|
|
#1
28th Dec 2007, 13:58
| |||
| |||
 Hijackthis log I was told to download hijackthis and post my log here. My computer keep opening pop up ads. I have downloaded stopzilla but it doesn't seem to be helping. Also I keep getting the following message: "One or more necessary files appears to be invalid. This is generally caused by a corrupted installation. Please try downloading and installing Limewire again. If the problem persists, please visit www.limewire.com and click the support link. Thankyou." Then there's a dialogue box saying "LimeWire version 4.12.6 Java version 1.6.0_03 from Sun Microsystems Inc. Windows XP v. 5.1 on x86 Free/total memory: 3060368/4128768 com.limegroup.gnutella.gui.GUILoader$StartupFailed Exception: invalid update.ver at com.limegroup.gnutella.gui.GUILoader.sanityCheck(G UILoader.java:278) at com.limegroup.gnutella.gui.GUILoader.load(GUILoade r.java:48) at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.limegroup.gnutella.gui.Main.main(Main.java:44) STARTUP ERROR! -- listing properties -- WINDOW_Y=3 WINDOW_X=0 PORT=4866 THEME_FILE=C:\Documents and Settings\Sys\.limewi... TOTAL_CONNECTION_TIME=183520513 RUN_ON_STARTUP=false UPDATE_DELAY=25200001 UPDATE_GIVEUP_FACTOR=49 FILTER_HASH_QUERIES=true INSTALLED=true UI_LIBRARY_TREE_DIVIDER_LOCATION=187 AVERAGE_UPTIME=4801 TOTAL_UPTIME=249692 MAX_UPLOAD_BYTES_PER_SEC=7 MIN_CONNECT_TIME=4 CONTENT_AUTHORITIES=fserv1.limewire.com:10000 COUNTRY=US LAST_SHUTDOWN_TIME=1198195182480 APP_WIDTH=1152 SESSIONS=53 UPDATE_MIN_ATTEMPTS=1999 SHOW_TOTD=false LAST_ACCEPTABLE_BUG_VERSION=4.13.15 FRACTIONAL_UPTIME=0.004997273 UPDATE_RETRY_DELAY=1800001 CONNECTION_SPEED=350 LAST_EXPIRE_TIME=1198190522724 TOTAL_CONNECTIONS=61 DIRECTORY_FOR_SAVING_FILES=C:\Documents and Settings\Sys\My Docu... MAX_DOWNLOAD_BYTES_PER_SEC=41 UPDATE_DOWNLOAD_DELAY=14400001 RUN_ONCE=true AVERAGE_CONNECTION_TIME=3008533 APP_HEIGHT=831 EVIL_HOSTS=BearShare 5.2 MAX_SIM_DOWNLOAD=8 DIRECTORIES_TO_SEARCH_FOR_FILES=C:\Documents and Settings\Sys\Shared LAST_GWEBCACHE_FETCH_TIME=1161637862682 UNSET_FIREWALLED_FROM_CONNECTBACK=true CLIENT_ID=7B24281331BAA704BC71BA7307EC4100 THEME_DIR=C:\Documents and Settings\Sys\.limewi... CONTENT_MANAGEMENT_ACTIVE=true FLUSH_DELAY_TIME=8 IDLE_CONNECTIONS=2 FILES IN CURRENT DIRECTORY: C:\Program Files\limewire\clink.jar LAST MODIFIED: 1156261595138 SIZE: 307949 C:\Program Files\limewire\clink.pack LAST MODIFIED: 1198344185156 SIZE: 151711 C:\Program Files\limewire\commons-httpclient.jar LAST MODIFIED: 1156261596857 SIZE: 459988 C:\Program Files\limewire\commons-httpclient.pack LAST MODIFIED: 1198344185166 SIZE: 138410 C:\Program Files\limewire\commons-logging.jar LAST MODIFIED: 1156261597669 SIZE: 59154 C:\Program Files\limewire\commons-logging.pack LAST MODIFIED: 1198344185176 SIZE: 26147 C:\Program Files\limewire\commons-net.jar LAST MODIFIED: 1156261599232 SIZE: 355370 C:\Program Files\limewire\commons-net.pack LAST MODIFIED: 1198344185186 SIZE: 109785 C:\Program Files\limewire\commons-pool.pack LAST MODIFIED: 1198344185206 SIZE: 47134 C:\Program Files\limewire\daap.jar LAST MODIFIED: 1156261600826 SIZE: 388504 C:\Program Files\limewire\daap.pack LAST MODIFIED: 1198344185216 SIZE: 86845 C:\Program Files\limewire\foxtrot.pack LAST MODIFIED: 1198344185216 SIZE: 9157 C:\Program Files\limewire\GenericWindowsUtils.dll LAST MODIFIED: 1156261551091 SIZE: 12279 C:\Program Files\limewire\httpcore-nio.pack LAST MODIFIED: 1198344185226 SIZE: 66853 C:\Program Files\limewire\httpcore.pack LAST MODIFIED: 1198344185236 SIZE: 76885 C:\Program Files\limewire\i18n.jar LAST MODIFIED: 1156261601185 SIZE: 25678 C:\Program Files\limewire\icu4j.jar LAST MODIFIED: 1156261603029 SIZE: 741440 C:\Program Files\limewire\icu4j.pack LAST MODIFIED: 1198344185256 SIZE: 493673 C:\Program Files\limewire\id3v2.jar LAST MODIFIED: 1156261604013 SIZE: 94430 C:\Program Files\limewire\id3v2.pack LAST MODIFIED: 1198344185266 SIZE: 35526 C:\Program Files\limewire\jcraft.jar LAST MODIFIED: 1156261605154 SIZE: 136693 C:\Program Files\limewire\jcraft.pack LAST MODIFIED: 1198344185276 SIZE: 63240 C:\Program Files\limewire\jdic.pack LAST MODIFIED: 1198344185286 SIZE: 30347 C:\Program Files\limewire\jdic_stub.pack LAST MODIFIED: 1198344185296 SIZE: 22053 C:\Program Files\limewire\jl011.jar LAST MODIFIED: 1156261606310 SIZE: 255016 C:\Program Files\limewire\jl011.pack LAST MODIFIED: 1198344185306 SIZE: 159273 C:\Program Files\limewire\jmdns.jar LAST MODIFIED: 1156261607107 SIZE: 69306 C:\Program Files\limewire\jmdns.pack LAST MODIFIED: 1198344185316 SIZE: 20448 C:\Program Files\limewire\lib LAST MODIFIED: 1198358850844 SIZE: 0 C:\Program Files\limewire\LimeWire.exe LAST MODIFIED: 1156261555747 SIZE: 159744 C:\Program Files\limewire\LimeWire.jar LAST MODIFIED: 1156261587310 SIZE: 7117582 C:\Program Files\limewire\LimeWire.jar.tmp LAST MODIFIED: 1198344191265 SIZE: 10662732 C:\Program Files\limewire\LimeWire20.dll LAST MODIFIED: 1156261553326 SIZE: 40960 C:\Program Files\limewire\log4j.jar LAST MODIFIED: 1156261609310 SIZE: 677952 C:\Program Files\limewire\log4j.pack LAST MODIFIED: 1198344185326 SIZE: 178963 C:\Program Files\limewire\looks.jar LAST MODIFIED: 1156261611341 SIZE: 630634 C:\Program Files\limewire\looks.pack LAST MODIFIED: 1198344185336 SIZE: 179942 C:\Program Files\limewire\MessagesBundles.jar LAST MODIFIED: 1156261592982 SIZE: 2951044 C:\Program Files\limewire\MessagesBundles.pack LAST MODIFIED: 1198344185126 SIZE: 4273290 C:\Program Files\limewire\mp3sp14.jar LAST MODIFIED: 1156261612091 SIZE: 40064 C:\Program Files\limewire\mp3sp14.pack LAST MODIFIED: 1198344185356 SIZE: 14759 C:\Program Files\limewire\msvcr71.dll LAST MODIFIED: 1156196179000 SIZE: 348160 C:\Program Files\limewire\ProgressTabs.jar LAST MODIFIED: 1156261593591 SIZE: 5786 C:\Program Files\limewire\ProgressTabs.pack LAST MODIFIED: 1198344185146 SIZE: 2494 C:\Program Files\limewire\themes.jar LAST MODIFIED: 1156261612451 SIZE: 620179 C:\Program Files\limewire\themes.pack LAST MODIFIED: 1198344185376 SIZE: 690234 C:\Program Files\limewire\tritonus.jar LAST MODIFIED: 1156261613576 SIZE: 152711 C:\Program Files\limewire\tritonus.pack LAST MODIFIED: 1198344185386 SIZE: 57567 C:\Program Files\limewire\unpack200.exe LAST MODIFIED: 1150484858000 SIZE: 122880 C:\Program Files\limewire\vorbis.jar LAST MODIFIED: 1156261614263 SIZE: 27215 C:\Program Files\limewire\vorbis.pack LAST MODIFIED: 1198344185396 SIZE: 12814 C:\Program Files\limewire\WindowsFirewall.dll LAST MODIFIED: 1156261553404 SIZE: 61440 C:\Program Files\limewire\WindowsV5PlusUtils.dll LAST MODIFIED: 1156261553451 SIZE: 12808 C:\Program Files\limewire\xerces.jar LAST MODIFIED: 1156261619638 SIZE: 2147687 C:\Program Files\limewire\xml-apis.jar LAST MODIFIED: 1156261620826 SIZE: 207655" Then the 2 options are copy report or ok. It looks like limewire is trying to launch every few minutes but failing. It had started doing this a week ago, so I tried uninstalling limewire. That's when this error message started. How do I stop it? I tried reinstalling limewire and reinstalling it, but no use! My other problem is that sometimes get another message saying that the server is busy and "the program cannot load because the other program is busy" or something, where the options are "switch to" or "retry". What is this and how do I get rid? I have also tried to launch my sims2 game and it keeps saying I have to log into the ea download service, when I do it still won't load. I don't know if this is related so thought I'd add it in. Here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:49:18, on 28/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\D-Link\AirPlus G\AirGCFG .exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\Common Files\Symantec Shared\ccApp .exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kontiki\KHost .exe C:\WINDOWS\Fonts\svchost .exe C:\Program Files\iTunes\iTunesHelper .exe C:\PROGRA~1\COMMON~1\FNTS~1\ping.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier .exe C:\Program Files\WinAble\winable .exe C:\Program Files\Router\Router.exe C:\Program Files\Electronic Arts\EADM\Core .exe C:\Program Files\Kontiki\KService.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Documents and Settings\Sys\My Documents\?racle\m?config.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\mrofinu.exe C:\WINDOWS\mrofinu.exe C:\PROGRA~1\EAGAME~1\THESIM~1\EP2\TSBin\Sims2Launc her.exe C:\Program Files\WinAble\winable.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\limewire\limewire.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\byvsp.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\system32\FirstReboot.exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [mrxebgmrxc] c:\windows\system32\mrxebgmrxc.exe mrxebgmrxc O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092C BD44BD8689220221DD325762EA4EBF968951185EFC41280686 7680AEDE604D64C2661373F819EBDCD66A47 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core .exe" -silent O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost .exe -all O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKCU\..\Run: [Ssep] "C:\PROGRA~1\COMMON~1\FNTS~1\ping.exe" -vt yazb O4 - HKCU\..\Run: [Wjufyigi] "C:\Documents and Settings\Sys\My Documents\?racle\m?config.exe" O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dippydory85.spaces.msn.com//P...d/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1147035800334 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147035790920 O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5AC686DA-E6A6-4D5E-9657-C20BC898CBDB}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A4AA2AF-2269-4390-97B5-3056EEF12CAB}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A40E8826-791F-4388-B920-D58CC8BB5E1F}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9733CA2-ACD7-4D9B-9C50-E51B9040150C}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC4DEB6-3386-4E37-9E74-0D33488F9E42}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E2C8B0-EBF3-40AD-9CFD-0F7617A8EB83}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D0D809-68AA-4D0D-B982-64F2CF44D2F9}: NameServer = 192.168.16.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1 O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3lzdGVtLTE\command.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- End of file - 11401 bytes Please help, I'm so gutted I can't play sims, I really want to play it today!! Thanks |
|
#2
28th Dec 2007, 14:17
| |||
| |||
| Hijackthis log There is more wrong then just limewire. Download SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following: * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. *] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard). * Finally add the contents of the Report.txt in your next post. ---------- Please download Combofix by sUBs from either here or here Save Combofix.exe to your your Desktop. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter) When finished, it will produce a log for you. Add that log in your next reply. Do not mouseclick combofix's window while it's running. That may cause your computer to stall---------- Run a new HijackThis scan and post that log. ---------- Next post please add SDFix log combofix log New HijackThis log You may need to use more then one post for all of the logs.
__________________  |
|
#3
28th Dec 2007, 15:18
| |||
| |||
| Hijackthis log ok thanks so much for that one problem and I feel like a total idiot but I can't get my computer to start in safe mode. I've been pressing f8 and nothing happens. Is there any other way to do it or am I doing something wrong? |
|
#4
28th Dec 2007, 15:21
| |||
| |||
| Hijackthis log There is but we should just skip that for now. It is possible to get stuck in safe mode using other methods. Go ahead on to the next steps.
__________________ |
|
#5
28th Dec 2007, 15:26
| |||
| |||
| Hijackthis log ok, SDfix says to use it in safe mode does that matter? i pressed Y and it's not doing anything. I'm sorry for being such a pain! |
|
#6
28th Dec 2007, 15:32
| |||
| |||
| Hijackthis log Skip SDFix. Go on to combofix and then a new hijackthis log.
__________________ |
|
#7
28th Dec 2007, 17:43
| |||
| |||
| Hijackthis log OK that's done now! Here's the combofix log: ComboFix 07-12-28.1 - Sys 2007-12-28 23:49:49.2 - NTFSx86 Running from: C:\Documents and Settings\Sys\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\byvsp.dll C:\WINDOWS\system32\vtuvtqp.dll C:\WINDOWS\Fonts\- . ---- Previous Run ------- . C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\Sys\Application Data\WinTouch C:\Documents and Settings\Sys\My Documents\RACLE~1 C:\Documents and Settings\Sys\My Documents\RACLE~1\m?config.exe C:\Documents and Settings\Sys\Start Menu\Programs\Outerinfo C:\Documents and Settings\Sys\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Sys\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\PROGRA~1\COMMON~1\FNTS~1\ping.exe C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE C:\PROGRA~1\SYMNET~1\SNDMon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\fnts~1\F?nts\ C:\Program Files\Common Files\fnts~1\ping .exe C:\Program Files\Common Files\fnts~1\ping.exe C:\Program Files\Common Files\racle~1 C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Yazzle1560OinAdmin.exe C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\Electronic Arts\EADM\Core .exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\inetget2 C:\Program Files\inetget2\gm3-24418.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Kontiki\KHost .exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\network monitor C:\Program Files\network monitor\netmon.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\QuickTime\QTTask .exe C:\Program Files\Router C:\Program Files\Router\Router .exe C:\Program Files\Router\Router.exe C:\Program Files\Router\UnInstall.exe C:\Program Files\Temporary C:\Program Files\WinAble C:\Program Files\WinAble\winable .exe C:\Program Files\WinAble\winable.exe C:\Temp\bkR11 C:\WINDOWS\b104.exe C:\WINDOWS\b122.exe C:\WINDOWS\b128.exe C:\WINDOWS\b138.exe C:\WINDOWS\b149.exe C:\WINDOWS\b151.exe C:\WINDOWS\Fonts\svchost.exe C:\WINDOWS\mrofinu1188.exe C:\WINDOWS\pack.epk C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\awturrr.dll C:\WINDOWS\system32\bck.dll C:\WINDOWS\system32\byvsp.exe C:\WINDOWS\system32\FirstReboot.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mrxebgmrxc.dat c:\WINDOWS\system32\mrxebgmrxc_nav.dat C:\WINDOWS\system32\mrxebgmrxc_navps.dat C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmnoppn.dll C:\WINDOWS\system32\psvyb.ini C:\WINDOWS\system32\psvyb.ini2 C:\WINDOWS\system32\vtuvtts.dll C:\WINDOWS\system32\wnsapiisv.exe C:\WINDOWS\system32\wvuttus.dll C:\WINDOWS\U3lzdGVtLTE\ C:\WINDOWS\U3lzdGVtLTE\\asappsrv.dll C:\WINDOWS\U3lzdGVtLTE\\command.exe C:\WINDOWS\U3lzdGVtLTE\\oa5Wx3pQMnH.vbs C:\WINDOWS\U3lzdGVtLTE\command.exe C:\WINDOWS\uninstall_nmon.vbs C:\winlogon.exe C:\x.dat C:\z.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\cmdService -------\Network Monitor ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-28 20:47 . 2007-12-28 20:47 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-21 19:42 . 2007-12-28 22:01 376,320 --a------ C:\WINDOWS\mrofinu1188.exe.tmp 2007-12-21 00:05 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\STOPzilla! 2007-12-21 00:05 . 2007-12-21 00:05 <DIR> d-------- C:\Program Files\Common Files\iS3 2007-12-21 00:05 . 2007-12-29 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2007-12-20 23:14 . 2007-12-20 23:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-20 23:13 . 2007-12-28 22:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe 2007-12-20 23:13 . 2007-12-28 22:03 24,576 --a------ C:\WINDOWS\system32\FirstReboot .exe 2007-12-20 23:01 . 2007-12-20 23:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-12-20 22:58 . 2007-12-20 22:58 <DIR> d-------- C:\WINDOWS\system32\daSgo18 2007-12-20 22:58 . 2007-12-28 23:07 <DIR> d-------- C:\Temp 2007-12-20 22:58 . 2007-12-20 22:58 134 --a------ C:\n.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2007-12-29 00:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2007-12-28 23:48 --------- d-----w C:\Documents and Settings\Sys\Application Data\OpenOffice.org2 2007-12-28 23:05 --------- d-----w C:\Program Files\SymNetDrv 2007-12-28 23:05 --------- d-----w C:\Program Files\QuickTime 2007-12-28 23:05 --------- d-----w C:\Program Files\Kontiki 2007-12-28 23:05 --------- d-----w C:\Program Files\iTunes 2007-12-28 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-28 22:10 118,335 ----a-w C:\WINDOWS\Fonts\x.zip 2007-12-28 22:04 290,821 ----a-w C:\WINDOWS\Fonts\svchost .exe 2007-12-27 10:44 10 ----a-w C:\Program Files\.autoreg 2007-12-22 21:27 --------- d-----w C:\Program Files\LimeWire 2007-12-22 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-22 15:51 --------- d-----w C:\Program Files\Symantec 2007-12-22 12:43 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-19 21:38 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-11-14 20:25 --------- d-----w C:\Documents and Settings\Sys\Application Data\Media Player Classic 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-02 23:03 --------- d-----w C:\Program Files\Channel4 2007-11-02 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4 2007-10-29 18:23 --------- d-----w C:\Program Files\Java 2007-10-01 12:15 290,822 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B3C732-B718-4F23-9CE5-306D213E0337}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "Wjufyigi"="C:\Documents and Settings\Sys\My Documents\?racle\m?config.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe] "SoundFusion"="RunDll32 hercplgs.cpl" [] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [] C:\Documents and Settings\Sys\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] C:\Program Files\Kontiki\KHost.exe -all [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install . Contents of the 'Scheduled Tasks' folder "2006-12-18 23:30:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sys.job" - C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2007-12-28 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2007-12-29 00:13:43 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************** ************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 00:12:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2007-12-29 0:22:43 - machine was rebooted [Sys] . 2007-12-12 23:21:02 --- E O F --- Here's the new hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:23:07, on 29/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O2 - BHO: (no name) - {B7B3C732-B718-4F23-9CE5-306D213E0337} - \ O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Wjufyigi] "C:\Documents and Settings\Sys\My Documents\?racle\m?config.exe" O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dippydory85.spaces.msn.com//P...d/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1147035800334 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147035790920 O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5AC686DA-E6A6-4D5E-9657-C20BC898CBDB}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A4AA2AF-2269-4390-97B5-3056EEF12CAB}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A40E8826-791F-4388-B920-D58CC8BB5E1F}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9733CA2-ACD7-4D9B-9C50-E51B9040150C}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC4DEB6-3386-4E37-9E74-0D33488F9E42}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E2C8B0-EBF3-40AD-9CFD-0F7617A8EB83}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D0D809-68AA-4D0D-B982-64F2CF44D2F9}: NameServer = 192.168.16.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1 O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- End of file - 9778 bytes Does this help? The combofix thing froze halfway through so I had to restart, hope that's ok! Any info you can give me I'd be soooo grateful! |
|
#8
28th Dec 2007, 18:03
| |||
| |||
| Hijackthis log Delete these files/folders, as follows: * Open notepad and copy/paste the text below into it ========== Folder:: C:\Temp C:\n.bat File:: C:\WINDOWS\mrofinu1188.exe.tmp C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\daSgo18 ========== * Save this as CFScript on the desktop. * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!  * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang ---------- Open HijackThis and select Do a system scan only then place a check mark next to: O2 - BHO: (no name) - {B7B3C732-B718-4F23-9CE5-306D213E0337} - \ Close all windows except for HijackThis and click Fix checked ---------- Then do steps Two, Three and Four in this post ---------- Next post please add Combofix log SUPERAntiSpyware log ESET log New HijackThis log You may need more then one post to get them all added.
__________________ |
|
#9
29th Dec 2007, 09:43
| |||
| |||
| Hijackthis log ok it's taken practically all day but here are the logs: combofix: ComboFix 07-12-28.1 - Sys 2007-12-29 10:45:06.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.208 [GMT 0:00] Running from: C:\Documents and Settings\Sys\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Sys\Desktop\CFScript.txt FILE C:\WINDOWS\mrofinu1188.exe.tmp C:\WINDOWS\system32\daSgo18 C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\n.bat\ C:\Temp C:\WINDOWS\mrofinu1188.exe.tmp C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-28 20:47 . 2007-12-28 20:47 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-21 00:05 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\STOPzilla! 2007-12-21 00:05 . 2007-12-21 00:05 <DIR> d-------- C:\Program Files\Common Files\iS3 2007-12-21 00:05 . 2007-12-29 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2007-12-20 23:14 . 2007-12-20 23:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-20 23:13 . 2007-12-28 22:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe 2007-12-20 23:13 . 2007-12-28 22:03 24,576 --a------ C:\WINDOWS\system32\FirstReboot .exe 2007-12-20 22:58 . 2007-12-20 22:58 <DIR> d-------- C:\WINDOWS\system32\daSgo18 2007-12-20 22:58 . 2007-12-20 22:58 134 --a------ C:\n.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2007-12-29 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2007-12-29 10:35 --------- d-----w C:\Documents and Settings\Sys\Application Data\OpenOffice.org2 2007-12-28 23:05 --------- d-----w C:\Program Files\SymNetDrv 2007-12-28 23:05 --------- d-----w C:\Program Files\QuickTime 2007-12-28 23:05 --------- d-----w C:\Program Files\Kontiki 2007-12-28 23:05 --------- d-----w C:\Program Files\iTunes 2007-12-28 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-28 22:10 118,335 ----a-w C:\WINDOWS\Fonts\x.zip 2007-12-28 22:04 290,821 ----a-w C:\WINDOWS\Fonts\svchost .exe 2007-12-27 10:44 10 ----a-w C:\Program Files\.autoreg 2007-12-22 21:27 --------- d-----w C:\Program Files\LimeWire 2007-12-22 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-22 15:51 --------- d-----w C:\Program Files\Symantec 2007-12-22 12:43 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-19 21:38 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-11-14 20:25 --------- d-----w C:\Documents and Settings\Sys\Application Data\Media Player Classic 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-02 23:03 --------- d-----w C:\Program Files\Channel4 2007-11-02 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 18:23 --------- d-----w C:\Program Files\Java 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-05 10:11 225,280 ----a-r C:\WINDOWS\system32\SZBase5.dll 2007-10-04 22:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-04 21:40 442,368 ----a-w C:\WINDOWS\system32\vp6vfw.dll 2007-10-01 12:15 290,822 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-29_ 0.14.28.37 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-29 10:34:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_588.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B3C732-B718-4F23-9CE5-306D213E0337}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "Wjufyigi"="C:\Documents and Settings\Sys\My Documents\?racle\m?config.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe] "SoundFusion"="RunDll32 hercplgs.cpl" [] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [] C:\Documents and Settings\Sys\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] C:\Program Files\Kontiki\KHost.exe -all [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install . Contents of the 'Scheduled Tasks' folder "2006-12-18 23:30:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sys.job" - C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2007-12-28 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2007-12-29 10:35:14 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************** ************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 10:49:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2007-12-29 10:50:06 C:\ComboFix2.txt ... 2007-12-29 00:22 . 2007-12-12 23:21:02 --- E O F --- SuperAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/29/2007 at 01:54 PM Application Version : 3.9.1008 Core Rules Database Version : 3370 Trace Rules Database Version: 1365 Scan type : Complete Scan Total Scan Time : 02:26:47 Memory items scanned : 483 Memory threats detected : 0 Registry items scanned : 5120 Registry threats detected : 0 File items scanned : 52480 File threats detected : 250 Adware.Tracking Cookie C:\Documents and Settings\Sys\Cookies\sys@targetnet[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.3pintracking[1].txt C:\Documents and Settings\Sys\Cookies\sys@mediaplex[2].txt C:\Documents and Settings\Sys\Cookies\sys@revsci[2].txt C:\Documents and Settings\Sys\Cookies\sys@adultreviews[2].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-debenhams.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@atwola[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.addynamix[1].txt C:\Documents and Settings\Sys\Cookies\sys@server.iad.liveperson[1].txt C:\Documents and Settings\Sys\Cookies\sys@sheffield[1].txt C:\Documents and Settings\Sys\Cookies\sys@anad.tacoda[1].txt C:\Documents and Settings\Sys\Cookies\sys@statse.webtrendslive[1].txt C:\Documents and Settings\Sys\Cookies\sys@3141717[1].txt C:\Documents and Settings\Sys\Cookies\sys@mediafire[2].txt C:\Documents and Settings\Sys\Cookies\sys@doubleclick[1].txt C:\Documents and Settings\Sys\Cookies\sys@cassava[1].txt C:\Documents and Settings\Sys\Cookies\sys@partners.webmasterplan[2].txt C:\Documents and Settings\Sys\Cookies\sys@media.adrevolver[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads1.revenue[1].txt C:\Documents and Settings\Sys\Cookies\sys@server.iad.liveperson[3].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-quinstreet.hitbox[2].txt C:\Documents and Settings\Sys\Cookies\sys@advertising[2].txt C:\Documents and Settings\Sys\Cookies\sys@clickbank[1].txt C:\Documents and Settings\Sys\Cookies\sys@as1.falkag[2].txt C:\Documents and Settings\Sys\Cookies\sys@hitbox[2].txt C:\Documents and Settings\Sys\Cookies\sys@diy[2].txt C:\Documents and Settings\Sys\Cookies\sys@brightcove.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@drivecleaner[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.jointheporn[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.dgm2[1].txt C:\Documents and Settings\Sys\Cookies\sys@a[1].txt C:\Documents and Settings\Sys\Cookies\sys@revenue[1].txt C:\Documents and Settings\Sys\Cookies\sys@counter13.sextracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.guardian.co[1].txt C:\Documents and Settings\Sys\Cookies\sys@counter3.sextracker[2].txt C:\Documents and Settings\Sys\Cookies\sys@tacoda[2].txt C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[2].txt C:\Documents and Settings\Sys\Cookies\sys@85072435[2].txt C:\Documents and Settings\Sys\Cookies\sys@2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@zedo[2].txt C:\Documents and Settings\Sys\Cookies\sys@data2.perf.overture[2].txt C:\Documents and Settings\Sys\Cookies\sys@netli.media.adrevolver[2].txt C:\Documents and Settings\Sys\Cookies\sys@kanoodle[2].txt C:\Documents and Settings\Sys\Cookies\sys@adultbouncer[1].txt C:\Documents and Settings\Sys\Cookies\sys@versiontracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.pointroll[2].txt C:\Documents and Settings\Sys\Cookies\sys@32744355[1].txt C:\Documents and Settings\Sys\Cookies\sys@indextools[1].txt C:\Documents and Settings\Sys\Cookies\sys@fastclick[1].txt C:\Documents and Settings\Sys\Cookies\sys@tooth14.bigmouthmedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.ppctracking[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.telegraph.co[1].txt C:\Documents and Settings\Sys\Cookies\sys@adopt.hbmediapro[2].txt C:\Documents and Settings\Sys\Cookies\sys@15829[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.googleadservices[1].txt C:\Documents and Settings\Sys\Cookies\sys@maxserving[1].txt C:\Documents and Settings\Sys\Cookies\sys@30270[2].txt C:\Documents and Settings\Sys\Cookies\sys@adrevolver[1].txt C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@cgi-bin[2].txt C:\Documents and Settings\Sys\Cookies\sys@media.adrevolver[1].txt C:\Documents and Settings\Sys\Cookies\sys@microsofteup.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@bs.serving-sys[2].txt C:\Documents and Settings\Sys\Cookies\sys@msnportal.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@counter16.sextracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@adtech[2].txt C:\Documents and Settings\Sys\Cookies\sys@888[2].txt C:\Documents and Settings\Sys\Cookies\sys@atdmt[2].txt C:\Documents and Settings\Sys\Cookies\sys@valueclick[2].txt C:\Documents and Settings\Sys\Cookies\sys@anat.tacoda[2].txt C:\Documents and Settings\Sys\Cookies\sys@image.masterstats[1].txt C:\Documents and Settings\Sys\Cookies\sys@e-2dj6wflicjdzmep.stats.esomniture[1].txt C:\Documents and Settings\Sys\Cookies\sys@serving-sys[2].txt C:\Documents and Settings\Sys\Cookies\sys@tradedoubler[1].txt C:\Documents and Settings\Sys\Cookies\sys@statcounter[1].txt C:\Documents and Settings\Sys\Cookies\sys@adbrite[2].txt C:\Documents and Settings\Sys\Cookies\sys@saletrack.co[2].txt C:\Documents and Settings\Sys\Cookies\sys@rotator.its.adjuggler[2].txt C:\Documents and Settings\Sys\Cookies\sys@counter4.sextracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.clash-media[2].txt C:\Documents and Settings\Sys\Cookies\sys@int[1].txt C:\Documents and Settings\Sys\Cookies\sys@stats.drivecleaner[2].txt C:\Documents and Settings\Sys\Cookies\sys@uk[1].txt C:\Documents and Settings\Sys\Cookies\sys@e-2dj6wjl4sgazclp.stats.esomniture[2].txt C:\Documents and Settings\Sys\Cookies\sys@apmebf[2].txt C:\Documents and Settings\Sys\Cookies\sys@stats.channel4[1].txt C:\Documents and Settings\Sys\Cookies\sys@counter2.hitslink[1].txt C:\Documents and Settings\Sys\Cookies\sys@interclick[1].txt C:\Documents and Settings\Sys\Cookies\sys@pornokinki[2].txt C:\Documents and Settings\Sys\Cookies\sys@adopt.euroclick[2].txt C:\Documents and Settings\Sys\Cookies\sys@www2.adultreviews[1].txt C:\Documents and Settings\Sys\Cookies\sys@ebookers[2].txt C:\Documents and Settings\Sys\Cookies\sys@trafficmp[1].txt C:\Documents and Settings\Sys\Cookies\sys@cs.sexcounter[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads.revsci[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.adultvideonetwork[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads.itv[2].txt C:\Documents and Settings\Sys\Cookies\sys@affiliatemarketing.direct track[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads0.revenue[1].txt C:\Documents and Settings\Sys\Cookies\sys@perf.overture[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.realtechnetwork[2].txt C:\Documents and Settings\Sys\Cookies\sys@tracking.summitmedia.co[1].txt C:\Documents and Settings\Sys\Cookies\sys@bluestreak[2].txt C:\Documents and Settings\Sys\Cookies\sys@reduxads.valuead[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.porn365[2].txt C:\Documents and Settings\Sys\Cookies\sys@roiservice[2].txt C:\Documents and Settings\Sys\Cookies\sys@grouchymedia[1].txt C:\Documents and Settings\Sys\Cookies\sys@linkto.mediafire[2].txt C:\Documents and Settings\Sys\Cookies\sys@27423[1].txt C:\Documents and Settings\Sys\Cookies\sys@ext[1].txt C:\Documents and Settings\Sys\Cookies\sys@realmedia[1].txt C:\Documents and Settings\Sys\Cookies\sys@sextracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@paycounter[2].txt C:\Documents and Settings\Sys\Cookies\sys@s[1].txt C:\Documents and Settings\Sys\Cookies\sys@ad1.emediate[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.as4x.tmcs.ticketmaste r[1].txt C:\Documents and Settings\Sys\Cookies\sys@web-stat[2].txt C:\Documents and Settings\Sys\Cookies\sys@27427[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.intelli-tracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@adverts.digitalspy.co[2].txt C:\Documents and Settings\Sys\Cookies\sys@ad.yieldmanager[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads.monster[1].txt C:\Documents and Settings\Sys\Cookies\sys@qksrv[2].txt C:\Documents and Settings\Sys\Cookies\sys@sexlist[1].txt C:\Documents and Settings\Sys\Cookies\sys@superstats[2].txt C:\Documents and Settings\Sys\Cookies\sys@counter6.sextracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@paypal.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-carphonewarehouse.hitbox[2].txt C:\Documents and Settings\Sys\Cookies\sys@directtrack[1].txt C:\Documents and Settings\Sys\Cookies\sys@myoffers[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.mediamayhemcorp[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.couplesseduceteens[1].txt C:\Documents and Settings\Sys\Cookies\sys@www1.addfreestats[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.virginmedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@bannersng.yell[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.googleadservices[2].txt C:\Documents and Settings\Sys\Cookies\sys@media.adrevolver[3].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-littlewoods.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@xiti[1].txt C:\Documents and Settings\Sys\Cookies\sys@adserve.v-store.co[1].txt C:\Documents and Settings\Sys\Cookies\sys@screensavers[2].txt C:\Documents and Settings\Sys\Cookies\sys@specificclick[2].txt C:\Documents and Settings\Sys\Cookies\sys@a.websponsors[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.everyclick[1].txt C:\Documents and Settings\Sys\Cookies\sys@frathouse****fest[1].txt C:\Documents and Settings\Sys\Cookies\sys@windowsmedia[1].txt C:\Documents and Settings\Sys\Cookies\sys@servedby.adxpower[1].txt C:\Documents and Settings\Sys\Cookies\sys@partypoker[2].txt C:\Documents and Settings\Sys\Cookies\sys@adopt.specificclick[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads.expedia[1].txt C:\Documents and Settings\Sys\Cookies\sys@channel4.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@e-2dj6wfkyokd5eap.stats.esomniture[2].txt C:\Documents and Settings\Sys\Cookies\sys@msnaccountservices.112.2o 7[1].txt C:\Documents and Settings\Sys\Cookies\sys@adserver.easyad[1].txt C:\Documents and Settings\Sys\Cookies\sys@mediatraffic[2].txt C:\Documents and Settings\Sys\Cookies\sys@videoegg.adbureau[1].txt C:\Documents and Settings\Sys\Cookies\sys@9588615[1].txt C:\Documents and Settings\Sys\Cookies\sys@gratisinternet.directtrac k[1].txt C:\Documents and Settings\Sys\Cookies\sys@medbanner[2].txt C:\Documents and Settings\Sys\Cookies\sys@burstnet[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-digg.hitbox[2].txt C:\Documents and Settings\Sys\Cookies\sys@adecn[2].txt C:\Documents and Settings\Sys\Cookies\sys@i.screensavers[1].txt C:\Documents and Settings\Sys\Cookies\sys@worldlingomedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-mindshare.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-bbc.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@cbs.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@cts.metricsdirect[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-techtarget.hitbox[2].txt C:\Documents and Settings\Sys\Cookies\sys@rotator.adjuggler[2].txt C:\Documents and Settings\Sys\Cookies\sys@4.adbrite[2].txt C:\Documents and Settings\Sys\Cookies\sys@shinystat[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.content-type[1].txt C:\Documents and Settings\Sys\Cookies\sys@xxxpower[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-baa.hitbox[2].txt C:\Documents and Settings\Sys\Cookies\sys@partygaming.122.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@media.licenseacquisition[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.googleadservices[7].txt C:\Documents and Settings\Sys\Cookies\sys@27426[1].txt C:\Documents and Settings\Sys\Cookies\sys@keywordmax[1].txt C:\Documents and Settings\Sys\Cookies\sys@247realmedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@komtrack[2].txt C:\Documents and Settings\Sys\Cookies\sys@uk.sitestat[2].txt C:\Documents and Settings\Sys\Cookies\sys@content.licenseacquisitio n[2].txt C:\Documents and Settings\Sys\Cookies\sys@counter2.sextracker[1].txt C:\Documents and Settings\Sys\Cookies\sys@clicksor[1].txt C:\Documents and Settings\Sys\Cookies\sys@questionmarket[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.findaproperty[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.mediafire[1].txt C:\Documents and Settings\Sys\Cookies\sys@rocku.adbureau[2].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-ghd.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@counter15.sextracker[2].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-aha.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@maxis.112.2o7[1].txt C:\Documents and Settings\Sys\Cookies\sys@112.2o7[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.sexmaxx[1].txt C:\Documents and Settings\Sys\Cookies\sys@e-2dj6wak4kldjklp.stats.esomniture[2].txt C:\Documents and Settings\Sys\Cookies\sys@overture[1].txt C:\Documents and Settings\Sys\Cookies\sys@click.zoopartners[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.psyclick.org[2].txt C:\Documents and Settings\Sys\Cookies\sys@movieland[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.awltovhc[1].txt C:\Documents and Settings\Sys\Cookies\sys@date.ventivmedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads.ak.facebook[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-ubisoft.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@virginmedia[2].txt C:\Documents and Settings\Sys\Cookies\sys@ad.zanox[2].txt C:\Documents and Settings\Sys\Cookies\sys@try.screensavers[1].txt C:\Documents and Settings\Sys\Cookies\sys@ad.outerinfoads[2].txt C:\Documents and Settings\Sys\Cookies\sys@www1.flatmateclick.co[1].txt C:\Documents and Settings\Sys\Cookies\sys@adrevenue[2].txt C:\Documents and Settings\Sys\Cookies\sys@adserver.mediarun[1].txt C:\Documents and Settings\Sys\Cookies\sys@uk.sitestat[1].txt C:\Documents and Settings\Sys\Cookies\sys@stat.onestat[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.burstbeacon[1].txt C:\Documents and Settings\Sys\Cookies\sys@azjmp[1].txt C:\Documents and Settings\Sys\Cookies\sys@edge.ru4[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-vcbs.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@www.googleadservices[4].txt C:\Documents and Settings\Sys\Cookies\sys@banners.victor[1].txt C:\Documents and Settings\Sys\Cookies\sys@ads.adbrite[1].txt C:\Documents and Settings\Sys\Cookies\sys@ehg-dig.hitbox[1].txt C:\Documents and Settings\Sys\Cookies\sys@cdn.euroclick[2].txt C:\Documents and Settings\Sys\Cookies\sys@www.burstnet[2].txt C:\Documents and Settings\Sys\Cookies\sys@ads.joinaxxess[1].txt Unclassified.Unknown Origin C:\PROGRAM FILES\TTC.DLL C:\QOOBOX\QUARANTINE\C\WINDOWS\U3LZDGVTLTE\COMMAND .EXE.VIR Adware.ClickSpring C:\qoobox\Quarantine\C\Documents and Settings\Sys\My Documents\RACLE~1\MCONFI~1.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BCK.DLL.VI R Adware.ClickSpring-Variant C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\FNTS~1\PING .EXE.VIR Trojan.Vundo/Variant-Installer C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\FNTS~1\PING.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ROUTER\ROUTER.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINABLE\WINABLE.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BYVSP.EXE. VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIRSTREBOO T.EXE.VIR Adware.ClickSpring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1560OINADMIN.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1560OINUNINSTALLER.EXE.VIR C:\WINDOWS\PREFETCH\YAZZLE1560OINADMIN.EXE-101E58E0.PF C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1560.EXE-2B27AA23.PF Trojan.Unknown Origin C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INETGET2\GM3-24418.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\B128.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSAPIISV. EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\U3LZDGVTLTE\OA5WX3P QMNH.VBS.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS. VIR Trojan.NetMon/DNSChange C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR Adware.Vundo Variant C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AWTURRR.DL L.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VTUVTTS.DL L.VIR Adware.Adservs C:\QOOBOX\QUARANTINE\C\WINDOWS\U3LZDGVTLTE\ASAPPSR V.DLL.VIR other 2 logs to follow... |
|
#10
29th Dec 2007, 09:44
| |||
| |||
| Hijackthis log ESET: # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2755 (20071229) # vers_arch_module=1.060 (20071228) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=a4444532331895459cddf6847305cc6a # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2007-12-29 04:24:21 # local_time=2007-12-29 04:24:21 (+0000, GMT Standard Time) # country="United Kingdom" # osver=5.1.2600 NT Service Pack 2 # scanned=344736 # found=123 # scan_time=6145 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\Christmas lights to music.zip probably unknown NewHeur_PE virus (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\Christmas lights to music.zip »ZIP »Setup.exe probably unknown NewHeur_PE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\Christmas lights.zip probably unknown NewHeur_PE virus (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\Christmas lights.zip »ZIP »Setup.exe probably unknown NewHeur_PE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\[Full] christmas lights with Bonus.zip Win32/Adware.TrafficSol application (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\[Full] christmas lights with Bonus.zip »ZIP »setup.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\[Full] christmas lights with Bonus.zip »ZIP »setup.exe »NSIS »bann.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Sys\My Documents\My Music\iTunes\iTunes Music\Limewire\[Full] christmas lights with Bonus.zip »ZIP »setup.exe »NSIS »bann.exe »NSIS »gzmrotate.dll Win32/Adware.TrafficSol application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\Electronic Arts\EADM\Core.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\Program Files\QuickTime\QTTask.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\catchme2007-12-29_ 01207.98.zip multiple infiltrations (deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\catchme2007-12-29_ 01207.98.zip »ZIP »byvsp.dll Win32/Adware.Virtumonde.CLI application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\qoobox\Quarantine\catchme2007-12-29_ 01207.98.zip »ZIP »vtuvtqp.dll Win32/Adware.Virtumonde application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccApp.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\D-Link\AirPlus G\AirGCFG.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Electronic Arts\EADM\Core .exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\HP\HP Software Update\HPWuSchd2.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Kontiki\KHost .exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Kontiki\KHost.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\NORTON~1\AdvTools\ADVCHK.EXE.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\SYMNET~1\SNDMon.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir probably a variant of Win32/TrojanDownloader.Agent trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.tmp .vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.v ir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\system32\NeroCheck. exe.vir Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\system32\pmnoppn.dl l.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\system32\wvuttus.dl l.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145065 probably a variant of Win32/Adware.PurityScan application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145086 Win32/Adware.CommAd application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145087 Win32/Adware.CommAd application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145129 Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145139 Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145174 Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145182 probably a variant of Win32/Adware.PurityScan application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145188 a variant of Win32/TrojanDownloader.PurityScan trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145195 Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145212 Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145235 a variant of Win32/TrojanDownloader.PurityScan trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145236 Win32/TrojanDownloader.Small.BUY trojan (deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145236 »NSIS »MTE3MTk6ODoxNg.exe Win32/TrojanDownloader.Small.BUY trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145292.VIR Win32/Adware.CommAd application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145293.VIR probably a variant of Win32/Adware.PurityScan application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145294.VIR probably a variant of Win32/Adware.PurityScan application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145295.VIR a variant of Win32/TrojanDownloader.PurityScan trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145296.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145297.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145298.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145299.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145300.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145301.VIR a variant of Win32/TrojanDownloader.PurityScan trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145306.VIR Win32/TrojanDownloader.Small.BUY trojan (deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145306.VIR »NSIS »MTE3MTk6ODoxNg.exe Win32/TrojanDownloader.Small.BUY trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145314.VIR Win32/Adware.CommAd application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145499.ZIP probably unknown NewHeur_PE virus (deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145499.ZIP »ZIP »Setup.exe probably unknown NewHeur_PE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145500.ZIP probably unknown NewHeur_PE virus (deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145500.ZIP »ZIP »Setup.exe probably unknown NewHeur_PE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145501.ZIP Win32/Adware.TrafficSol application (deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145501.ZIP »ZIP »setup.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145501.ZIP »ZIP »setup.exe »NSIS »bann.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145501.ZIP »ZIP »setup.exe »NSIS »bann.exe »NSIS »gzmrotate.dll Win32/Adware.TrafficSol application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145507.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145508.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145509.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145510.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145511.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145512.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145513.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145533.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145534.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145535.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145536.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145537.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145538.EXE Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145539.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145542.ZIP multiple infiltrations (deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145542.ZIP »ZIP »byvsp.dll Win32/Adware.Virtumonde.CLI application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145542.ZIP »ZIP »vtuvtqp.dll Win32/Adware.Virtumonde application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145543.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145544.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145545.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145546.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145547.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145548.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145549.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145550.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145551.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145552.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145553.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145554.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145555.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145556.VIR probably a variant of Win32/TrojanDownloader.Agent trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145557.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145558.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145559.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145560.VIR Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145561.VIR Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\NPROTECT\00145562.VIR Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\Fonts\Setup.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\Fonts\svchost .exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\Fonts\x.zip probably unknown NewHeur_PE virus (deleted) 00000000000000000000000000000000 C:\WINDOWS\Fonts\x.zip »ZIP »Setup.exe probably unknown NewHeur_PE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\WINDOWS\system32\daSgo18\daSgo182328.exe a variant of Win32/TrojanDownloader.VB.AW trojan (unable to clean - deleted) 00000000000000000000000000000000 E:\RECYCLER\NPROTECT\00000015.exe Win32/TrojanDownloader.Small.GZS trojan (unable to clean - deleted) 00000000000000000000000000000000 E:\RECYCLER\NPROTECT\00000021.exe Win32/TrojanDownloader.Small.GZS trojan (unable to clean - deleted) 00000000000000000000000000000000 new hijackthis log to follow... |
 |
 |
| Bookmarks |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| HiJackThis Log | duskmon10 | Virus, Spyware & Security | 15 | 20th Dec 2008 07:24 |
| Hijackthis log | Sideways52 | Virus, Spyware & Security | 7 | 29th Nov 2008 23:47 |
| HiJackthis Log | Razer | Virus, Spyware & Security | 5 | 2nd Sep 2008 11:46 |
| Need help with Hijackthis log | moreorless | Virus, Spyware & Security | 1 | 6th Jul 2008 12:28 |
| Done that hijackthis log | muay | Virus, Spyware & Security | 11 | 11th Jan 2008 15:44 |
| Thread Tools | |
| |
