Posts by drakkana

this is very weird... there could be many things doing this... i'm thinking that there could be a virus, and it's a typing tracker.....

otherwise i have NO idea what could be going on.....

Cohen

I have SYMANTEC ANTIVIRUS CORPORATE EDITION v10.1.6.6000 , also from spyware programms i have Ad-aware 2007 and HijackThis v2.0.0.2. and ATF-Cleaner.. I had Search and Destroy Spybot too but i uninstalled it at some point..
Windows XP Professional v2002, Service pack 3..

I've heard it again about this kind of virus you said.. Is there any antivirus which could eliminate this problem? What would you suggest?

What browser are you using?
How strong are you setting your passwords????

Just need to do some process of elimination...

Cohen

The browser i use is Mozilla Firefox 3.0.7.
and the passwords are set as strong..

What do you think i can do?
Oh and btw i had the same issue again in both hotmail and facebook and seen AGAIN that they stole the chips from my facebook account... Very lame if that's what they're after..

Hello guys.. So, the thing is that i keep reseting my hotmail and facebook password cause it keeps telling me almost day by day that the password i type is wrong.. So i reset it.. I have done that about 10-15 times these days.
Does this mean my hotmail and facebook account are being hacked? or do i have somekind of virus..?
Btw i have that problem only in these two sites..
Also the day that this started in my facebook account in the application "Texas hold'em poker" someone took all my chips, about 2 mil.. And also during these days someone posted with my facebook account a comment in a friend's wall and he asked her what's her adress and postal code..
So i believe this all started with facebook..
The thing is how do they keep finding the new passwords?
It's a huge problem for me mostly for my hotmail account cause i own it for many many years.. :(
Anybody know what am i supposed to do?
I'll try anything so that i won't lose my mail account at least..

the only thing i need to do know..is enter the messenger..if it starts sending .zip trojan to my contacts..i will let you know..

deleted them.. no sign of mislead yes?

i checked and fixed it ..no sign of the second entry you said.. i post the log after fixing the BHO:(no name)..etc..entry..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:36 πμ, on 21/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} …

You mean in the results of hijackthis...i suppose...yes?
because the way you said it i couldn't understand..

I have no idea how to check these entries..noob u see..:/

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2885 (20080219)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=29265571bc7ec146a0131a06c5a478f9
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-02-19 01:42:43
# local_time=2008-02-19 03:42:43 )
# country="Greece"
# osver=5.1.2600 NT Service Pack 2
# scanned=202061
# found=3
# scan_time=2587
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original.rar probably a variant of Win32/TrojanDownloader.Agent trojan E3D7489E0F1A10398B9DA1DCD298FD24
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original.rar »RAR »Kante to Windows XP Professional Original\KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original\Kante to Windows XP Professional Original\KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan D638DC0AE606AEC45EAF64AB43C93912

that was the eset log..
The hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:26 μμ, on 19/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe

First of all.. you didn't specify when i should run the combofix.exe so I am gonna ask you first if i did it at the right time..
I first created the CFScript.txt and dragged it on the Combofix.exe (both saved on my desktop)..And after that i run the combofix.exe..
Right??

So.. here are the results..

ComboFix 08-02-18.1 - drakkana 2008-02-18 15:16:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.217 [GMT 2:00]
Running from: C:\Documents and Settings\drakkana\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: C:\Documents and Settings\drakkana\Επιφάνεια εργασίας\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\uoxhotgmr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cυj
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IWGOA8OI
-------\iwgoa8oi

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 14:42 . 2008-02-18 14:42 <DIR> d-------- C:\VundoFix Backups
2008-02-17 15:47 . 2008-02-17 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-17 15:45 . 2008-02-17 15:45 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-17 15:40 . 2008-01-22 14:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-17 15:39 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ATI Technologies
2008-02-17 13:21 . 2008-02-17 13:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 13:21 . 2008-02-17 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 02:06 . …

I run the vundo and it found nothing.. i run also ATF Cleaner..

there is the new hijack this log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:50 μμ, on 18/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - …

- Logfile MSNCleaner 1.5.5 by www.forospyware.com
- Created Logfile: 17/2/2008 on 10:40:16 μμ
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 1
Deleted file: 1
Undeleted Files: 0

C:\WINDOWS\nsreg.dat <--- Deleted

Host file Restored

AND THE HIJACK LOG :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:59 μμ, on 17/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:59 μμ, on 17/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - …

OK I've found how to disable auto-protect from my symantec antivirus..so i followed your instructions..and run the kaspersky online scan.. and here are the results..
by the way..i have a serious infection trouble..which maybe the kaspersky will show in it's log..i have posted that infection in this post --> http://www.daniweb.com/forums/thread109343.html

If you know anything about this infection please respond either to my thread above..or tell me if the kasperky log shows anything about this and what could i do to resolve this issue...That's my main issue at this time...

Kaspersky log :


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 6:53:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570048
-------------------------------------------------------------------------------


Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true


Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\


Scan Statistics:
Total number of scanned objects: 55693
Number of viruses found: 5
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 01:22:31


Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log  Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat    Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\cert8.db  Object is locked    skipped
C:\Documents …

i did a re-install of the drivers..with newer ones (i think) from the ati link that hughv's gave me.. i restarted..it opened in low resolution again..i did the settings to my ati catalyst control center..and turned off the pc..when i turned it on it started in normal resolution..so i think my problem is solved.....THANK you guys..i appreciate it... :***

Now like i didn't have enough trouble.. A few days ago i was chatting with a friend in windows live messenger...When i saw this message: This is a picture of us can i put it in my facebook(myspace..i don't remember)..anyway..
and after that message appeared a .zip...
As i was talking to a friend..i thought that it would not be harmless..so i extracted the "pic" which was an .exe i think...but definitely not a picture format (jpeg,bitmap etc.)
Stupidly enough i executed it.. (yeah i know..lame)
And when i executed it it disappeared from my desktop where i had it saved..
So i realised something was really wrong..
I then asked my friend if he sent me anything..and he said no..and also that he was also sent a zip from me..i think..So
I have searched the web for any info on this..And found that it is a very quick spreading trojan , virus i still haven't figured out..which inserts to your system and then sends zips to all your messenger contacts..with a large variaty of reasons..like "hey this is a picture of us..my sister thought you shoud see this.." and smurf like that..
Anyone know how to get rid of it?
I have uninstalled the messenger because when i re-installed it after a few failed attempts to clean my system with all sorts of anti-spyware and anti-viruses, when i connect to messenger it starts sending zips to my contacts..
BE …

I pushed the + and the things that are shown are
Radeon X1650 Series
Radeon X1650 Series Secondary..
no "!" and no error msg...

Problem NOT solved.. i have noticed that when i restart the computer sometimes the resolution is normal..But when i shut it off completely and the next day start it the resolution is once again low...
mechbas i seem to have some trouble installing the drivers from the cd..it doesn't find them..but the odd thing is that when i do this-->Device manager-Video adapter-Radeon etc..-update-no windows connect with windows update (tick)-install from a list etc..-without search-choose driver programm from user-next-the model of the graphic card shows in the list..Radeon x1650 series(with the appearance of hardware ticked)(sorry but i try to translate from greek to english), i then choose it,i hit next and it says that the guide has completed the installation fo the software for Radeon X1650 SEries..I do the same steps for the RAdeon X1650 series secondary..then reboot..and it starts in normal resolution..but when i turned the pc off it started in low resolution again...i am completely lost..

i installed the drivers..and no more crack screens...everything kewl..for now at least..
thanks guys...

Oh i forgot..my windows started in normal resolution after the reboot..

i rebooted..the video adapter still exists in my hardware..and in fact when i re-entered my windows it showed me that a new hardware was detected..and it was my graphic card..but now when i roll down with my mouse a page it rolls down with cracks..it doesn't roll normally..it rolls like there are several pages the one underneath the other..if you get what i mean..so what should i do next?

okeik i found it..uninstalled it..wait until i reboot.

what is a video adapter?.. :/
sorry but my windows xp are in Greek..

there is a bit of a problem...in how to disable the protection of my antiwirus.. you see.. my antivirus is Symantec Antivirus Server 10.1.6.6000 and it is not on the list of the link you gave me.. Could you tell me how to disable it...?

let me translate ===Is the OS and GA updates current?==OS= Operating System ie: winxp = is you winxp up to date with all windows updates installed .

GA updates current==GA=Graphic Card = is you video card driver the latest that the maker offers on there web site for you video card .

my windows are updated..
my graphic card i believe it is..now.. my graphic card is sapphire ati radeon x1650 pro (vpu)..
i don't believe that this has anything to do with the updates of my graphic card.. i believe that because the previous card (nvidia) was inside the motherboard that when i installed some the basic cd's after the format, maybe there is an issue between nvidia drivers and ati (my new card's) can you tell me how could i see if there is such a problem..?

I have no idea what you're talking about..
noob..:/

Post new logs from HijackThis and ComboFix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:07 μμ, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft …

My problem is that my windows xp even though i have installed the drivers of my Sapphire ATI Radeon X1650 pro (vpu) graphics card, start with the lowest resolution.. I have tried a lot of things..like reinstalling drivers , windows xp problem resolution..
This happens to me for the first time.. I made a format.. and after the format i have this problem.. This is a new graphic card..which when i installed had no problem at all..
But after the format i have done one of this days i now have this issue..
Does anyone know why could this be happening?

nope..i have done it like a hundred times..
i installed the drivers to the monitor, to the graphic card..nothing.

I did the common type of format.. inserted windows xp cd...install etc etc.. from dos..
the only problem i got right now is that whenever i start my windows the resolution of my screen is set to the lowest.. i then define it to be at 1024x768 but when i restart the pc the resolution is once again low...i installed the drivers of my monitor..but don't know what's goin on.. is that a "mislead" symptom?

thanks..but unfortunately i had to do a format.. but i appreciate your help...is there any chance of it being still in the system after the format?

I must have been infected by downloader mislead app.
Have run search & destroy, avg anti-spyware, hijackthis, spyware doctor, combofix, ad-aware and my norton security corporate edition...
As i see u need a hijack log...
So here it is..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:42 μμ, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\winpack32.exe