Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezing


  • This topic is locked This topic is locked
14 replies to this topic

#1 julesbas

julesbas

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 18 December 2006 - 10:43 PM

hi guys, i already have account here but i forgot my account name :/

anyway, i have a dell computer (intel celeron processor) with 512 ram and 996 MMz running windows xp home edition version 2002.
For about a week now, my computer has been freezing (I cant move mouse, keyboard not responding, only thing I can do is hold the power button), either when I am just browsing the internet, or when im watching a movie or playing a game (starcraft), it seems to be pretty random, because its happened a few minutes after startup and a few hours after startup.
Its never done this before and I'm wondering if its a hardware problem or a software problem, I've used AVG and ad-aware to check for spyware and viruses but they found nothing, my comp works perfectly other than the fact that it might freeze randomly after a hour or something. I have no graphics card if that is relevant, but I doubt starcraft requires a graphics card, and I often watch videos on media player classic where it has frozen often.
Well, I guess it cant be random, usually after it freezes once if I try to run my comp again it will freeze a lot sooner (a few minutes) than if I give it a break for a few hours and come back (then it will take a hour or something). Also, sometimes windows wont startup at all and it will stay at the dell screen when you first turn on the comp.

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:34:36 PM, on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/02dcb4d3f620309da201/netzip/RdxIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141762260194
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)


PS. idk why there's all that ie stuff, firefox is my main browser

thanks for any possible help u guys can provide me!! :thumbsup:

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 19 December 2006 - 04:02 AM

Hi,

• Re-name HijackThis.exe to kitty.exe by doing the following:
- Navigate to C:\Program Files\HijackThis.exe
- Right-click onto HijackThis.exe and select "Rename"
- Type kitty.exe and hit Enter.

• Now, double-click onto kitty.exe (which is still HijackThis) and post back with the new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 julesbas

julesbas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 20 December 2006 - 01:07 AM

ok done

Logfile of HijackThis v1.99.1
Scan saved at 1:02:23 AM, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\kitty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/02dcb4d3f620309da201/netzip/RdxIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141762260194
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

#4 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 20 December 2006 - 02:02 AM

Looks like you may have a stubborn infection.

• I see that you have no Anti-Virus program ("AV") present on your system. Please install an Anti-Virus program.
Active Virus Shield -or- AntiVirฎ -or- Avast are good FREE Anti-Virus programs.
Never install more than one Anti-Virus scanner on your system! Having more than one AV installed will likely cause your system to become unstable and seriously decrease the reliable detection of any malware.
Let your Anti-Virus perform a full scan, and let it delete everything it finds.

• Then download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Note: Do not mouseclick combofix's window while it is running because it may cause your system to stall/hang.

• Post back with the combofix.txt log and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 julesbas

julesbas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 20 December 2006 - 06:55 PM

ok i did a full scan with Active Virus Shield but it found nothing

heres the combofix log

Valentina Baslyk - 06-12-20 18:45:27.05 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Valentina Baslyk\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-20 to 2006-12-20 ))))))))))))))))))))))))))))))))))


2006-12-20 16:08 <DIR> d-------- C:\Program Files\AOL
2006-12-20 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-12-18 22:33 218,112 --a------ C:\Program Files\kitty.exe
2006-12-18 21:50 5,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\d347prt.sys
2006-12-18 21:50 155,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\d347bus.sys
2006-12-18 21:50 <DIR> d-------- C:\Program Files\D-Tools
2006-12-18 17:48 <DIR> d-------- C:\Documents and Settings\Valentina Baslyk\Application Data\AVG7
2006-12-18 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-16 17:33 967 --a------ C:\WINDOWS\ScUnin.pif
2006-12-16 17:33 94,208 --a------ C:\WINDOWS\ScUnin.exe
2006-12-12 17:23 <DIR> d-------- C:\Program Files\Winamp
2006-12-10 01:34 <DIR> d-------- C:\Program Files\Common Files\Synacast
2006-12-10 01:34 <DIR> d-------- C:\Documents and Settings\Valentina Baslyk\Application Data\PPLive
2006-12-03 15:35 94,208 --a------ C:\WINDOWS\SYSTEM32\GTW32N50.dll
2006-12-03 15:35 32,768 --a------ C:\WINDOWS\SYSTEM32\GTGina.dll
2006-12-03 15:35 245,248 --a------ C:\WINDOWS\SYSTEM32\rt73.sys
2006-12-03 15:35 245,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys
2006-12-03 15:35 20,747 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys
2006-12-03 15:35 17,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bcm42rly.sys
2006-12-03 15:35 17,992 --a------ C:\WINDOWS\SYSTEM32\bcm42rly.sys
2006-12-03 15:35 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-12-03 15:35 15,872 --a------ C:\WINDOWS\SYSTEM32\GTNDIS5.sys
2006-12-03 15:35 <DIR> d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2006-12-03 01:41 577,536 --a------ C:\WINDOWS\SYSTEM32\ANIWZCS2.dll
2006-12-03 01:41 57,407 --a------ C:\WINDOWS\SYSTEM32\ANICtl.dll
2006-12-03 01:41 49,152 --a------ C:\WINDOWS\SYSTEM32\AQCKGen.dll
2006-12-03 01:41 36,864 --a------ C:\WINDOWS\SYSTEM32\ANIOApi.dll
2006-12-03 01:41 28,205 --a------ C:\WINDOWS\SYSTEM32\ANIO.sys
2006-12-03 01:41 217,088 --a------ C:\WINDOWS\SYSTEM32\wlanapi.dll
2006-12-03 01:41 192,512 --a------ C:\WINDOWS\SYSTEM32\aIPH.dll
2006-12-03 01:41 131,072 --a------ C:\WINDOWS\SYSTEM32\WlanApp.dll
2006-12-03 01:41 11,904 --a------ C:\WINDOWS\SYSTEM32\anio4.sys
2006-12-03 01:41 1,163,337 --a------ C:\WINDOWS\SYSTEM32\odSupp_M.dll
2006-12-03 01:41 <DIR> d-------- C:\Program Files\ANI
2006-12-01 02:38 <DIR> d-------- C:\Program Files\GRETECH
2006-11-22 18:53 <DIR> d-------- C:\Documents and Settings\Valentina Baslyk\Application Data\Hamachi
2006-11-22 18:52 16,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys
2006-11-22 18:52 <DIR> d-------- C:\Program Files\Hamachi


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-20 18:43 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-20 16:23 61584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.sys
2006-12-20 16:23 59536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.sys
2006-12-20 01:02 4104 --a------ C:\Program Files\hijackthis.log
2006-12-20 00:58 -------- d-------- C:\Documents and Settings\Valentina Baslyk\Application Data\uTorrent
2006-12-19 23:43 -------- d-------- C:\Program Files\Starcraft
2006-12-17 14:41 -------- d-------- C:\Documents and Settings\Valentina Baslyk\Application Data\Lavasoft
2006-12-16 14:53 -------- d-------- C:\Program Files\Internet Explorer
2006-12-16 14:52 -------- d-------- C:\Program Files\Outlook Express
2006-12-16 14:52 -------- d-------- C:\Program Files\Common Files\System
2006-12-10 01:34 359808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
2006-12-10 01:34 -------- d-------- C:\Program Files\Common Files
2006-12-09 17:23 -------- d-------- C:\Program Files\Windows Media Player
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-12-04 15:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-04 15:43 -------- d-------- C:\Program Files\Microsoft Works
2006-12-03 15:35 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-23 04:18 -------- d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-10 21:08 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-29 14:00 2516 --ahs---- C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2006-09-29 14:00 168 -r-hs---- C:\WINDOWS\SYSTEM32\0CBE105E19.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Le Petit Robert Hyperappel"="C:\\Program Files\\Le Robert\\Le Petit Robert\\prhyper.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DellTouch"="C:\\WINDOWS\\DELLMMKB.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Valentina Baslyk^Start Menu^Programs^Startup^Internet Explorer.lnk]
"path"="C:\\Documents and Settings\\Valentina Baslyk\\Start Menu\\Programs\\Startup\\Internet Explorer.lnk"
"backup"="C:\\WINDOWS\\pss\\Internet Explorer.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\INTERN~1\\iexplore.exe "
"item"="Internet Explorer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Valentina Baslyk^Start Menu^Programs^Startup^Outlook Express.lnk]
"path"="C:\\Documents and Settings\\Valentina Baslyk\\Start Menu\\Programs\\Startup\\Outlook Express.lnk"
"backup"="C:\\WINDOWS\\pss\\Outlook Express.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OUTLOO~1\\msimn.exe "
"item"="Outlook Express"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CookiePatrol"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fwupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\LG DVD Drive\\fwupdate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="opware32"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPControl"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrolCL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPMemCheck"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rcwinHyper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rcwinHyper"
"hkey"="HKCU"
"command"="C:\\Program Files\\Le Robert\\Le Robert & Collins\\rcwinHyper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealJukeboxSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsystray"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Real\\RealJukebox\\tsystray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\LG DVD Drive\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RFX_auto_upgrade]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-20 18:47:46.66
C:\ComboFix.txt ... 06-12-20 18:47


and here's a hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:53:01 PM, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\kitty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/02dcb4d3f620309da201/netzip/RdxIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141762260194
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)


thanks for your help

Edited by julesbas, 20 December 2006 - 06:57 PM.


#6 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 20 December 2006 - 10:25 PM

Hi,

You will need to print these instructions because you will be working in Safe Mode without an Internet connection.

• Please set your system to show all files.
- Go to Start > open My Computer
- Select the Tools menu and click Folder Options.
- Select the View tab and, under Hidden files and folders, select Show hidden files and folders
- Uncheck Hide file extensions for known file types
- Uncheck Hide protected operating system files (Recommended)
- Click Apply, then OK

• Reboot into SAFE MODE.
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.


• Start HijackThis, click System Scan Only and place a checkmark next to the following item:
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/02dcb4d3f620309da201/netzip/RdxIE.cab

Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

• Navigate to and delete the following files if present:
C:\WINDOWS\ScUnin.pif
C:\WINDOWS\ScUnin.exe

• Reboot into Normal Mode.

• Post back with a new HijackThis log. Also, let me know how your computer is running now.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#7 julesbas

julesbas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 December 2006 - 12:01 AM

ok, I did all that and my computer is running good, its frozen once today with the virus program on and it made a loud beeping sound that wouldn't stop until I turned off my comp, but I think it has been freezing less often, and I will post if it freezes again after I did what you said

Edit: Oh it just froze again right after I posted this originally, perhaps it is a overheating problem, because I have put a fan next to my computer (blowing into the computer) , and whenever I turn the fan off, after like 20 mins the comp freezes, its happened after I turn off my fan twice today now. But of course I might be wrong and that might be random so if you still see something wrong with my hijackthis log then it might not be a overheating problem

here's the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:49:40 PM, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\kitty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141762260194
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

Edited by julesbas, 21 December 2006 - 12:16 AM.


#8 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 December 2006 - 11:14 PM

Hi,

Sorry for the delay. For some reason, the forum's site wouldn't load.

• Please download VundoFix.exe and save it to your Desktop.
- Double-click VundoFix.exe to run it
- Click the Scan for Vundo button
- Once it is done scanning, click the Remove Vundo button
- You will receive a prompt asking if you want to remove the files
- Click YES
- Once you click YES, your Desktop will go blank as it starts removing Vundo
- When completed, it will prompt that it will reboot your computer
- Click OK

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, so simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Once VundoFix has completed scanning, please do not run it again.
If you run it more than one time, you will overwrite the original log generated when it was run the first time.

• Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#9 julesbas

julesbas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 December 2006 - 09:06 PM

hi, ok I did all that but it found no vundo


VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 2:25:34 PM 22/12/2006

Listing files found while scanning....

No infected files were found.



Logfile of HijackThis v1.99.1
Scan saved at 9:05:41 PM, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\kitty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141762260194
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

#10 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 23 December 2006 - 05:07 PM

• Perform an onlinescan with Panda Online. Please use this scanner instead of any other scanner! You have to use Internet Explorer for this scan.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component, allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the "See Report" button, then "Save Report" and save it to a convenient location.

• Post back with the results of the Panda scan and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#11 julesbas

julesbas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 24 December 2006 - 05:28 PM

hmm ok I did that and it found some spyware and a suspicious file!

here's the reports

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.overture.com/]


Spyware:Cookie/Sextracker Not disinfected C:\Documents
and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.sextracker.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.paycounter.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[www.burstbeacon.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.anm.co.uk/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.advertising.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.com.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.zedo.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/SpyLog Not disinfected C:\Documents
and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.spylog.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.valueclick.com/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.as-us.falkag.net/]

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.qksrv.net/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.247realmedia.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.ehg.hitbox.com/]

Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.targetnet.com/]

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[adserver.filefront.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.clickbank.net/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.hg1.hitbox.com/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Valentina Baslyk\Application Data\Mozilla\Firefox\Profiles\ccm1i7m4.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and
Settings\Valentina Baslyk\Cookies\valentina baslyk@toplist[1].txt

Possible Virus. Not disinfected C:\Documents and Settings\Valentina Baslyk\My Documents\compact\ta_battle.exe



Logfile of HijackThis v1.99.1
Scan saved at 5:27:28 PM, on 24/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\kitty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141762260194
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)


thanks for all your help!

#12 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 24 December 2006 - 06:31 PM

I'm not seeing anything bad in your log. The file you're referring to from the Panda scan appears to be a music file for a game server. It's in a folder called "contact" which I am not able to know what that is.

If you don't recognize ta_battle.exe, then delete it. Same goes for the "contact" folder.

In Firefox, go to Tools > Options > Privacy Tab. Click Show Cookies > click Remove Cookies. Then set your cookies under Keep Until > select Ask every time. Most cookies you can deny. If you want to accept a cookie, click Allow for Session.

How is your computer running now?
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#13 julesbas

julesbas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 December 2006 - 04:09 PM

ok, my computer is running good now, thanks for you help

#14 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 28 December 2006 - 01:08 AM

Hi,

You're quite welcome.

• If you have not done so, please empty your Recycle Bin.

• Create a new Restore Point:
- Go to Start -> All Programs -> Accessories -> System Tools -> System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

• Delete the old Restore Points:
- Go to Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

Reboot your computer.

• To keep this clean in the future, I would suggest the following things:

• Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

* Avoid illegal sites because that's where most malware is present.
* Don't click on links inside pop-ups. If you should get them, use ALT + F4 to close them.
* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.
* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.

• Let your anti-spyware scanner(s) scan frequently and don't forget to update before scanning.

• I suggest you perform an online virus-scan once in a while (Housecall and/or Bitdefender) because what one virus-scanner can't find, another one maybe can.
Also, make sure that your virus-scanner, the one that is already installed on your system, is always up to date!

• Make sure your Windows has the latest updates by going here.

• More information on how to prevent malware can be found at So how did I get infected in the first place? (by Tony Klein) and Malware Prevention: Prevent Re-infection.

Happy surfing again! :thumbsup:
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#15 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 04 January 2007 - 01:28 PM

Since this issue appears resolved ... this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a new topic.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users