Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ATF can't get report [RESOLVED]

Started by MAA58 , Jan 30 2008 07:49 AM

  • This topic is locked This topic is locked

#1
MAA58
Posted 30 January 2008 - 07:49 AM

MAA58

    Member

  • Member
  • PipPip
  • 29 posts
I am infected with win32.netsky and before sending the hijack this i've been attempting to do the pre scans. it hasn't been easy! before i move on to the next instructions, i had hoped to successfully complete the ATF cleaner. i run it in safe mode. it shows two cookies and a rootkit.small. it deletes them. they do not show up in quarantine and no report is available and they are back if i scan again. should i just move on?
  • 0

Advertisements

#2
loophole
Posted 30 January 2008 - 08:08 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi there :)

Go ahead and post a Hijack log and do the following

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
MAA58
Posted 30 January 2008 - 08:31 AM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
i apologize, i got the letters wrong. i meant that i couldn't get an AVG report. i've not done a windows update or any of the things past the AVG. do you still want me to run hijackthis?

Also, i'm a novice and don't know how to find out what is running on my computer or how to turn it off. i'm on a home network. i have norton antivirus. i have aol which may be running macafee but i'm not sure. plus whatever is running from the "before you send the hijackthis report" instructions.

i am currently using a laptop to communicate with you and sitting next to the infected computer which is very slow and loaded with popups. i shut it down last night after running AVG twice and getting no report. should i start it in safe mode or normal?
  • 0

#4
MAA58
Posted 30 January 2008 - 09:15 AM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
one more thing...if you want me to update windows first, i have the SP2? should i update automatically or should i go to the windows site. should i update the sp2 or the sp1a? my computer has informed me that there ae updates to install.
  • 0

#5
loophole
Posted 30 January 2008 - 09:18 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :)

Lets start with this, so I can see exactly whats going on, and take it from there

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#6
MAA58
Posted 30 January 2008 - 09:42 AM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you for your help. :) Here is my Hijackthis log. I;m always so careful about what I open or download but unfortunately my kids still don't get it. After this, I'll be sure they do though!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:23 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\dlcfcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1190234924\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SXG Advisor - {8FC29A8D-F29D-477E-B428-0F942E23A960} - C:\WINDOWS\dpvtporfgp.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: The elfwgps - {27A4FA11-A0B1-4AB7-9A78-BD411FDEAA0D} - C:\WINDOWS\elfwgps.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190234924\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bqxomdo - {A45B4858-241E-4B3A-998C-B8F55D62CE1B} - C:\WINDOWS\bqxomdo.dll
O21 - SSODL: aswmklt - {825480E9-66A1-4F37-9EE1-6E4ED64544FD} - C:\WINDOWS\aswmklt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlcf_device - - C:\WINDOWS\System32\dlcfcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11594 bytes
  • 0

#7
loophole
Posted 30 January 2008 - 09:52 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Good,

This shouldnt take but a few post so lets get going :) You can ignore the part about disabling the AV and anti spyware

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#8
MAA58
Posted 30 January 2008 - 10:18 AM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Back Again. That's good news! :)

completed combofix. screen is now white and plain instead of red with warnings. there were three shields that were supposedly links to protection sites that are now gone. here is my combofix log:

ComboFix 08-01-30.6 - Drew Angus 2008-01-30 11:00:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00]
Running from: C:\Documents and Settings\Drew Angus\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Drew Angus\Desktop\Error Cleaner.url
C:\Documents and Settings\Drew Angus\Desktop\Privacy Protector.url
C:\Documents and Settings\Drew Angus\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Drew Angus\Favorites\Error Cleaner.url
C:\Documents and Settings\Drew Angus\Favorites\Privacy Protector.url
C:\Documents and Settings\Drew Angus\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 10:32 . 2008-01-30 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-29 20:18 . 2008-01-29 20:18 <DIR> d--hs---- C:\found.000
2008-01-29 20:06 . 2008-01-29 20:06 <DIR> d-------- C:\Documents and Settings\Drew Angus\Application Data\Grisoft
2008-01-29 20:05 . 2008-01-29 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-29 20:05 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-24 16:12 . 2008-01-24 14:50 307,200 --a------ C:\WINDOWS\dpvtporfgp.dll
2008-01-24 16:12 . 2008-01-24 14:50 307,200 --a------ C:\WINDOWS\bqxomdo.dll
2008-01-24 16:12 . 2008-01-24 14:50 217,088 --a------ C:\WINDOWS\aswmklt.dll
2008-01-24 16:12 . 2008-01-24 14:50 172,032 --a------ C:\WINDOWS\elfwgps.dll
2008-01-24 16:12 . 2008-01-24 14:50 81,920 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-20 15:57 . 2008-01-20 16:38 <DIR> d-------- C:\Program Files\Project64 1.6
2008-01-19 21:27 . 2008-01-19 21:27 <DIR> d-------- C:\Program Files\DivX
2008-01-17 15:28 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-17 15:28 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-17 15:28 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-17 15:27 . 2008-01-17 15:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-17 15:24 . 2008-01-17 15:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-17 15:24 . 2008-01-17 15:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-12 22:12 . 2008-01-12 22:12 <DIR> d-------- C:\Documents and Settings\Drew Angus\Application Data\dvdcss
2008-01-09 17:00 . 2008-01-09 17:00 <DIR> d-------- C:\Program Files\FolderShare
2007-12-24 21:09 . 2007-12-27 15:35 <DIR> d-------- C:\DOOMS
2007-12-23 14:42 . 2007-12-23 14:43 <DIR> d-------- C:\Program Files\iTunes
2007-12-23 14:42 . 2007-12-23 14:42 <DIR> d-------- C:\Program Files\iPod
2007-12-23 14:35 . 2007-12-23 14:35 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-14 17:48 . 2007-12-14 17:48 <DIR> d-------- C:\Program Files\BitPim
2007-12-14 17:33 . 2007-12-14 17:33 <DIR> d-------- C:\Documents and Settings\Drew Angus\.thumbnails
2007-12-14 17:30 . 2007-12-14 17:30 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-12-14 17:30 . 2008-01-17 17:51 <DIR> d-------- C:\Documents and Settings\Drew Angus\.gimp-2.4
2007-12-14 16:53 . 2008-01-24 15:16 <DIR> d-------- C:\Program Files\Avanquest update
2007-12-14 16:52 . 2007-12-14 16:59 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-12-14 16:52 . 2007-12-14 16:52 <DIR> d-------- C:\Documents and Settings\Drew Angus\Application Data\InstallShield
2007-12-14 16:52 . 2007-12-14 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-14 16:36 . 2007-12-14 16:36 <DIR> d-------- C:\Program Files\WIBUKEY
2007-12-14 16:36 . 2007-12-14 16:36 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2007-12-14 16:36 . 2001-12-27 10:59 716,800 --a------ C:\WINDOWS\system32\Wibuke32.cpl
2007-12-14 16:36 . 2001-12-27 10:59 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-12-14 16:36 . 2004-03-08 10:18 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-12-14 16:36 . 2001-12-27 10:59 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-12-14 16:36 . 2001-12-27 10:59 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-12-14 16:36 . 2001-12-27 10:59 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-12-14 16:36 . 2004-03-01 18:53 37,760 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-12-14 16:36 . 2001-12-27 10:59 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-12-14 16:35 . 2007-12-15 04:14 <DIR> d-------- C:\Program Files\Motorola
2007-12-14 16:25 . 2007-12-14 16:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-14 16:25 . 2007-12-14 16:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-14 16:24 . 2006-11-13 15:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-14 16:24 . 2006-12-14 11:27 40,832 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-12-14 16:24 . 2007-04-02 22:13 21,632 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-12-14 16:22 . 2007-12-14 16:22 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-07 18:36 . 2007-12-07 18:42 <DIR> d-------- C:\Program Files\Cheat Engine
2007-12-07 18:36 . 2005-09-03 23:48 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-12-07 18:36 . 2005-09-03 23:48 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-30 00:57 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\Skype
2008-01-25 02:05 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\.purple
2008-01-25 01:11 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-21 22:37 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\gtk-2.0
2008-01-13 19:45 --------- d-----w C:\Program Files\dl_Cats
2008-01-11 02:10 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\Azureus
2008-01-09 01:21 --------- d-----w C:\Program Files\Azureus
2007-12-23 19:39 --------- d-----w C:\Program Files\QuickTime
2007-12-15 08:16 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\X-Chat 2
2007-12-14 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 22:44 --------- d-----w C:\Program Files\LSoft Technologies
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-11 02:20 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2003-11-18 18:37 241,664 ----a-w C:\Program Files\npmusicn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FC29A8D-F29D-477E-B428-0F942E23A960}]
2008-01-24 14:50 307200 --a------ C:\WINDOWS\dpvtporfgp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
{C4069E3A-68F1-403E-B40E-20066696354B}
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{27A4FA11-A0B1-4AB7-9A78-BD411FDEAA0D}

[HKEY_CLASSES_ROOT\clsid\{27a4fa11-a0b1-4ab7-9a78-bd411fdeaa0d}]
[HKEY_CLASSES_ROOT\elfwgps.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B45B9F9A-BA41-405F-B99B-3A846DB7E9BE}]
[HKEY_CLASSES_ROOT\elfwgps.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 22:12 851968]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 01:49 50736]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 17:32 5033984]
"nwiz"="nwiz.exe" [2003-09-24 17:32 741376 C:\WINDOWS\system32\nwiz.exe]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 17:48 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"HostManager"="C:\Program Files\Common Files\AOL\1190234924\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bqxomdo"= {A45B4858-241E-4B3A-998C-B8F55D62CE1B} - C:\WINDOWS\bqxomdo.dll [2008-01-24 14:50 307200]
"aswmklt"= {825480E9-66A1-4F37-9EE1-6E4ED64544FD} - C:\WINDOWS\aswmklt.dll [2008-01-24 14:50 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncTunes]
--a------ 2006-11-01 21:08 339131 C:\Program Files\iSyncTunes\ISyncTunes.exe

R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 16:22]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 11:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 22:13]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 12:31]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 23:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Drew Angus.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 11:05:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16?
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 11:07:08
ComboFix-quarantined-files.txt 2008-01-30 16:06:58
.
2008-01-18 08:01:54 --- E O F ---
  • 0

#9
loophole
Posted 30 January 2008 - 11:09 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi again :)

Open notepad and copy/paste the text in RED below into it:

File::
C:\WINDOWS\dpvtporfgp.dll
C:\WINDOWS\bqxomdo.dll
C:\WINDOWS\aswmklt.dll
C:\WINDOWS\elfwgps.dll
C:\WINDOWS\fvqkfsp.exe
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FC29A8D-F29D-477E-B428-0F942E23A960}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bqxomdo"=-
"aswmklt"=-


Save this as CFScript.txt, in the same location as ComboFix.exe (desktop)

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe


Please post the new combofix log and a hijack log
  • 0

#10
MAA58
Posted 30 January 2008 - 12:07 PM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Combofix Log:

ComboFix 08-01-30.6 - Drew Angus 2008-01-30 12:57:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.76 [GMT -5:00]
Running from: C:\Documents and Settings\Drew Angus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Drew Angus\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\aswmklt.dll
C:\WINDOWS\bqxomdo.dll
C:\WINDOWS\dpvtporfgp.dll
C:\WINDOWS\elfwgps.dll
C:\WINDOWS\fvqkfsp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\aswmklt.dll
C:\WINDOWS\bqxomdo.dll
C:\WINDOWS\dpvtporfgp.dll
C:\WINDOWS\elfwgps.dll
C:\WINDOWS\fvqkfsp.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 10:32 . 2008-01-30 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-29 20:18 . 2008-01-29 20:18 <DIR> d--hs---- C:\found.000
2008-01-29 20:06 . 2008-01-29 20:06 <DIR> d-------- C:\Documents and Settings\Drew Angus\Application Data\Grisoft
2008-01-29 20:05 . 2008-01-29 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-29 20:05 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-20 15:57 . 2008-01-20 16:38 <DIR> d-------- C:\Program Files\Project64 1.6
2008-01-19 21:27 . 2008-01-19 21:27 <DIR> d-------- C:\Program Files\DivX
2008-01-17 15:28 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-17 15:28 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-17 15:28 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-17 15:27 . 2008-01-17 15:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-17 15:24 . 2008-01-17 15:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-17 15:24 . 2008-01-17 15:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-12 22:12 . 2008-01-12 22:12 <DIR> d-------- C:\Documents and Settings\Drew Angus\Application Data\dvdcss
2008-01-09 17:00 . 2008-01-09 17:00 <DIR> d-------- C:\Program Files\FolderShare
2007-12-24 21:09 . 2007-12-27 15:35 <DIR> d-------- C:\DOOMS
2007-12-23 14:42 . 2007-12-23 14:43 <DIR> d-------- C:\Program Files\iTunes
2007-12-23 14:42 . 2007-12-23 14:42 <DIR> d-------- C:\Program Files\iPod
2007-12-23 14:35 . 2007-12-23 14:35 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-14 17:48 . 2007-12-14 17:48 <DIR> d-------- C:\Program Files\BitPim
2007-12-14 17:33 . 2007-12-14 17:33 <DIR> d-------- C:\Documents and Settings\Drew Angus\.thumbnails
2007-12-14 17:30 . 2007-12-14 17:30 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-12-14 17:30 . 2008-01-17 17:51 <DIR> d-------- C:\Documents and Settings\Drew Angus\.gimp-2.4
2007-12-14 16:53 . 2008-01-24 15:16 <DIR> d-------- C:\Program Files\Avanquest update
2007-12-14 16:52 . 2007-12-14 16:59 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-12-14 16:52 . 2007-12-14 16:52 <DIR> d-------- C:\Documents and Settings\Drew Angus\Application Data\InstallShield
2007-12-14 16:52 . 2007-12-14 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-14 16:36 . 2007-12-14 16:36 <DIR> d-------- C:\Program Files\WIBUKEY
2007-12-14 16:36 . 2007-12-14 16:36 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2007-12-14 16:36 . 2001-12-27 10:59 716,800 --a------ C:\WINDOWS\system32\Wibuke32.cpl
2007-12-14 16:36 . 2001-12-27 10:59 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-12-14 16:36 . 2004-03-08 10:18 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-12-14 16:36 . 2001-12-27 10:59 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-12-14 16:36 . 2001-12-27 10:59 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-12-14 16:36 . 2001-12-27 10:59 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-12-14 16:36 . 2004-03-01 18:53 37,760 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-12-14 16:36 . 2001-12-27 10:59 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-12-14 16:35 . 2007-12-15 04:14 <DIR> d-------- C:\Program Files\Motorola
2007-12-14 16:25 . 2007-12-14 16:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-14 16:25 . 2007-12-14 16:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-14 16:24 . 2006-11-13 15:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-14 16:24 . 2006-12-14 11:27 40,832 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-12-14 16:24 . 2007-04-02 22:13 21,632 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-12-14 16:22 . 2007-12-14 16:22 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-07 18:36 . 2007-12-07 18:42 <DIR> d-------- C:\Program Files\Cheat Engine
2007-12-07 18:36 . 2005-09-03 23:48 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-12-07 18:36 . 2005-09-03 23:48 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-30 00:57 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\Skype
2008-01-25 02:05 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\.purple
2008-01-25 01:11 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-21 22:37 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\gtk-2.0
2008-01-13 19:45 --------- d-----w C:\Program Files\dl_Cats
2008-01-11 02:10 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\Azureus
2008-01-09 01:21 --------- d-----w C:\Program Files\Azureus
2007-12-23 19:39 --------- d-----w C:\Program Files\QuickTime
2007-12-15 08:16 --------- d-----w C:\Documents and Settings\Drew Angus\Application Data\X-Chat 2
2007-12-14 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 22:44 --------- d-----w C:\Program Files\LSoft Technologies
2003-11-18 18:37 241,664 ----a-w C:\Program Files\npmusicn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 22:12 851968]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 01:49 50736]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 17:32 5033984]
"nwiz"="nwiz.exe" [2003-09-24 17:32 741376 C:\WINDOWS\system32\nwiz.exe]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 17:48 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"HostManager"="C:\Program Files\Common Files\AOL\1190234924\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncTunes]
--a------ 2006-11-01 21:08 339131 C:\Program Files\iSyncTunes\ISyncTunes.exe

R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 16:22]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 11:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 22:13]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 12:31]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 23:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Drew Angus.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 13:00:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 13:02:28
ComboFix-quarantined-files.txt 2008-01-30 18:02:19
ComboFix2.txt 2008-01-30 16:07:09
.
2008-01-18 08:01:54 --- E O F ---


Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:19 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\dlcfcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\1190234924\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190234924\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlcf_device - - C:\WINDOWS\System32\dlcfcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11079 bytes
  • 0

Advertisements

#11
loophole
Posted 30 January 2008 - 12:28 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi again :)

Please rescan with Hijackthis and place a check next to the following entries:

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Now click "Fix Checked" and close Hijackthis

NEXT

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#12
MAA58
Posted 30 January 2008 - 01:03 PM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
hi :)

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

#13
loophole
Posted 30 January 2008 - 01:15 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Perfect

How is the computer behaving?
  • 0

#14
MAA58
Posted 30 January 2008 - 01:20 PM

MAA58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
It's behaving just fine. No popups, no virus warnings, no fake files or links. The background looks a little odd though. It's white and the folders are all highlighted in blue. I'm guessing that just requires different settings.
  • 0

#15
loophole
Posted 30 January 2008 - 01:41 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ahh, Im on a Vista computer at the moment, let me see if I remember correctly

go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Privacy Protection" or whatever else is checked if present.

Does that fix it?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP