not sure if this is malware but can't open regedit/task manager[RE |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  |
 Mar 3 2008, 11:39 PM
Post
#1
|
|
|
Member  Posts: 54 OS: Windows XP  |
hi guys,
I need help again. I'm not sure if this is malware though but I didn't do anything new with my computer and suddenly the task manager and regedit's not working. I also noticed that some of the folders in windows are "translucent" like it was deleted or something. check with avg anti-spyware and super antispyware, no infections though. this is my hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:28:40 PM, on 3/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SSCVIIHOST.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\SSCVIIHOST.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Documents and Settings\jenn\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe SSCVIIHOST.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSCVIIHOST.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Au...VBAuthentic.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://inotes.pal.com.ph/iNotes6W.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWA...l_v1-0-3-18.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7102 bytes |
 |
 
|
|
Mar 4 2008, 08:40 AM
Post
#2
|
|
 GeekU Mod  Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
Hi there,
Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer. OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. I would like to make sure that you can view hidden files and folders;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please post me an Uninstall List from HijackThis:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Brute Force Uninstaller to your desktop.
Save it in the same folder you made earlier (c:\BFU). Then, please go to Start > My Computer and navigate to the C:\BFU folder.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please read this Combofix tutorial before continuing, then follow the instructions below. Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).
Note: Do not mouseclick combofix's window while its running. That may cause it to stall ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Next, I would like to make sure that you can view hidden files and folders again (The BFU script will have reset these);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ So in your next post, please include:
Regards, RatHat |
|
|
|
and select coolpics.bfu
|
Mar 4 2008, 11:24 AM
Post
#3
|
|
|
Member Posts: 54 OS: Windows XP |
hi RatHat,
Thanks for the fast response! I've done what you've instructed me to do, although I didn't get to do the 1st step (check if I can view hidden files because when I clicked on the Tools Menu, the Folder Options' wasn't there, although after all the stuff you instructed me to do, the Folder Options' there already). By the way, after all the instructions, I tried opening the task manager and regedit and it opened, I closed it after though, didn't do anything with them  One more follow up question, my computer's very slow compare to before, is it because of the malwares? Anyway, here are the hijackthis uninstall list, combofix.txt and fresh hijackthis log. Thanks again! HiJackThis Uninstall List Ad-Aware 2007 Adobe Flash Player Plugin Adobe Reader 8.1.2 Apple Mobile Device Support Apple Software Update AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic Blue's Kindergarten Blue's Reading Time Activities Caribbean Hideaway CCleaner (remove only) Chikka Messenger V4 DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Fairway Solitaire HijackThis 2.0.2 Home Sweet Home iTunes Java™ 6 Update 3 Microsoft .NET Framework 2.0 Mozilla Firefox (2.0.0.12) OpenAL QuickTime SUPERAntiSpyware Free Edition Virtools 3D Life Player Combofix.txt ComboFix 08-03-04.2 - jenn 2008-03-05 0:54:09.4 - NTFSx86 Running from: C:\Documents and Settings\jenn\Desktop\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\autorun.ini . ((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))) . 2008-03-04 17:16 . 2008-03-04 17:16 <DIR> d-------- C:\Program Files\Avira 2008-03-04 17:16 . 2008-03-04 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-04 14:17 . 2008-03-04 20:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-03-04 14:17 . 2008-03-04 14:18 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-03-04 12:35 . 2008-03-04 12:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-02-29 23:53 . 2008-03-04 23:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-29 23:53 . 2008-02-29 23:53 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-20 15:38 . 2008-02-26 10:39 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\CaribbeanHideaway 2008-02-20 15:30 . 2008-02-20 15:33 <DIR> d-------- C:\Program Files\Caribbean Hideaway 2008-02-17 10:12 . 2008-02-17 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grey Alien Games 2008-02-17 10:11 . 2008-02-17 10:12 <DIR> d-------- C:\Program Files\Fairway Solitaire 2008-02-12 09:07 . 2008-02-12 09:07 2,586 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-12 09:07 . 2008-02-12 09:07 0 --a------ C:\WINDOWS\system32\cscript 2008-02-07 23:20 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-07 23:06 . 2008-03-04 14:18 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-07 12:10 . 2008-02-07 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-07 12:09 . 2008-03-01 19:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-07 12:09 . 2008-02-07 12:09 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\SUPERAntiSpyware.com 2008-02-07 12:05 . 2008-02-07 12:05 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\Grisoft 2008-02-07 12:01 . 2008-02-07 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-07 12:01 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-07 00:46 . 2008-02-07 02:23 <DIR> d-------- C:\Documents and Settings\jenn\.housecall6.6 2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\CCleaner 2008-02-07 00:09 . 2008-02-07 00:09 <DIR> d-------- C:\Documents and Settings\beng\Application Data\3M 2008-02-06 23:55 . 2005-03-03 02:09 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-02-06 23:53 . 2008-02-06 23:53 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-06 23:52 . 2008-02-06 23:56 <DIR> d-------- C:\SDFix 2008-02-06 22:30 . 2008-02-06 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-06 22:29 . 2008-02-06 22:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-06 21:27 . 2008-02-06 22:35 <DIR> d-------- C:\Program Files\XoftSpySE 2008-02-06 21:17 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\RogueRemover FREE 2008-02-05 11:40 . 2008-02-05 11:40 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\Home Sweet Home . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-04 06:02 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-04 05:27 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-03-01 07:34 --------- d-----w C:\Documents and Settings\jenn\Application Data\Azureus 2008-02-29 15:48 --------- d-----w C:\Program Files\iTunes 2008-02-29 15:45 --------- d-----w C:\Program Files\iPod 2008-02-29 15:29 --------- d-----w C:\Program Files\QuickTime 2008-02-27 02:19 --------- d-----w C:\Documents and Settings\jenn\Application Data\TransRender 2008-02-24 09:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-09 01:16 --------- d-----w C:\Program Files\SpywareBlaster 2008-02-06 14:31 --------- d-----w C:\Program Files\Lavasoft 2008-02-03 08:11 --------- d-----w C:\Program Files\Home Sweet Home 2008-01-28 08:12 --------- d-----w C:\Program Files\Chikka Messenger 2008-01-23 14:03 --------- d-----w C:\Documents and Settings\jenn\Application Data\PlayFirst 2008-01-23 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-01-10 09:02 --------- d-----w C:\Program Files\Azureus 2007-12-14 03:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-06-14 15:04 63,472 -c--a-w C:\Documents and Settings\jenn\Application Data\GDIPFONTCACHEV1.DAT 2005-12-18 16:24 8 --sh--r C:\WINDOWS\system32\1B2E6AD7A2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-01-07 18:09 46592 C:\WINDOWS\SOUNDMAN.EXE] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 18:50 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] C:\Documents and Settings\jenn\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2003-11-18 22:10:59 233472] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-05-29 01:51:22 113664] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-20 23:17:02 1183744] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 AvSynMgr;AVSync Manager;"C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe" [2002-08-05 07:00] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66446c53-dc22-11dc-bdab-101111111111}] \Shell\AutoRun\command - F:\SSCVIIHOST.exe \Shell\Open\command - F:\SSCVIIHOST.exe *Newly Created Service* - SSMDRV . Contents of the 'Scheduled Tasks' folder "2008-02-29 11:22:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-05 01:00:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-05 1:05:06 ComboFix-quarantined-files.txt 2008-03-04 17:05:01 ComboFix2.txt 2008-02-14 08:12:18 ComboFix3.txt 2008-02-14 07:58:01 ComboFix4.txt 2008-02-12 16:31:00 HiJackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:17:30 AM, on 3/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\jenn\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Au...VBAuthentic.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://inotes.pal.com.ph/iNotes6W.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWA...l_v1-0-3-18.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7820 bytes |
|
|
|
|
Mar 4 2008, 05:05 PM
Post
#4
|
|
|
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
Hi Jenn,
Things are looking a lot better! QUOTE One more follow up question, my computer's very slow compare to before, is it because of the malwares? Probably, so we will see if we can speed things up a bit later.OK, please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan. Click the Accept button. You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Scan Mail Bases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Finally, please download Deckard's System Scanner (DSS) and save it to your Desktop.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OK, in your next post, please include:
And let me know if your speed has improved at all. Regards, RatHat |
|
|
|
|
Mar 5 2008, 12:56 AM
Post
#5
|
|
|
Member Posts: 54 OS: Windows XP |
hi again RatHat,
so far, it's still more or less the same speed as before I did these instructios. Also, I noticed that I can't use the standard view of my google mail and the geekstogo forum looks "text based" now. here are the logs and reports: MBAM Report: Malwarebytes' Anti-Malware 1.05 Database version: 451 Scan type: Quick Scan Objects scanned: 29172 Time elapsed: 5 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kaspersky log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 05, 2008 1:52:42 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/03/2008 Kaspersky Anti-Virus database records: 597488 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 122593 Number of viruses found: 4 Number of infected objects: 13 Number of suspicious objects: 0 Duration of the scan process: 02:27:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\jenn\Application Data\3M\PSNotes\PSNData Object is locked skipped C:\Documents and Settings\jenn\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\cert8.db Object is locked skipped C:\Documents and Settings\jenn\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\history.dat Object is locked skipped C:\Documents and Settings\jenn\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\key3.db Object is locked skipped C:\Documents and Settings\jenn\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\parent.lock Object is locked skipped C:\Documents and Settings\jenn\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\search.sqlite Object is locked skipped C:\Documents and Settings\jenn\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\jenn\Cookies\index.dat Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Application Data\Mozilla\Firefox\Profiles\cs0jrqez.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\jenn\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\jenn\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Temp\~DF1A1C.tmp Object is locked skipped C:\Documents and Settings\jenn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\jenn\NTUSER.DAT Object is locked skipped C:\Documents and Settings\jenn\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\QooBox\Quarantine\C\Program Files\Internet Explorer\svchost.exe.vir Infected: Trojan-Downloader.Win32.Delf.emo skipped C:\QooBox\Quarantine\C\WINDOWS\system32\autorun.ini.vir Infected: Trojan.Win32.AutoRun.a skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP927\A0218527.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP927\A0218541.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP927\A0218657.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP928\A0219663.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP929\A0219670.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP929\A0219678.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP929\A0219681.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP929\A0219683.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP929\A0219684.exe Infected: Trojan-Downloader.Win32.AutoIt.aa skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP930\A0219697.ini Infected: Trojan.Win32.AutoRun.a skipped C:\System Volume Information\_restore{71768B5E-383B-4067-A205-C82E78DF6572}\RP930\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. DSS (main.txt): Deckard's System Scanner v20071014.68 Run by jenn on 2008-03-05 14:14:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 10: 2008-03-05 06:14:51 UTC - RP931 - Deckard's System Scanner Restore Point 9: 2008-03-04 16:53:36 UTC - RP930 - ComboFix created restore point 8: 2008-03-04 09:15:58 UTC - RP929 - AntiVir PersonalEdition Classic - 3/4/2008 17:14 7: 2008-03-04 05:55:26 UTC - RP928 - Installed Adobe Reader 8.1.2 6: 2008-03-02 13:12:42 UTC - RP927 - System Checkpoint -- First Restore Point -- 1: 2008-02-24 06:26:18 UTC - RP922 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 256 MiB (512 MiB recommended). -- HijackThis (run as jenn.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:16:24 PM, on 3/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Documents and Settings\jenn\Desktop\dss.exe C:\DOCUME~1\jenn\Desktop\jenn.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Au...VBAuthentic.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://inotes.pal.com.ph/iNotes6W.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWA...l_v1-0-3-18.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7995 bytes -- File Associations ----------------------------------------------------------- .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2 .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" .txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©> R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 StarOpen - c:\windows\system32\drivers\staropen.sys R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver> R2 ScFBPNT3 (CanoScan FBP3 Port Driver) - c:\windows\system32\drivers\scfbpnt3.sys R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver> R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> S1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing) S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing) S3 GMSIPCI - d:\install\gmsipci.sys (file missing) S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing) S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 AvSynMgr (AVSync Manager) - "c:\program files\mcafee\mcafee virusscan\avsynmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Home Edition> R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-02-29 19:22:40 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-02-05 and 2008-03-05 ----------------------------- 2008-03-05 09:46:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-05 09:46:23 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-05 09:46:18 0 d-------- C:\WINDOWS\LastGood 2008-03-05 09:18:25 0 d-------- C:\Documents and Settings\jenn\Application Data\Malwarebytes 2008-03-05 09:18:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-05 09:18:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-05 00:25:51 0 d-------- C:\bfu 2008-03-04 17:16:41 0 d-------- C:\Program Files\Avira 2008-03-04 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-04 14:17:28 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-03-04 14:01:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-03-04 13:12:07 0 dr-h----- C:\Documents and Settings\jenn\Recent 2008-03-04 12:35:23 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-02-20 15:38:36 0 d-------- C:\Documents and Settings\jenn\Application Data\CaribbeanHideaway 2008-02-20 15:30:07 0 d-------- C:\Program Files\Caribbean Hideaway 2008-02-17 10:12:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Grey Alien Games 2008-02-17 10:11:23 0 d-------- C:\Program Files\Fairway Solitaire 2008-02-13 00:19:48 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-13 00:19:48 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-13 00:19:48 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-13 00:19:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-12 09:07:42 0 --a------ C:\WINDOWS\system32\cscript 2008-02-12 09:07:41 2586 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-07 23:20:22 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-02-07 12:10:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-07 12:09:48 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-02-07 12:09:48 0 d-------- C:\Documents and Settings\jenn\Application Data\SUPERAntiSpyware.com 2008-02-07 12:05:15 0 d-------- C:\Documents and Settings\jenn\Application Data\Grisoft 2008-02-07 12:01:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-07 00:46:00 0 d-------- C:\Documents and Settings\jenn\.housecall6.6 2008-02-07 00:28:36 0 d-------- C:\Program Files\CCleaner 2008-02-07 00:12:09 0 d-------- C:\Documents and Settings\beng\Application Data\Mozilla 2008-02-07 00:09:03 0 d-------- C:\Documents and Settings\beng\Application Data\3M 2008-02-06 23:53:54 0 d-------- C:\WINDOWS\ERUNT 2008-02-06 23:09:34 0 d--hs---- C:\WINDOWS\CSC 2008-02-06 22:30:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-06 22:29:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-06 21:27:49 0 d-------- C:\Program Files\XoftSpySE 2008-02-06 21:17:55 0 d-------- C:\Program Files\RogueRemover FREE 2008-02-05 11:40:20 0 d-------- C:\Documents and Settings\jenn\Application Data\Home Sweet Home -- Find3M Report --------------------------------------------------------------- 2008-03-04 14:30:46 0 d-------- C:\Documents and Settings\jenn\Application Data\Adobe 2008-03-04 14:02:07 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-01 15:34:31 0 d-------- C:\Documents and Settings\jenn\Application Data\Azureus 2008-02-29 23:48:20 0 d-------- C:\Program Files\iTunes 2008-02-29 23:45:51 0 d-------- C:\Program Files\iPod 2008-02-29 23:29:33 0 d-------- C:\Program Files\QuickTime 2008-02-27 10:19:26 0 d-------- C:\Documents and Settings\jenn\Application Data\TransRender 2008-02-09 09:16:14 0 d-------- C:\Program Files\SpywareBlaster 2008-02-06 22:31:00 0 d-------- C:\Program Files\Lavasoft 2008-02-06 22:29:58 0 d-------- C:\Program Files\Common Files 2008-02-03 16:11:15 0 d-------- C:\Program Files\Home Sweet Home 2008-01-28 16:12:24 0 d-------- C:\Program Files\Chikka Messenger 2008-01-23 22:03:13 0 d-------- C:\Documents and Settings\jenn\Application Data\PlayFirst 2008-01-10 17:02:43 0 d-------- C:\Program Files\Azureus 2007-12-12 03:46:02 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-12-12 03:44:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-12-12 03:44:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-12-12 03:44:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-12-12 03:44:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-12 03:44:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-12 03:44:18 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-12 03:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [01/07/2003 06:09 PM C:\WINDOWS\SOUNDMAN.EXE] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [07/09/2001 06:50 PM] "BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM] "nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08/31/2007 12:25 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/11/2007 06:16 PM] C:\Documents and Settings\jenn\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [11/18/2003 10:10:59 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/29/2003 1:51:22 AM] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [7/20/2006 11:17:02 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [10/15/2004 2:26:54 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66446c53-dc22-11dc-bdab-101111111111}] AutoRun\command- F:\SSCVIIHOST.exe Open\command- F:\SSCVIIHOST.exe -- End of Deckard's System Scanner: finished at 2008-03-05 14:17:20 ------------ DSS (extra.txt): Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon™ XP 1800+ Percentage of Memory in Use: 70% Physical Memory (total/avail): 255.48 MiB / 75.03 MiB Pagefile Memory (total/avail): 1003.58 MiB / 667.3 MiB Virtual Memory (total/avail): 2047.88 MiB / 1949.04 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 74.52 GiB total, 10.96 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. AntivirusOverride is set. AV: Avira AntiVir PersonalEdition v 7.0.0.2 (Avira GmbH) Disabled Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\jenn\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=JENNOLI-PC1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\jenn LOGONSERVER=\\JENNOLI-PC1 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0801 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\jenn\LOCALS~1\Temp TMP=C:\DOCUME~1\jenn\LOCALS~1\Temp USERDOMAIN=JENNOLI-PC1 USERNAME=jenn USERPROFILE=C:\Documents and Settings\jenn windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- jenn (admin) beng (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Blue's Kindergarten --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Infogrames Interactive\Blue's Kindergarten\DeIsL1.isu" Blue's Reading Time Activities --> C:\WINDOWS\IsUninst.exe -f"C:\HEGames\Blue's Reading Time Activities\Uninst.isu" Caribbean Hideaway --> "C:\Program Files\Caribbean Hideaway\ReflexiveArcade\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Chikka Messenger V4 --> C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Fairway Solitaire --> "C:\Program Files\Fairway Solitaire\ReflexiveArcade\unins000.exe" HijackThis 2.0.2 --> "C:\Documents and Settings\jenn\Desktop\HijackThis.exe" /uninstall Home Sweet Home --> "C:\WINDOWS\Home Sweet Home\uninstall.exe" "/U:C:\Program Files\Home Sweet Home\Uninstall\uninstall.xml" iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u -- Application Event Log ------------------------------------------------------- No Errors/Warnings found. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type106099 / Error Event Submitted/Written: 03/05/2008 09:31:40 AM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event Record #/Type106098 / Error Event Submitted/Written: 03/05/2008 09:31:40 AM Event ID/Source: 17 / W32Time Event Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Event Record #/Type106090 / Error Event Submitted/Written: 03/05/2008 09:03:21 AM Event ID/Source: 30013 / ipnathlp Event Description: The DHCP allocator has disabled itself on IP address 169.254.109.4, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope. Event Record #/Type106078 / Error Event Submitted/Written: 03/05/2008 09:02:11 AM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: Cdr4_2K Event Record #/Type106076 / Warning Event Submitted/Written: 03/05/2008 09:01:01 AM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 00304F21A02E. The IP address being used is 169.254.109.4. -- End of Deckard's System Scanner: finished at 2008-03-05 14:17:20 ------------ |
|
|
|
|
Mar 5 2008, 05:06 AM
Post
#6
|
|
|
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
Hey Jenn,
If you are having problems with the way Firefox displays the pages on some sites, try hitting Ctrl and F5 at the same time. This should refresh the page to the correct state. 1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE File:: C:\WINDOWS\system32\sed.exe C:\WINDOWS\system32\grep.exe Folder:: C:\Program Files\Azureus Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66446c53-dc22-11dc-bdab-101111111111}] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"=- 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.  5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Regards, RatHat |
|
|
|
|
Mar 5 2008, 06:52 AM
Post
#7
|
|
|
Member Posts: 54 OS: Windows XP |
hi,
I tried the Ctrl-F5 on Firefox but it's still the same. anyway, when I restarted the computer after combofix, there was an error about viruscan not turned on (I can't remember the exact words, sorry  ).here's the combofix and hijackthis logs: combofix ComboFix 08-03-04.2 - jenn 2008-03-05 19:22:03.5 - NTFSx86 Running from: C:\Documents and Settings\jenn\Desktop\Combo-Fix.exe Command switches used :: C:\Documents and Settings\jenn\Desktop\rat_hat\stage 2\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\grep.exe C:\WINDOWS\system32\sed.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Azureus C:\Program Files\Azureus\.install4j\_shfoldr.dll C:\Program Files\Azureus\.install4j\autoUninstall.0 C:\Program Files\Azureus\.install4j\files.log C:\Program Files\Azureus\.install4j\i4j_extf_0_5p83tu.utf8 C:\Program Files\Azureus\.install4j\i4j_extf_1_5p83tu_jhp9vg.png C:\Program Files\Azureus\.install4j\i4j_extf_2_5p83tu.txt C:\Program Files\Azureus\.install4j\i4j_extf_3_5p83tu_1kde336.ico C:\Program Files\Azureus\.install4j\i4j_extf_4_5p83tu_62t8mu.icns C:\Program Files\Azureus\.install4j\i4jdel.exe C:\Program Files\Azureus\.install4j\i4jinst.dll C:\Program Files\Azureus\.install4j\i4jparams.conf C:\Program Files\Azureus\.install4j\i4jruntime.jar C:\Program Files\Azureus\.install4j\inst_jre.cfg C:\Program Files\Azureus\.install4j\install.prop C:\Program Files\Azureus\.install4j\installation.log C:\Program Files\Azureus\.install4j\installer.png C:\Program Files\Azureus\.install4j\installerHeader.png C:\Program Files\Azureus\.install4j\MessagesDefault C:\Program Files\Azureus\.install4j\response.varfile C:\Program Files\Azureus\.install4j\unicows.dll C:\Program Files\Azureus\.install4j\uninstallerHeader.png C:\Program Files\Azureus\.install4j\user.jar C:\Program Files\Azureus\aereg.dll C:\Program Files\Azureus\Azureus.exe C:\Program Files\Azureus\Azureus.exe.manifest C:\Program Files\Azureus\Azureus2.jar C:\Program Files\Azureus\AzureusUpdater.exe C:\Program Files\Azureus\ChangeLog.txt C:\Program Files\Azureus\javaw.exe.manifest C:\Program Files\Azureus\License.txt C:\Program Files\Azureus\plugins\azplugins\azplugins_1.9.1.jar C:\Program Files\Azureus\plugins\azplugins\azplugins_2.0.jar C:\Program Files\Azureus\plugins\azplugins\azplugins_2.1.1.jar C:\Program Files\Azureus\plugins\azplugins\azplugins_2.1.4.jar C:\Program Files\Azureus\plugins\azrating\azrating_1.3.1.jar C:\Program Files\Azureus\plugins\azrating\azrating_1.3.jar C:\Program Files\Azureus\plugins\azupdater\azupdater_1.8.5.zip C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.5.jar C:\Program Files\Azureus\plugins\azupdater\plugin.properties C:\Program Files\Azureus\plugins\azupdater\plugin.properties_1.8.5 C:\Program Files\Azureus\plugins\azupdater\Updater.jar C:\Program Files\Azureus\plugins\azupdater\Updater.jar.bak C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.2.jar C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.6.jar C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.6.zip C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip C:\Program Files\Azureus\plugins\azupnpav\plugin.properties C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.1.6 C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.1.7 C:\Program Files\Azureus\swt-about.html C:\Program Files\Azureus\swt-awt-win32-3139.dll C:\Program Files\Azureus\swt-awt-win32-3232.dll C:\Program Files\Azureus\swt-awt-win32-3318.dll C:\Program Files\Azureus\swt-gdip-win32-3139.dll C:\Program Files\Azureus\swt-gdip-win32-3232.dll C:\Program Files\Azureus\swt-gdip-win32-3318.dll C:\Program Files\Azureus\swt-wgl-win32-3232.dll C:\Program Files\Azureus\swt-wgl-win32-3318.dll C:\Program Files\Azureus\swt-win32-3139.dll C:\Program Files\Azureus\swt-win32-3232.dll C:\Program Files\Azureus\swt-win32-3318.dll C:\Program Files\Azureus\swt.jar C:\Program Files\Azureus\uninstall.exe C:\WINDOWS\system32\grep.exe C:\WINDOWS\system32\sed.exe . ((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))) . 2008-03-05 14:14 . 2008-03-05 14:14 <DIR> d-------- C:\Deckard 2008-03-05 09:46 . 2008-03-05 09:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-05 09:46 . 2008-03-05 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-05 09:18 . 2008-03-05 09:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-05 09:18 . 2008-03-05 09:18 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\Malwarebytes 2008-03-05 09:18 . 2008-03-05 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-04 17:16 . 2008-03-04 17:16 <DIR> d-------- C:\Program Files\Avira 2008-03-04 17:16 . 2008-03-04 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-04 14:17 . 2008-03-04 20:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-03-04 14:17 . 2008-03-04 14:18 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-03-04 12:35 . 2008-03-04 12:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-02-29 23:53 . 2008-03-05 14:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-29 23:53 . 2008-02-29 23:53 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-20 15:38 . 2008-02-26 10:39 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\CaribbeanHideaway 2008-02-20 15:30 . 2008-02-20 15:33 <DIR> d-------- C:\Program Files\Caribbean Hideaway 2008-02-17 10:12 . 2008-02-17 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grey Alien Games 2008-02-17 10:11 . 2008-02-17 10:12 <DIR> d-------- C:\Program Files\Fairway Solitaire 2008-02-12 09:07 . 2008-02-12 09:07 2,586 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-12 09:07 . 2008-02-12 09:07 0 --a------ C:\WINDOWS\system32\cscript 2008-02-07 23:20 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-07 23:06 . 2008-03-04 14:18 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-07 12:10 . 2008-02-07 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-07 12:09 . 2008-03-01 19:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-07 12:09 . 2008-02-07 12:09 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\SUPERAntiSpyware.com 2008-02-07 12:05 . 2008-02-07 12:05 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\Grisoft 2008-02-07 12:01 . 2008-02-07 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-07 12:01 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-07 00:46 . 2008-02-07 02:23 <DIR> d-------- C:\Documents and Settings\jenn\.housecall6.6 2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\CCleaner 2008-02-07 00:09 . 2008-02-07 00:09 <DIR> d-------- C:\Documents and Settings\beng\Application Data\3M 2008-02-06 23:55 . 2005-03-03 02:09 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-02-06 23:53 . 2008-02-06 23:53 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-06 23:52 . 2008-02-06 23:56 <DIR> d-------- C:\SDFix 2008-02-06 22:30 . 2008-02-06 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-06 22:29 . 2008-02-06 22:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-06 21:27 . 2008-02-06 22:35 <DIR> d-------- C:\Program Files\XoftSpySE 2008-02-06 21:17 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\RogueRemover FREE 2008-02-05 11:40 . 2008-02-05 11:40 <DIR> d-------- C:\Documents and Settings\jenn\Application Data\Home Sweet Home . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 09:58 --------- d-----w C:\Documents and Settings\jenn\Application Data\Azureus 2008-03-04 06:02 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-04 05:27 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-02-29 15:48 --------- d-----w C:\Program Files\iTunes 2008-02-29 15:45 --------- d-----w C:\Program Files\iPod 2008-02-29 15:29 --------- d-----w C:\Program Files\QuickTime 2008-02-27 02:19 --------- d-----w C:\Documents and Settings\jenn\Application Data\TransRender 2008-02-24 09:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-09 01:16 --------- d-----w C:\Program Files\SpywareBlaster 2008-02-06 14:31 --------- d-----w C:\Program Files\Lavasoft 2008-02-03 08:11 --------- d-----w C:\Program Files\Home Sweet Home 2008-01-28 08:12 --------- d-----w C:\Program Files\Chikka Messenger 2008-01-23 14:03 --------- d-----w C:\Documents and Settings\jenn\Application Data\PlayFirst 2008-01-23 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-12-14 03:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-06-14 15:04 63,472 -c--a-w C:\Documents and Settings\jenn\Application Data\GDIPFONTCACHEV1.DAT 2005-12-18 16:24 8 --sh--r C:\WINDOWS\system32\1B2E6AD7A2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-01-07 18:09 46592 C:\WINDOWS\SOUNDMAN.EXE] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 18:50 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-05 17:24 249896] C:\Documents and Settings\jenn\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2003-11-18 22:10:59 233472] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-05-29 01:51:22 113664] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-20 23:17:02 1183744] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 AvSynMgr;AVSync Manager;"C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe" [2002-08-05 07:00] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41] . Contents of the 'Scheduled Tasks' folder "2008-02-29 11:22:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-05 19:29:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-05 19:34:29 ComboFix-quarantined-files.txt 2008-03-05 11:34:24 ComboFix2.txt 2008-03-04 17:05:07 ComboFix3.txt 2008-02-14 08:12:18 ComboFix4.txt 2008-02-14 07:58:01 ComboFix5.txt 2008-02-12 16:31:00 hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:49:46 PM, on 3/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\jenn\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Au...VBAuthentic.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://inotes.pal.com.ph/iNotes6W.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWA...l_v1-0-3-18.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{83F8C38A-CC38-494B-A4ED-056422F9B193}: NameServer = 58.69.254.78 58.69.254.80 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8011 bytes |
|
|
|
|
Mar 5 2008, 08:26 AM
Post
#8
|
|
|
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
Could you upload a file to Jotti for me:
Please go to Jotti's malware scan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Try using the Ctrl pls F5 method to refresh pages a couple more times on pages that are not showing properly in Firefox, this should fix the problem. If not, we may have to reinstall Firefox. Now DSS shows that Avira AntiVir PersonalEdition v 7.0.0.2 has been disabled and is outdated. So please open Avira and ensure that all options are enabled, then ensure it downloads the latest definitions. Regards, RatHat |
|
|
|
|
Mar 5 2008, 08:39 AM
Post
#9
|
|
|
Member Posts: 54 OS: Windows XP |
hi again,
the firefox's ok already, it's back to normal, thanks here's the jotti.txt Service load: 0% 100% File: 1B2E6AD7A2.dll Status: OK MD5: 30d5858eefb0b40b95b9a0d12f8e6837 Packers detected: - Bit9 reports: Not analyzed yet (more info) Scanner results Scan taken on 05 Mar 2008 14:32:52 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
Mar 5 2008, 09:30 AM
Post
#10
|
|
|
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
Hey there,
OK! Well done, your log is clean again!  Now lets uninstall Combofix and have a bit of a cleanup:
The above procedure will do the following:
Please delete any logs or other files we have used during the fixing of your machine. OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically. Automatic Updates for Windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer. It is most important that you also uninstall older versions of Java.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month. Anti Spyware
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system. Personal Firewalls
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN): Instant Messengers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer. Temp File Cleaners
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I will keep this log open for the next couple of days, so if you have any further problems post another reply here. OK, all the best, and stay safe! Best regards, RatHat |
|
|
|
|
Mar 6 2008, 11:13 AM
Post
#11
|
|
|
Member Posts: 54 OS: Windows XP |
hi rathat,
been working on some stuff for my son since yesterday, I haven't done what you've instructed, I'll be able to do it tom, I'll report everything after I've done your instructions. have my fingers crossed that everything's gonna be okay. thanks again for all your help.
|
|
|
|
|
Mar 6 2008, 11:41 AM
Post
#12
|
|
|
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
Hi Jenn,
I will keep this log open until you have confirmed that all is OK, so no worries about having to work on your sons stuff first. Regards, RatHat |
|
|
|
|
Mar 8 2008, 04:22 AM
Post
#13
|
|
|
Member Posts: 54 OS: Windows XP |
hi rathat,
finally finished all your intructions. I've installed spywareblaster, spywareguard, search and destroy and adaware will take note of your recommendations and here's to a clean computer from now on. thank you and geekstogo!
|
|
|
|
|
Mar 8 2008, 04:29 AM
Post
#14
|
|
|
Member Posts: 54 OS: Windows XP |
oh, and also comodo firewall. thanks again
|
|
|
|
|
Mar 8 2008, 05:08 AM
Post
#15
|
|
|
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate |
You are welcome Jenn! I'm glad we could help
Regards, RatHat |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
0 / 251 | 28th December 2006 - 08:46 AM jmayhugh started - last by jmayhugh |
|||||
|
1 / 215 | 18th April 2009 - 08:34 PM Coots23 started - last by rshaffer61 |
|||||
|
1 / 339 | 15th June 2009 - 09:39 AM KaiKaiHenry started - last by sari |
|||||
|
1 / 141 | 16th August 2009 - 01:43 AM BethErin started - last by rshaffer61 |
|||||
|
Time is now: 8th November 2009 - 12:57 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising