|
| ||
| cant open any files internet explore, my computer, my documents ect. Hello, really need some help with trying to fix a virus. I am unable to open My Documents, Control Panel, My Computer, Zip Files, Or Internet Explorer (when I click on them the toolbar and icons dissapear and only shows the background) here is my hijackthis log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:23:58 PM, on 6/27/2007 Platform: Windows 2000 SP1 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system\msnntlp.exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\loadqm.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\enternet.exe C:\WINNT\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\Explorer.exe C:\DOCUMENTS AND SETTINGS\RICK\DESKTOP\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINNT\System32\ipv6mons.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175453089317 O20 - Winlogon Notify: crypt - C:\WINNT\SYSTEM32\crypts.dll O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe -- End of file - 3840 bytes anyhelp would be highly apreciated |
| ||
| Re: cant open any files internet explore, my computer, my documents ect. godz, how much trouble would it be for you to format and reinstall? You have two backdoor hacks in there allowing remorte control of your computer - read up on these: msnntlp.exe & csrrs.exe -Google them. But that is not all you have... spammers and infostealers. We possibly can clean it if you wish, fix some registry entries too, if you have a lot of precious stuff in there. |
| ||
| Re: cant open any files internet explore, my computer, my documents ect. so it is possible to fix this without formating and reinstaling the os. because i have alots of files on this computer that i really cant lose |
| ||
| Re: cant open any files internet explore, my computer, my documents ect. We can always try, but no promises - it depends just how clever the controller is. Ever heard of backups, btw? I have a second HD dedicated to them. But no preaching. Let's get into it.... CCleaner: ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way. Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner. [For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.] ==For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please? ==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4 Double-click VundoFix.exe to start it, click the Scan for Vundo button. When the scan completes click the Remove Vundo button. You will receive a prompt asking if you want to remove the files - click YES Your desktop will then go blank as the process of removing Vundo starts. When completed it will prompt that it will restart your computer - click OK. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post the contents of C:\vundofix.txt. Panda Online Scan: ==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan? -select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan. AVG - AS: ==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 or here.. http://free.grisoft.com/freeweb.php/...i-spyware-free -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it. Combofix: ==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore. - On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter. - When the Boot Menu appears again, select Microsoft Windows XP and press Enter. - Log in by using your account if an administrator, otherwise use the Administrator account and password. NOTE: The password is blank by default unless you set a password. ==Start AVG a-s 7.5; -under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan. -save the log file. ==ComboFix:- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. ==Restart in normal mode. Post the panda, AVG, vundofix and combofix logs pleas, plus a fresh hijackthis log run in normal mode. That should keep you quiet for 10 minutes or more.. :) |
| ||
| Re: cant open any files internet explore, my computer, my documents ect. well i am happy to say as far as i can tell after doing what u have told me to do that my computer is back to normal. here are the logs u wanted. thank u so much for the time u took to help me. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:44:21 PM 6/28/2007 + Scan result: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored. HKU\S-1-5-21-1715567821-1677128483-1060284298-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored. C:\WINNT\system32\ge1.exe -> Backdoor.SdBot.xd : Ignored. C:\httpmicro.exe -> Hijacker.Agent.jn : Ignored. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@2o7[2].txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Local Settings\Temp\Cookies\rick@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignored. :mozilla.24:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored. :mozilla.25:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored. :mozilla.26:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored. G:\Documents and Settings\Richard\Cookies\richard@www.adobe[1].txt -> TrackingCookie.Adobe : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@advertising[1].txt -> TrackingCookie.Advertising : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Local Settings\Temp\Cookies\rick@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored. G:\Documents and Settings\Richard\Cookies\richard@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@bfast[2].txt -> TrackingCookie.Bfast : Ignored. G:\Documents and Settings\Richard\Cookies\richard@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored. G:\Documents and Settings\Richard\Cookies\richard@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignored. G:\Documents and Settings\Richard\Cookies\richard@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignored. :mozilla.15:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored. G:\Documents and Settings\Richard\Cookies\richard@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored. G:\Documents and Settings\Richard\Cookies\richard@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored. G:\Documents and Settings\Richard\Cookies\richard@search.live[2].txt -> TrackingCookie.Live : Ignored. G:\Documents and Settings\Richard\Cookies\richard@www.lop[2].txt -> TrackingCookie.Lop : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@search.msn[2].txt -> TrackingCookie.Msn : Ignored. G:\Documents and Settings\Richard\Cookies\richard@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@overture[1].txt -> TrackingCookie.Overture : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@perf.overture[1].txt -> TrackingCookie.Overture : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored. G:\Documents and Settings\Richard\Cookies\richard@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored. G:\Documents and Settings\Richard\Cookies\richard@revsci[2].txt -> TrackingCookie.Revsci : Ignored. :mozilla.12:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored. :mozilla.13:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored. :mozilla.14:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored. :mozilla.16:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored. :mozilla.17:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored. :mozilla.19:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored. :mozilla.18:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored. :mozilla.20:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored. :mozilla.27:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignored. C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignored. G:\Documents and Settings\Richard\Cookies\richard@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored. ::Report end Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:52:30 PM, on 6/28/2007 Platform: Windows 2000 SP1 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\System32\svchost.exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\WINNT\loadqm.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Documents and Settings\Rick\Desktop\ababybunny.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175453089317 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing) O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe -- End of file - 4071 bytes "Rick" - 2007-06-28 23:46:29 - ComboFix 07-06-27.7 - Service Pack 1 NTFS [SAFE MODE] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\crypts.dll C:\WINNT\system32\ipv6mons.dll C:\WINNT\system32\rpcc.dll ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 ))))))))))))))))))))))))))))))) 2007-06-28 23:45 49,152 --a------ C:\WINNT\nircmd.exe 2007-06-28 20:21 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2007-06-28 20:14 <DIR> d-------- C:\VundoFix Backups 2007-06-28 20:09 <DIR> d-------- C:\Program Files\CCleaner 2007-06-28 19:50 <DIR> d--hs---- C:\RECYCLER 2007-06-28 16:14 68,608 --a------ C:\httpmicro.exe 2007-06-28 14:52 70,144 --a------ C:\htgl.exe 2007-06-28 00:01 <DIR> d--h----- C:\Program Files\QMgr 2007-06-28 00:00 <DIR> d-------- C:\WINNT\Tasks 2007-06-07 01:36 99,965 --a------ C:\WINNT\UninstallFirefox.exe 2007-06-07 01:36 0 --a------ C:\WINNT\nsreg.dat 2007-06-07 01:35 3,394 --a------ C:\WINNT\mozver.dat 2007-06-07 01:29 499,712 --a------ C:\WINNT\system32\msvcp71.dll 2007-06-07 01:29 348,160 --a------ C:\WINNT\system32\msvcr71.dll 2007-06-06 23:57 0 ---h----- C:\CONFIG.SYS 2007-06-06 23:57 0 ---h----- C:\AUTOEXEC.BAT 2007-06-06 23:56 71,952 --a------ C:\WINNT\system32\isign32.dll 2007-06-06 23:56 67,856 --a------ C:\WINNT\system32\msoert2.dll 2007-06-06 23:56 63,248 --a------ C:\WINNT\system32\ils.dll 2007-06-06 23:56 59,904 --a------ C:\WINNT\system32\acctres.dll 2007-06-06 23:56 57,104 --a------ C:\WINNT\system32\icwdial.dll 2007-06-06 23:56 568,592 --a------ C:\WINNT\system32\inetcomm.dll 2007-06-06 23:56 53,520 --a------ C:\WINNT\system32\msconf.dll 2007-06-06 23:56 5,904 --a------ C:\WINNT\system32\icfgnt5.dll 2007-06-06 23:56 49,424 --a------ C:\WINNT\system32\icwphbk.dll 2007-06-06 23:56 47,616 --a------ C:\WINNT\system32\inetres.dll 2007-06-06 23:56 32,880 --a------ C:\WINNT\system32\mnmdd.dll 2007-06-06 23:56 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll 2007-06-06 23:56 251,152 --a------ C:\WINNT\system32\inetcfg.dll 2007-06-06 23:56 218,384 --a------ C:\WINNT\system32\mstask.dll 2007-06-06 23:56 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe 2007-06-06 23:56 200,464 --a------ C:\WINNT\system32\msoeacct.dll 2007-06-06 23:56 12,560 --a------ C:\WINNT\system32\nmmkcert.dll 2007-06-06 23:56 118,032 --a------ C:\WINNT\system32\mstask.exe 2007-06-06 23:56 10,000 --a------ C:\WINNT\system32\mstinit.exe 2007-06-06 23:21 148,992 --a------ C:\WINNT\system32\spxcoins.dll 2007-06-06 00:27 <DIR> d-------- C:\DOCUME~1\Rick\APPLIC~1\RegSweep 2007-06-05 23:38 40,008 --a------ C:\d39hz.exe 2007-06-05 23:10 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys 2007-06-05 23:10 80,896 --a------ C:\WINNT\system32\dpvsetup.exe 2007-06-05 23:10 76,800 --a------ C:\WINNT\system32\dmscript.dll 2007-06-05 23:10 733,184 --a------ C:\WINNT\system32\qedwipes.dll 2007-06-05 23:10 7,168 --a------ C:\WINNT\system32\d3d8thk.dll 2007-06-05 23:10 68,096 --a------ C:\WINNT\system32\dsdmoprp.dll 2007-06-05 23:10 68,096 --a------ C:\WINNT\system32\dpnhupnp.dll 2007-06-05 23:10 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys 2007-06-05 23:10 524,800 --a------ C:\WINNT\system32\qedit.dll 2007-06-05 23:10 5,504 --a------ C:\WINNT\system32\drivers\mstee.sys 2007-06-05 23:10 480,256 --a------ C:\WINNT\system32\msvidctl.dll 2007-06-05 23:10 47,104 --a------ C:\WINNT\system32\wstdecod.dll 2007-06-05 23:10 46,592 --a------ C:\WINNT\system32\dxdllreg.exe 2007-06-05 23:10 4,096 --a------ C:\WINNT\system32\ksuser.dll 2007-06-05 23:10 377,856 --a------ C:\WINNT\system32\dpnet.dll 2007-06-05 23:10 354,816 --a------ C:\WINNT\system32\psisdecd.dll 2007-06-05 23:10 32,768 --a------ C:\WINNT\system32\dpnhpast.dll 2007-06-05 23:10 3,072 --a------ C:\WINNT\system32\dpnlobby.dll 2007-06-05 23:10 3,072 --a------ C:\WINNT\system32\dpnaddr.dll 2007-06-05 23:10 258,424 --a------ C:\WINNT\system32\qasf.dll 2007-06-05 23:10 203,264 --a------ C:\WINNT\system32\dpvoice.dll 2007-06-05 23:10 194,560 --a------ C:\WINNT\system32\mswebdvd.dll 2007-06-05 23:10 19,968 --a------ C:\WINNT\system32\dpvacm.dll 2007-06-05 23:10 186,880 --a------ C:\WINNT\system32\dsdmo.dll 2007-06-05 23:10 18,944 --a------ C:\WINNT\system32\encapi.dll 2007-06-05 23:10 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys 2007-06-05 23:10 18,432 --a------ C:\WINNT\system32\dswave.dll 2007-06-05 23:10 16,896 --a------ C:\WINNT\system32\msyuv.dll 2007-06-05 23:10 16,896 --a------ C:\WINNT\system32\dpnsvr.exe 2007-06-05 23:10 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys 2007-06-05 23:10 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys 2007-06-05 23:10 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys 2007-06-05 23:10 130,304 --a------ C:\WINNT\system32\drivers\ks.sys 2007-06-05 23:10 13,312 --a------ C:\WINNT\system32\msdmo.dll 2007-06-05 23:10 112,128 --a------ C:\WINNT\system32\dpvvox.dll 2007-06-05 23:10 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys 2007-06-05 23:10 10,880 --a------ C:\WINNT\system32\drivers\slip.sys 2007-06-05 23:10 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys 2007-06-05 23:10 1,769,472 --a------ C:\WINNT\system32\dxdiagn.dll 2007-06-05 23:10 1,689,600 --a------ C:\WINNT\system32\d3d9.dll 2007-06-05 23:10 1,189,888 --a------ C:\WINNT\system32\dx8vb.dll 2007-06-05 23:10 1,179,648 --a------ C:\WINNT\system32\d3d8.dll 2007-06-05 21:43 5,332 --a------ C:\WINNT\system32\drivers\FlashSys.sys 2007-06-05 21:43 4,440 --a------ C:\WINNT\system32\drivers\WinFlash.sys 2007-06-05 21:43 16,721 --a------ C:\WINNT\system32\Ntaccess.sys 2007-06-05 21:43 <DIR> d-a------ C:\Program Files\MSI 2007-06-05 19:33 <DIR> d-------- C:\DOCUME~1\Rick\APPLIC~1\WinRAR 2007-06-05 19:24 768 --a------ C:\WINNT\system32\d3d8caps.dat 2007-06-05 19:24 4,682 --a------ C:\WINNT\system32\npptNT2.sys 2007-06-05 19:19 44,032 --a------ C:\WINNT\system32\dimap.dll 2007-06-05 19:19 386,048 --a------ C:\WINNT\system32\diactfrm.dll 2007-06-05 19:19 31,744 --a------ C:\WINNT\system32\pid.dll 2007-06-05 19:19 166,400 --a------ C:\WINNT\system32\dinput8.dll 2007-06-05 19:19 <DIR> d-a------ C:\WINNT\system32\DirectX 2007-06-05 19:19 <DIR> d-a------ C:\Program Files\directx 2007-06-05 19:14 <DIR> d-------- C:\Nexon 2007-06-05 15:50 41,472 --a------ C:\WINNT\system32\ge1.exe 2007-06-05 15:32 77,760 --a------ C:\WINNT\system32\qmgr.dll 2007-06-05 15:32 7,536 --a------ C:\WINNT\loadqm.exe 2007-06-05 15:32 48,224 --a------ C:\WINNT\system32\progdl.dll 2007-06-05 15:32 42,576 --a------ C:\WINNT\system32\qmgrprxy.dll 2007-06-05 01:33 <DIR> d-a------ C:\WINNT\system32\Macromed (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-07 04:55:55 15,012 ----a-w C:\WINNT\system32\emptyregdb.dat 2007-06-07 04:55:04 -------- d---a-w C:\Program Files\Windows NT 2007-06-05 20:32:33 -------- d---a-w C:\Program Files\MSN Messenger 2007-06-02 02:30:39 -------- d---a-w C:\Program Files\Common Files\Symantec Shared 2007-03-31 18:13:53 6,656 ----a-w C:\WINNT\system32\haspvdd.dll 2007-03-31 18:13:53 383 ----a-w C:\WINNT\system32\haspdos.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [01-03-02 13:02 ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [00-07-26 12:00 C:\WINNT\system32\mobsync.exe] "LoadQM"="loadqm.exe" [00-05-03 17:23 C:\WINNT\loadqm.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-06-07 04:19 ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 04:25 ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-06-14 10:05 ] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [07-05-30 07:29 ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 23:50:10 Windows 5.0.2195 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-28 23:51:20 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-06-28 23:51 --- E O F --- nothing was found in vundofix and at the time i could not run an online scan because with the pandasoft u need internet explore and i could only open mozilla fire fox. Is there anything else wrong with my computer? once again thank you for all your help |
| ||
| Re: cant open any files internet explore, my computer, my documents ect. Godz, in this bit of my post: "==Start AVG a-s 7.5; -under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan. -save the log file." this bit was extremely important: "-under Scanner/ Settings please set Recommended actions to Quarantine" You MUST do that, and rerun the AVG complete system scan. Post the log. |
| All times are GMT -4. The time now is 4:21 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC