w- c:\users\Nestley\AppData\Local\temp
2009-11-17 18:49 . 2009-11-17 18:49 -------- d-----w- c:\users\My World\AppData\Local\temp
2009-11-15 14:52 . 2009-11-15 14:52 -------- d-----w- c:\users\My World\AppData\Local\Adobe
2009-11-14 17:10 . 2009-11-14 01:50 8192 d-----w- c:\windows\Panther
2009-11-14 16:56 . 2009-11-14 01:38 -------- d-----w- C:\$WINDOWS.~Q
2009-11-14 16:53 . 2009-11-14 16:55 -------- d-----w- C:\$INPLACE.~TR
2009-11-14 09:51 . 2009-11-14 09:51 -------- d-----w- c:\users\My World\AppData\Local\ElevatedDiagnostics
2009-11-14 03:05 . 2009-11-14 03:05 4096 d-----w- c:\program files\Microsoft Security Essentials
2009-11-14 02:55 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-14 02:53 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-14 02:53 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-14 02:53 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-11-14 02:53 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-14 02:53 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-14 02:53 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-14 02:53 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-14 02:53 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-14 02:53 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-14 02:52 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-14 01:55 . 2009-11-14 01:55 -------- d-----w- c:\users\My World\AppData\Local\Diagnostics
2009-11-14 01:52 . 2009-11-14 01:52 108824 ----a-w- c:\users\My World\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-14 01:14 . 2009-11-14 01:14 -------- d-----w- c:\program files\LSI SoftModem
2009-11-14 01:14 . 2009-11-14 01:14 12288 d-----w- c:\program files\Apoint2K
2009-11-13 15:48 . 2009-11-14 01:28 4096 d-----w- c:\users\My World\PSP
2009-11-12 23:58 . 2009-11-14 01:28 -------- d-----w- c:\users\My World\AppData\Roaming\ImgBurn
2009-11-10 12:32 . 2009-11-10 12:32 0 ----a-w- c:\users\My World\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-11-10 12:20 . 2009-11-11 04:26 -------- d-----w- c:\users\Public\Incomplete
2009-11-10 12:18 . 2009-11-14 01:28 8192 d-----w- c:\users\My World\AppData\Roaming\FrostWire
2009-11-09 00:33 . 2009-11-14 01:28 -------- d-----w- c:\users\My World\AppData\Roaming\Malwarebytes
2009-11-09 00:32 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 00:32 . 2009-11-14 01:20 -------- d-----w- c:\programdata\Malwarebytes
2009-11-09 00:32 . 2009-11-14 01:18 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 00:32 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 18:43 . 2009-11-08 18:43 0 ----a-w- c:\windows\system32\SBRC.dat
2009-11-08 18:08 . 2009-11-14 01:20 -------- d-----w- c:\programdata\Sunbelt
2009-11-08 05:18 . 2009-11-14 01:20 -------- d-----w- c:\programdata\WindowsSearch
2009-11-07 14:08 . 2009-11-14 01:28 -------- d-----w- c:\users\My World\AppData\Local\ESET
2009-11-01 02:50 . 2009-11-14 01:27 4096 d-----w- c:\users\Nestley\AppData\Roaming\vlc
2009-11-01 02:42 . 2009-11-14 01:27 4096 d-----w- c:\users\Nestley\AppData\Local\Microsoft Games
2009-10-26 18:33 . 2009-11-14 01:20 -------- d-----w- c:\programdata\Apple Computer
2009-10-26 18:33 . 2009-11-14 01:19 4096 d-----w- c:\program files\QuickTime
2009-10-26 18:31 . 2009-11-14 01:17 -------- d-----w- c:\program files\Common Files\Apple
2009-10-26 18:29 . 2009-11-14 01:17 4096 d-----w- c:\program files\Apple Software Update
2009-10-26 18:29 . 2009-11-14 01:20 -------- d-----w- c:\programdata\Apple
2009-10-26 18:12 . 2009-11-14 01:20 -------- d-----w- c:\programdata\InstallShield
2009-10-26 18:01 . 2009-11-14 01:19 -------- d-----w- c:\program files\Nokia
2009-10-26 18:01 . 2009-11-14 01:17 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-26 10:57 . 2009-11-13 23:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-26 04:57 . 2009-11-14 16:18 4096 d-----w- c:\users\My World\AppData\Roaming\vlc
2009-10-23 09:19 . 2009-11-14 01:20 -------- d-----w- c:\programdata\CyberLink
2009-10-22 23:43 . 2009-11-14 01:28 -------- d-----w- c:\users\My World\AppData\Local\Microsoft Corporation
2009-10-22 19:43 . 2009-10-22 19:43 168332 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-22 19:41 . 2009-11-14 01:20 -------- d-----w- c:\programdata\Digsby
2009-10-22 19:34 . 2009-11-14 01:28 -------- d-----w- c:\users\My World\AppData\Roaming\Digsby
2009-10-22 19:34 . 2009-11-14 01:28 4096 d-----w- c:\users\My World\AppData\Local\Digsby
2009-10-22 19:32 . 2009-11-14 01:18 -------- d-----w- c:\program files\Digsby
2009-10-22 02:48 . 2009-11-14 01:20 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2009-10-20 02:32 . 2009-11-14 01:28 -------- d-----w- c:\users\My World\AppData\Roaming\HP
2009-10-20 02:26 . 2009-11-14 01:20 -------- d-----w- c:\programdata\WEBREG
2009-10-20 02:01 . 2009-11-14 01:20 -------- d-----w- c:\programdata\HP Product Assistant
2009-10-20 01:57 . 2009-11-14 01:17 -------- d-----w- c:\program files\Common Files\HP
2009-10-20 01:54 . 2009-11-14 01:18 -------- d-----w- c:\program files\HP
2009-10-20 01:49 . 2009-11-14 01:20 -------- d-----w- c:\programdata\Hewlett-Packard
2009-10-20 01:48 . 2007-11-08 14:59 271704 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-20 01:47 . 2007-10-20 10:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2009-10-20 01:42 . 2009-11-14 01:20 4096 d-----w- c:\programdata\HP
2009-10-19 23:08 . 2009-11-14 01:18 -------- d-----w- c:\program files\danny_kay1710

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 15:10 . 2009-10-15 14:41 12288 d-----w- c:\programdata\Microsoft Help
2009-11-14 01:57 . 2009-11-14 01:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-14 01:36 . 2009-11-14 01:36 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-14 01:28 . 2009-10-15 14:09 -------- d-----w- c:\users\My World\AppData\Roaming\Yahoo!
2009-11-14 01:28 . 2009-10-17 14:04 -------- d-----w- c:\users\My World\AppData\Roaming\skypePM
2009-11-14 01:28 . 2009-10-17 13:59 4096 d-----w- c:\users\My World\AppData\Roaming\Skype
2009-11-14 01:28 . 2009-10-15 14:19 12288 d-----w- c:\users\My World\AppData\Roaming\uTorrent
2009-11-14 01:28 . 2009-10-16 01:14 -------- d-----w- c:\users\My World\AppData\Roaming\GameHouse
2009-11-14 01:28 . 2009-10-15 14:37 -------- d-----w- c:\users\My World\AppData\Roaming\InstallShield
2009-11-14 01:19 . 2009-10-17 13:58 -------- d-----r- c:\program files\Skype
2009-11-14 01:19 . 2009-10-16 01:09 -------- d-----w- c:\program files\VideoLAN
2009-11-14 01:19 . 2009-10-15 17:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-14 01:19 . 2009-10-15 16:34 4096 d-----w- c:\program files\USB Disk Security
2009-11-14 01:19 . 2009-10-15 14:19 -------- d-----w- c:\program files\uTorrent
2009-11-14 01:19 . 2009-10-15 13:56 4096 d-----w- c:\program files\RocketDock
2009-11-14 01:19 . 2009-10-15 14:42 -------- d-----w- c:\program files\Realtek
2009-11-14 01:19 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-11-14 01:19 . 2009-10-15 15:11 4096 d-----w- c:\program files\Microsoft Works
2009-11-14 01:19 . 2009-10-15 15:10 -------- d-----w- c:\program files\Microsoft.NET
2009-11-14 01:19 . 2009-10-15 15:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-14 01:18 . 2009-07-14 04:52 4096 d-----w- c:\program files\Microsoft Games
2009-11-14 01:18 . 2009-10-15 14:37 -------- d-----w- c:\program files\JMicron
2009-11-14 01:18 . 2009-10-15 14:42 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 01:18 . 2009-10-15 14:01 -------- d-----w- c:\program files\Java
2009-11-14 01:18 . 2009-10-16 01:42 4096 d-----w- c:\program files\ImgBurn
2009-11-14 01:18 . 2009-10-16 01:14 -------- d-----w- c:\program files\GameHouse
2009-11-14 01:18 . 2009-10-15 14:21 16384 d-----w- c:\program files\FrostWire
2009-11-14 01:18 . 2009-10-15 22:48 -------- d-----w- c:\program files\ESET
2009-11-14 01:18 . 2009-10-15 13:50 -------- d-----w- c:\program files\CyberLink
2009-11-14 01:17 . 2009-10-17 13:58 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 01:17 . 2009-10-16 01:42 -------- d-----w- c:\program files\CCleaner
2009-11-14 01:17 . 2009-10-15 15:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-14 01:17 . 2009-10-15 14:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 01:17 . 2009-10-15 14:37 -------- d-----w- c:\program files\Broadcom
2009-11-14 01:14 . 2009-11-14 01:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-11-14 00:06 . 2009-05-01 19:07 667658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-14 00:06 . 2009-05-01 19:07 123076 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-09 23:49 . 2009-11-09 23:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-09 23:48 . 2009-11-09 23:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-02 12:42 . 2009-10-15 14:50 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 11:10 . 2009-10-26 11:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-17 14:04 . 2009-10-17 14:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-15 22:24 . 2009-10-15 15:37 -------- d-----w- c:\programdata\Kaspersky Lab
2009-10-15 16:28 . 2009-10-15 16:22 -------- d-----w- c:\programdata\WinZip
2009-10-15 14:38 . 2009-10-15 14:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-15 14:36 . 2009-10-15 14:37 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2009-10-15 14:36 . 2009-10-15 14:37 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-10-15 14:36 . 2009-10-15 14:37 3538944 ----a-w- c:\windows\system32\bcmihvui.dll
2009-10-15 14:36 . 2009-10-15 14:37 3858432 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-10-15 14:36 . 2009-10-15 14:37 1880056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-10-15 14:01 . 2009-10-15 14:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 08:56 . 2009-10-15 14:05 872960 ----a-w- c:\users\My World\AppData\Roaming\Mozilla\Firefox\Profiles\0tgisqrh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-10-07 08:56 . 2009-10-15 14:05 43008 ----a-w- c:\users\My World\AppData\Roaming\Mozilla\Firefox\Profiles\0tgisqrh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-10-07 08:56 . 2009-10-15 14:05 340480 ----a-w- c:\users\My World\AppData\Roaming\Mozilla\Firefox\Profiles\0tgisqrh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-10-07 08:55 . 2009-10-15 14:05 346624 ----a-w- c:\users\My World\AppData\Roaming\Mozilla\Firefox\Profiles\0tgisqrh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-12-19 217088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-09-23 815104]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [7/1/2008 9:04 AM 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7/1/2008 9:02 AM 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/9/2009 8:32 AM 269648]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [7/14/2008 4:20 PM 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2/25/2009 1:53 PM 112992]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [11/9/2009 8:32 AM 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14200&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\My World\AppData\Roaming\Mozilla\Firefox\Profiles\0tgisqrh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\My World\AppData\Roaming\Mozilla\Firefox\Profiles\0tgisqrh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-11-18 02:52
ComboFix-quarantined-files.txt 2009-11-17 18:52

Pre-Run: 47,997,472,768 bytes free
Post-Run: 47,550,902,272 bytes free

- - End Of File - - AC16BD7B8B26F86A0F00657794340262


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:30 PM, on 11/21/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\conhost.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\My World\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14200&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5097 bytes

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 21 November 2009 - 09:45 AM

Hello

Combofix and CFscript didn't work properly.
Did you drag CFScript txt file to Combofix?
Posted Image

#13 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 21 November 2009 - 09:48 AM

yes. ok i'll try it again.

#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 AM

Posted 21 November 2009 - 09:49 AM

Ok :(
Posted Image

#15 carsolin

carsolin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 23 November 2009 - 02:43 AM

i tried several times sir but the same logfile is generated from activescan. anyway i was able to explore my browser over the weekend and found out i had expresstab and some other unknown files installed as an add-on, so i decided to uninstall that. the problem is gone now sir. thank you very much for helping me sir!! it was really appreciated!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users