|
|
|
I seem to be getting pop ups!
|
|
|
ubermensh
Suspended due to non-functional email address
|
12. January 2008 @ 23:13 |
Link to this message
|
Alrighty, I was on the internet -obviously- surfin' 'round with mozilla and clicked an ad on accident. Next thing I see is my command prompt opening and some crap installing. I uninstalled most of it manually and removed somethings and scanned with AVG but, something is there that I can't remove. Don't know what it is and I don't know anything about Hijack This logs....
So, I decided I'd post mine!
It's pretty slim seeing as how I just reformatted my hard drive.
Here ya go!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:16 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Netgear\WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [{39-97-7F-FB-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Netgear\WG311v2 Adapter\wlancfg5.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3667 bytes
I suck at everything! D:
|
|
Advertisement
|
 |
|
|
Member
|
13. January 2008 @ 10:21 |
Link to this message
|
I dont see a anti-malware app in the log. your AVG is mainly for viruses. AVG also makes a anti-malware app. i would get it or another one, download, install, update and scan with it. if you still get popups post back.
http://free.grisoft.com/doc/20/lng/us/tpl/v5
|
|
ubermensh
Suspended due to non-functional email address
|
13. January 2008 @ 13:34 |
Link to this message
|
I scanned with AVG Anti-Spyware but I don't think it healed/deleted anything. It did however log what it found and It will be posted underneath. I am still getting pop ups so I don't think it took any action in cleaning out the malicious stuff.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:30:47 AM 1/13/2008
+ Scan result:
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004876.exe -> Adware.Agent : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004909.dll -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP20\A0004987.exe -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP21\A0005071.exe -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP21\A0005095.exe -> Adware.CommAd : Ignored.
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004872.exe -> Downloader.Agent.erf : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004877.exe -> Downloader.Small.buy : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004873.exe -> Hijacker.VB.vx : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004874.exe -> Hijacker.VB.vx : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004914.dll -> Not-A-Virus.Adware.Agent : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004869.dll -> Not-A-Virus.Adware.TTC : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004870.dll -> Not-A-Virus.Adware.TTC : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004871.dll -> Not-A-Virus.Adware.TTC : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP20\A0004988.exe -> Not-A-Virus.Adware.TTC : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP21\A0005072.exe -> Not-A-Virus.Adware.TTC : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP21\A0005094.exe -> Not-A-Virus.Adware.TTC : Ignored.
C:\WINDOWS\TTC-4444.exe -> Not-A-Virus.Adware.TTC : Ignored.
C:\WINDOWS\system32\vt8\tycodllz83122.exe -> Not-A-Virus.Adware.TTC : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP20\A0004984.exe -> Not-A-Virus.Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP21\A0005068.exe -> Not-A-Virus.Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP21\A0005098.exe -> Not-A-Virus.Adware.ZenoSearch : Ignored.
C:\Program Files\Network Monitor\netmon.exe~ -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP17\A0004751.exe -> Not-A-Virus.RiskTool.Win32.Reboot.e : Ignored.
:mozilla.421:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@electronicarts.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignored.
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.364:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.365:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.366:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adengage : Ignored.
:mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adengage : Ignored.
:mozilla.337:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adengage : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.422:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.423:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.424:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.425:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.426:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.427:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Burstbeacon : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Ignored.
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Clickhype : Ignored.
:mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
:mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.331:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Cqcounter : Ignored.
:mozilla.353:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Cqcounter : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.293:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Enhance : Ignored.
:mozilla.294:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Enhance : Ignored.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt -> TrackingCookie.Findwhat : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-asco.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@hypertracker[1].txt -> TrackingCookie.Hypertracker : Ignored.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Information : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.413:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Masterstats : Ignored.
:mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Pro-market : Ignored.
:mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Pro-market : Ignored.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt -> TrackingCookie.Revsci : Ignored.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.322:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.323:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.325:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.326:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.240:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.285:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\urq93h57.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Ignored.
C:\System Volume Information\_restore{6E3D2963-A926-4FB1-B168-6BFE97D56E4F}\RP19\A0004910.vbs -> Trojan.Small : Ignored.
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Ignored.
::Report end
I suck at everything! D:
|
|
ubermensh
Suspended due to non-functional email address
|
13. January 2008 @ 13:40 |
Link to this message
|
|
Sorry, I don't know how to edit a post and I had forgotten to say that I don't know why it had just ignored all of the malicious items.
I suck at everything! D:
|
Member
|
13. January 2008 @ 17:27 |
Link to this message
|
ok. tracking cookies are not much to be concerned about.
this:
C:\System Volume Information
is your system restore points, which we will clean out at the last step.
lets see what combofix can dig up;
Download combofix from one of these links and save it to Desktop:
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running. Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
|
|
ubermensh
Suspended due to non-functional email address
|
13. January 2008 @ 18:18 |
Link to this message
|
Thanks man and here's the log:
ComboFix 08-01-14.1 - Administrator 2008-01-13 15:58:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.265 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe~
C:\temp\tn3
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\unist1.htm
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.
2008-01-14 16:13 . 2008-01-14 16:13 <DIR> d-------- C:\Temp\tn3
2008-01-13 15:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 13:36 . 2008-01-13 13:36 <DIR> d-------- C:\Program Files\uTorrent
2008-01-13 13:36 . 2008-01-13 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-13 10:47 . 2008-01-13 10:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-13 10:47 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 21:04 . 2008-01-12 21:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 19:10 . 2008-01-12 20:43 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-01-12 15:29 . 2008-01-12 18:23 <DIR> d-------- C:\Program Files\Internet Explorer Assistant
2008-01-12 15:28 . 2008-01-12 15:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 15:28 . 2008-01-13 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 15:28 . 2008-01-12 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-12 15:28 . 2008-01-13 08:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-12 15:28 . 2008-01-12 15:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-12 15:28 . 2008-01-12 15:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-12 15:14 . 2008-01-12 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-01-12 15:13 . 2008-01-12 15:13 43,065 --a------ C:\WINDOWS\acdt-pid72.exe
2008-01-12 15:12 . 2008-01-12 15:12 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-12 15:12 . 2008-01-12 15:59 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-12 15:12 . 2008-01-12 15:59 <DIR> d-------- C:\WINDOWS\system32\ez4
2008-01-12 15:12 . 2008-01-12 15:12 <DIR> d-------- C:\WINDOWS\system32\edcA17
2008-01-12 15:12 . 2008-01-12 15:12 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-12 15:12 . 2008-01-14 16:13 <DIR> d-------- C:\Temp
2008-01-12 15:12 . 2008-01-12 15:12 86,016 --a------ C:\WINDOWS\system32\drivers\mnmddd.sys
2008-01-12 15:12 . 2008-01-14 16:07 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-12 15:11 . 2008-01-12 15:11 <DIR> d-------- C:\WINDOWS\Sun
2008-01-12 09:33 . 2008-01-12 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-12 00:44 . 2008-01-12 00:44 <DIR> d-------- C:\Program Files\Bonjour
2008-01-12 00:36 . 2008-01-12 00:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-12 00:35 . 2008-01-12 00:44 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-11 22:41 . 2008-01-11 22:41 <DIR> d-------- C:\Program Files\DivX
2008-01-11 22:27 . 2008-01-12 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-01-11 22:18 . 2008-01-11 22:41 1,292 --a------ C:\WINDOWS\mozver.dat
2008-01-11 21:23 . 2007-07-09 06:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-11 21:20 . 2008-01-13 15:56 <DIR> d-------- C:\Program Files\Trillian
2008-01-11 21:15 . 2008-01-12 02:11 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-11 21:13 . 2008-01-11 21:13 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-11 21:12 . 2008-01-11 21:12 <DIR> d-------- C:\WINDOWS\nview
2008-01-11 21:12 . 2008-01-11 21:12 <DIR> d-------- C:\NVIDIA
2008-01-11 21:12 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-11 21:12 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-11 21:12 . 2008-01-11 21:17 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-11 21:12 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-11 21:11 . 2008-01-11 21:11 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 21:08 . 2008-01-11 21:08 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-11 20:59 . 2008-01-11 20:59 <DIR> d-------- C:\Program Files\SiSLan
2008-01-11 20:59 . 2008-01-11 20:59 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-01-11 20:59 . 2008-01-11 20:59 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-11 20:59 . 2008-01-11 20:59 <DIR> d-------- C:\Program Files\AvRack
2008-01-11 20:58 . 2008-01-11 20:58 <DIR> d-------- C:\WINDOWS\system32\Tools
2008-01-11 20:58 . 2008-01-11 20:58 <DIR> d-------- C:\Program Files\sisagp
2008-01-11 20:58 . 2008-01-11 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-11 20:47 . 2008-01-12 18:27 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-11 20:46 . 2008-01-11 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{70FE9869-8D38-4EB3-8541-A735C2285CF7}
2008-01-11 20:46 . 2008-01-11 20:46 62,865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
2008-01-11 20:45 . 2008-01-11 20:47 <DIR> d-------- C:\Netgear
2008-01-11 20:45 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-11 18:33 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-11 18:33 . 2004-08-04 00:56 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-01-11 18:30 . 2008-01-11 18:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-11 18:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-11 18:27 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002244_.tmp
2008-01-11 18:25 . 2008-01-11 18:25 <DIR> d-------- C:\WINDOWS\EHome
2008-01-11 18:06 . 2008-01-11 18:06 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-11 18:04 . 2008-01-11 18:04 <DIR> d-------- C:\Program Files\Java
2008-01-11 18:04 . 2008-01-11 18:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-11 18:04 . 2003-09-16 19:01 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-01-11 18:01 . 2008-01-12 00:46 <DIR> d--hs---- C:\WINDOWS\Installer
2008-01-11 18:01 . 2008-01-11 20:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-11 18:01 . 2008-01-11 18:01 <DIR> d-------- C:\Program Files\Common Files\ActivCard
2008-01-11 18:01 . 2008-01-11 18:01 <DIR> d-------- C:\Program Files\ActivCard
2008-01-11 18:01 . 2008-01-11 18:01 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-08 09:55 . 2008-01-08 09:55 208,896 --a------ C:\WINDOWS\ss245sd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 00:58 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-05 08:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2004-07-02 19:19 40,960 ----a-w C:\WINDOWS\inf\WG311v2\imdinst.exe
2004-06-18 06:41 386,688 ----a-w C:\WINDOWS\inf\WG311v2\netwg311_XP.sys
2004-04-04 20:07 84,912 ----a-w C:\WINDOWS\inf\WG311v2\FwRad17.bin
2004-04-04 20:07 83,320 ----a-w C:\WINDOWS\inf\WG311v2\FwRad16.bin
2004-02-04 19:53 62,865 ----a-w C:\WINDOWS\inf\WG311v2\odysseyIM3.sys
2004-02-04 19:53 12,739 ----a-w C:\WINDOWS\inf\WG311v2\odNetInstall.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{39-97-7F-FB-ZN}"="C:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 15:28 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AVG Control Center.lnk - C:\Program Files\Grisoft\AVG7\avgcc.exe [2008-01-12 15:28:40]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Netgear\WG311v2 Adapter\wlancfg5.exe [2004-10-14 12:32:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R1 mnmddd;mnmddd;C:\WINDOWS\system32\drivers\mnmddd.sys [2008-01-12 15:12]
R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe [2002-12-31 05:00]
R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe [2002-12-31 05:00]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2008-01-11 20:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09bfb356-c0cf-11dc-af81-00142ab31a4c}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - AVGASCLN
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 16:13:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-14 16:16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 23:16:17
.
2008-01-12 09:11:49 --- E O F ---
I suck at everything! D:
|
Member
|
13. January 2008 @ 21:47 |
Link to this message
|
|
hi,
thanks for the info.
navigate to the system32 dir. and locate: Tools
(C:\WINDOWS\system32\Tools)
next go to this website and using the browse button find it again on your computer, then click the submit button to have it uploaded.
it will get checked out, you can copy/paste the report in next reply.
pop ups gone now?
|
|
ubermensh
Suspended due to non-functional email address
|
13. January 2008 @ 23:17 |
Link to this message
|
|
Actually, the pop ups haven't stopped. I don't think that program cleaned anything. Just logged it to my knowledge.
I suck at everything! D:
|
|
Advertisement
|
|
|
Member
|
14. January 2008 @ 06:27 |
Link to this message
|
hi,
start HJT, click the "Scan" button. check the items below if present, close any open windows, then click "Fixed checked"
O4 - HKLM\..\Run: [{39-97-7F-FB-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD001
navigate here:
C:\Documents and Settings\Administrator\Local Settings\Temp
delete everything in the Temp fofder.
----------------------------
please rerun combofix once more and post a new log. also post a new hjt log.
|
|
