big problems

Reply

Join Date: Dec 2007
Posts: 2
Reputation: brdman is an unknown quantity at this point 
Solved Threads: 0
brdman brdman is offline Offline
Newbie Poster

big problems

 
0
  #1
Dec 5th, 2007
hi i have big problems with internet explorer not responding and very slow startup can someone help please? hijackthis log is



Logfile of HijackThis v1.99.1
Scan saved at 22:09:18, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
F1 - win.ini: run=fntldr.exe
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [XTTUXLNQFJRQLVQ] C:\WINDOWS\OONKPRRAVURPQR.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50841D2D-F6E1-4084-A31F-89D2866AF95B}: NameServer = 172.31.140.69 172.30.140.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe" "C:\Program Files\NewDotNet\nncore.dll" ServiceStart (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,112
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 769
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: big problems

 
0
  #2
Dec 6th, 2007
Hi and welcome to Daniweb forums .

Can you please do the following.

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done .
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Download the newest version of HiJackThis; version 2.0.2. Place it in a permanent folder before scanning. Repost your log after following the steps below. This version has features that might be more helpful in 'cleaning' up your system.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

F1 - win.ini: run=fntldr.exe

O1 - Hosts: 205.177.124.66 auto.search.msn.com

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O19 - User stylesheet: (file missing)

O20 - AppInit_DLLs: msconfd.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

Search for...

run=fntldr.exe
msconfd.dll

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

1. Make sure that Combofix is downloaded to and run from, your desktop.

2. Double click combofix.exe & follow the prompts.
3. When finished, ComboFix generates a pop up log which can also be found at C:\ComboFix.txt. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 2
Reputation: brdman is an unknown quantity at this point 
Solved Threads: 0
brdman brdman is offline Offline
Newbie Poster

Re: big problems

 
0
  #3
Dec 9th, 2007
hi Crunchie thanks a million for your help sorry about the delay in replying (busy man), i've done what you said and the logs are as follows


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:51, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [XTTUXLNQFJRQLVQ] C:\WINDOWS\OONKPRRAVURPQR.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50841D2D-F6E1-4084-A31F-89D2866AF95B}: NameServer = 172.31.140.69 172.30.140.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://us.a1.yimg.com/us.yimg.com/i/ww/m5v8.gif

--
End of file - 6973 bytes


ComboFix 07-12-09.1 - user 2007-12-09 15:31:01.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\NDNuninstall4_80.exe
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\NDNuninstall6_10.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system\svchost32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NNSERV
-------\NNServ


((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-09 12:45 . 2007-12-09 12:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-06 22:03 . 2007-12-09 12:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-06 22:03 . 2007-12-06 22:03 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-06 20:12 . 2007-12-06 20:12 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 22:50 . 2007-11-30 22:50 <DIR> d-------- C:\WINDOWS\CatRoot
2007-11-30 22:50 . 2006-06-08 11:25 73,728 --a------ C:\WINDOWS\VMInstNT.exe
2007-11-30 22:50 . 2006-08-21 21:13 40,960 --a------ C:\WINDOWS\VM303UninstNT.exe
2007-11-30 22:50 . 2002-02-26 18:47 15,086 --a------ C:\WINDOWS\uninstall.ico
2007-11-30 22:43 . 2004-08-04 07:56 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2007-11-30 22:43 . 2004-08-04 07:56 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax
2007-11-30 22:12 . 2007-03-01 09:17 88,960 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-11-30 22:12 . 2007-03-01 09:17 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-11-27 21:02 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-27 21:01 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-27 21:01 . 2007-11-27 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-26 17:43 . 2007-11-26 18:53 <DIR> d-------- C:\Documents and Settings\user\Application Data\SoundSpectrum
2007-11-26 17:38 . 2007-11-26 17:38 <DIR> d-------- C:\Program Files\SoundSpectrum
2007-11-26 15:37 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-26 15:37 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-26 15:37 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-26 15:33 . 2007-11-26 15:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-26 15:27 . 2007-11-26 15:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-26 15:27 . 2007-11-26 15:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-26 14:06 . 2007-11-26 14:06 <DIR> d-------- C:\Program Files\Xvid
2007-11-26 14:06 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-26 14:06 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-26 14:06 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-25 18:12 . 2007-11-25 18:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-25 15:25 . 2007-11-25 15:25 <DIR> d-------- C:\Program Files\uTorrent
2007-11-25 15:25 . 2007-12-01 12:30 <DIR> d-------- C:\Documents and Settings\user\Application Data\uTorrent
2007-11-25 11:10 . 2007-11-25 11:10 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-25 11:10 . 2007-11-25 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-25 10:57 . 2007-11-25 10:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-23 20:56 . 2007-11-23 20:56 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-11-23 20:56 . 2007-11-23 20:56 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-11-23 18:38 . 2004-08-04 06:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-11-23 18:38 . 2004-08-04 06:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2007-11-23 18:28 . 2007-07-09 13:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-23 12:53 . 2006-08-21 09:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-23 12:53 . 2006-08-21 09:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-23 12:53 . 2006-08-21 12:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-23 11:37 . 2007-12-01 09:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-22 20:49 . 2007-12-09 12:30 <DIR> d-------- C:\Documents and Settings\user\Application Data\skypePM
2007-11-22 20:49 . 2007-11-22 20:49 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-22 20:36 . 2007-12-09 14:26 <DIR> d-------- C:\Documents and Settings\user\Application Data\Skype
2007-11-22 20:35 . 2007-11-22 20:35 <DIR> d-------- C:\Program Files\Skype
2007-11-22 20:35 . 2007-11-22 20:35 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-11-22 20:34 . 2007-11-22 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-22 19:26 . 2007-11-22 19:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-11-22 19:26 . 2007-11-22 19:26 <DIR> d-------- C:\WINDOWS\peernet
2007-11-22 19:20 . 2007-11-22 19:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-11-22 19:08 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-22 19:00 . 2007-11-22 19:00 <DIR> d-------- C:\WINDOWS\EHome
2007-11-22 18:16 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-11-22 18:16 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2007-11-22 18:16 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-11-19 21:36 . 2007-11-19 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 19:25 . 2007-12-09 12:27 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2007-11-19 19:19 . 2007-11-19 19:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-19 19:18 . 2007-11-19 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 19:18 . 2007-11-23 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-19 15:49 . 2004-08-04 07:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-11-19 15:49 . 2004-08-04 07:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-11-19 15:49 . 2004-08-04 07:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2007-11-19 15:49 . 2004-08-04 07:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-11-19 15:49 . 2007-03-08 15:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-11-19 15:49 . 2004-03-30 01:25 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-11-19 15:36 . 2007-11-19 15:36 122 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-19 15:26 . 2004-08-04 07:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-11-19 15:20 . 2007-11-19 15:49 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-11-19 15:20 . 2007-11-19 15:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-19 15:20 . 2004-01-10 05:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-11-19 15:16 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-19 15:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-19 15:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-19 15:16 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-17 16:53 . 2007-11-17 16:53 <DIR> d-------- C:\Program Files\Huawei technologies
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 22:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 21:20 --------- d-----w C:\Program Files\iTunes
2007-11-27 21:19 --------- d-----w C:\Program Files\iPod
2007-11-27 21:13 --------- d-----w C:\Program Files\QuickTime
2007-11-27 21:03 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 19:01 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-23 18:51 --------- d-----w C:\Program Files\Propellerhead
2007-11-23 18:47 --------- d-----w C:\Program Files\ahead
2007-11-23 18:40 --------- d-----w C:\Program Files\Morpheus
2007-11-23 18:40 --------- d-----w C:\Program Files\Monopoly Star Wars
2007-11-23 18:29 --------- d-----w C:\Program Files\GameShadow
2007-11-23 18:28 --------- d-----w C:\Program Files\EA SPORTS
2007-11-23 18:26 --------- d-----w C:\Program Files\Belkin
2007-11-22 20:14 --------- d-----w C:\Program Files\Google
2007-11-20 15:26 --------- d-----w C:\Program Files\UbiSoft
2007-11-19 21:29 --------- d-----w C:\Program Files\Microsoft Works
2007-11-19 20:33 --------- d-----w C:\Program Files\Championship Manager 5
2007-11-19 20:30 --------- d-----w C:\Program Files\Brother
2007-11-19 20:22 --------- d-----w C:\Program Files\KaZaA
2003-12-29 11:42 0 -csh--r C:\WINDOWS\editpad.exe
2003-12-29 11:42 0 -csh--r C:\WINDOWS\fntldr.exe
2003-12-29 11:42 0 -csh--r C:\WINDOWS\qttasks.exe
2003-12-29 11:42 0 -csh--r C:\WINDOWS\quicken.exe
2003-12-29 11:42 0 -csh--r C:\WINDOWS\svcinit.exe
2004-01-19 12:43 32 -csha-w C:\WINDOWS\{1C1FE15C-AB12-418C-B29A-C40FA3040412}.dat
2004-01-19 12:46 32 -csha-w C:\WINDOWS\{3958B55F-DE25-41CF-BB23-D1CCEC15AFA2}.dat
2004-01-19 12:39 32 -csha-w C:\WINDOWS\{3DB1885A-EDCF-4AD1-9681-1A00BE3A3C26}.dat
2004-01-19 12:39 32 -csha-w C:\WINDOWS\{90A218D0-19AB-492D-973F-03A597852E84}.dat
2004-01-19 12:39 32 -csha-w C:\WINDOWS\{BB6B311D-3262-4DDE-82CE-A30C043F428E}.dat
2003-12-29 11:42 0 -csh--r C:\WINDOWS\system\svcinit.exe
2004-01-19 12:39 32 -csha-w C:\WINDOWS\system32\{1A1753AA-E587-4F37-A5EA-57CF8D957AAA}.dat
2004-01-19 12:39 32 -csha-w C:\WINDOWS\system32\{231AF41A-C8F5-4E3F-88F7-9E82A4A8F046}.dat
2004-01-19 12:39 32 -csha-w C:\WINDOWS\system32\{3167AF38-C2B4-4DFF-AA76-F61105247DE5}.dat
2004-01-19 12:46 32 -csha-w C:\WINDOWS\system32\{5942915F-A1C6-4105-93E4-C6AFCE904539}.dat
2004-01-19 12:43 32 -csha-w C:\WINDOWS\system32\{BEEDD788-190B-4E54-B79F-370FE32D4CB5}.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XTTUXLNQFJRQLVQ"="C:\WINDOWS\OONKPRRAVURPQR.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 14:20]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 19:19]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"BigDogPath323VMSnap"="C:\WINDOWS\VMSnap23.exe" [2006-07-20 04:37]
"BigDogPath323Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 02:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-19 19:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2001-11-13 08:22:21]
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe [2002-01-26 08:06:21]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4e220-9f91-11dc-a4b5-ffc90b1b3404}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fade84-952e-11dc-a49a-ffa533373606}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 20:11:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-07 17:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-12-09 15:46:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\user\LOCALS~1\Temp\hjhnlojg.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 15:43:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 15:51:23 - machine was rebooted
.
--- E O F ---

THANKS AGAIN
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,112
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 769
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: big problems

 
0
  #4
Dec 9th, 2007
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\editpad.exe
C:\WINDOWS\fntldr.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\{1C1FE15C-AB12-418C-B29A-C40FA3040412}.dat
C:\WINDOWS\{3958B55F-DE25-41CF-BB23-D1CCEC15AFA2}.dat
C:\WINDOWS\{3DB1885A-EDCF-4AD1-9681-1A00BE3A3C26}.dat
C:\WINDOWS\{90A218D0-19AB-492D-973F-03A597852E84}.dat
C:\WINDOWS\{BB6B311D-3262-4DDE-82CE-A30C043F428E}.dat
C:\WINDOWS\system\svcinit.exe
C:\WINDOWS\system32\{1A1753AA-E587-4F37-A5EA-57CF8D957AAA}.dat
C:\WINDOWS\system32\{231AF41A-C8F5-4E3F-88F7-9E82A4A8F046}.dat
C:\WINDOWS\system32\{3167AF38-C2B4-4DFF-AA76-F61105247DE5}.dat
C:\WINDOWS\system32\{5942915F-A1C6-4105-93E4-C6AFCE904539}.dat
C:\WINDOWS\system32\{BEEDD788-190B-4E54-B79F-370FE32D4CB5}.dat
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 1851 | Replies: 3
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial conficker connect control cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus firefox gaming gtaiv halloween herss.exe hijack hosting internet iphone logfiles malware mcafee messagelabs microsoft mobile msn nazi news norton obama onlinethreats paedophile panel parents patch pc pdf policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research rogueantivirus rootkit samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC