Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Internet Browser Not Loading Pages
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-01-2008, 02:49 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


Internet Browser Not Loading Pages
On christmas day I turned on my laptop and found that I could no longer view webpages. However I know that the connection is "valid" as I can get on msn and the like. I am using a wireless network. The desktop downstairs has a totally fine and working connection with no problems and is wired.

I had been downloading some stuff so I guess that thats where the problem lies. That had been the only problem now however, pop ups are loading on my laptop from "alphase.net" and my computer is running extremely slow.

Any help would be much appreciated.

Thanks in advance.

-----------------------------------------
Here is the panda active scan log


Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\UNINST~1.DLL
Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\system32\catsr.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rqrsqpq.dll
Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.com.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[server.iad.liveperson.net/hc/1858524]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cookies.txt[.overture.com/]
Virus:Trj/Multidropper.RKK Disinfected C:\Documents and Settings\Amy\Desktop\fixtunes purchase code.exe
Virus:W32/Virutas.Z Disinfected C:\Documents and Settings\Amy\Desktop\Random shite\install.exe
Virus:Trj/Downloader.RLI Disinfected C:\Documents and Settings\Amy\Desktop\Random shite\install.exe
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Amy\Desktop\Random shite\serial.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@adrevolver[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@atwola[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@serving-sys[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Amy\Local Settings\Temp\Cookies\amy@tradedoubler[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8cs4pexa.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\user@112.2o7[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Cookies\user@247realmedia[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Cookies\user@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\user\Cookies\user@adrevolver[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\user\Cookies\user@adrevolver[4].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\user\Cookies\user@adserver.filefront[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\user\Cookies\user@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Cookies\user@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\user\Cookies\user@adviva[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\user\Cookies\user@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\user\Cookies\user@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\user\Cookies\user@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\user\Cookies\user@as1.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\user@atwola[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\user\Cookies\user@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\user\Cookies\user@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Cookies\user@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Cookies\user@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Cookies\user@cgi-bin[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\user\Cookies\user@counter.hitslink[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Cookies\user@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Cookies\user@go[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\user\Cookies\user@kmpads[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\user\Cookies\user@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Cookies\user@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Cookies\user@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Cookies\user@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\user\Cookies\user@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\user\Cookies\user@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\user\Cookies\user@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Cookies\user@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\user\Cookies\user@targetnet[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\user\Cookies\user@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\user\Cookies\user@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\user\Cookies\user@valueclick[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\user\Cookies\user@weborama[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Cookies\user@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Cookies\user@www.myaffiliateprogram[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Cookies\user@zedo[1].txt
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\user\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat[simple_killw.exe]
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\user\Local Settings\Temp\CDASilentInstall0501.exe[simple_killw.exe]
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Adware:Adware/BaiduBar Not disinfected C:\Program Files\Helper\superfinderusa.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall My Global Search Bar.dll
Virus:Generic Malware Disinfected C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\system32\adsldpk.dll -------------------------------------------------------

And here is the log from DSS

Deckard's System Scanner v20071014.68
Run by Amy on 2008-01-01 21:22:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-01-01 21:22:52 UTC - RP301 - Deckard's System Scanner Restore Point
3: 2007-12-30 23:26:07 UTC - RP300 - System Checkpoint
2: 2007-12-29 21:17:11 UTC - RP299 - Removed World in Conflict - BETA
1: 2007-12-27 23:17:47 UTC - RP298 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-01 21:34:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Apoint\ApntEx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Amy\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media.fastclick.net/w/safepop...sid=21110&c=52
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\rqrsqpq.dll
O2 - BHO: (no name) - {E195526F-3521-4130-8BC1-DBC74CFE686E} - C:\WINDOWS\system32\catsr.dll
O2 - BHO: (no name) - {E708A276-400C-490A-9E04-FA8CB3080845} - C:\WINDOWS\system32\awtqn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eastlothianperegrines.spaces....d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rqrsqpq - C:\WINDOWS\system32\rqrsqpq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXlm License Manager - Globetrotter Software Inc - C:\FLEXLM\awkeygen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


--
End of file - 11609 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ngkskovv - c:\windows\system32\drivers\efheqjaq.dat
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ggsemc (Sony Ericsson USB Flash Driver) - c:\windows\system32\drivers\ggsemc.sys <Not Verified; Sony Ericsson Mobile Communications; Gordon's Gate>
S3 k750bus (Sony Ericsson 750 driver (WDM)) - c:\windows\system32\drivers\k750bus.sys (file missing)
S3 k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - c:\windows\system32\drivers\k750mdfl.sys (file missing)
S3 k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - c:\windows\system32\drivers\k750mdm.sys (file missing)
S3 k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - c:\windows\system32\drivers\k750mgmt.sys (file missing)
S3 k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k750obex.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 KService - "c:\program files\kontiki\kservice.exe" <Not Verified; Kontiki Inc.; Delivery Manager>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

S3 FLEXlm License Manager - c:\flexlm\awkeygen.exe <Not Verified; Globetrotter Software Inc; Globetrotter Software Inc lmgr326b Flexlm>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\EFB2018004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\EFB2018004603
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1068&SUBSYS_81D0104D&REV_03\4&AD1B67F&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1068&SUBSYS_81D0104D&REV_03\4&AD1B67F&0&40F0
Service: E100B


-- Scheduled Tasks -------------------------------------------------------------

2007-12-14 15:00:00 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-10-17 16:50:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-01 and 2008-01-01 -----------------------------

2008-01-01 21:14:48 84992 --a------ C:\WINDOWS\system32\d3dx9_2.dll
2008-01-01 21:14:33 107584 --a------ C:\WINDOWS\system32\cyclonqt.exe
2007-12-29 22:12:22 0 d-------- C:\Program Files\SpywareBlaster
2007-12-29 21:24:56 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-27 18:39:16 19456 --a------ C:\WINDOWS\system32\drivers\efheqjaq.dat
2007-12-27 00:10:24 84992 --a------ C:\WINDOWS\system32\catsr.dll
2007-12-26 13:20:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-25 22:29:40 0 d-------- C:\Program Files\iPod
2007-12-25 22:29:18 0 d-------- C:\Program Files\iTunes
2007-12-25 18:57:17 0 d-------- C:\Program Files\QuickTime
2007-12-25 12:29:52 0 d-------- C:\Program Files\iPod(2)
2007-12-25 12:29:04 0 d-------- C:\Program Files\iTunes(2)
2007-12-25 12:16:37 0 d-------- C:\Program Files\QuickTime(2)
2007-12-25 10:46:13 0 d-------- C:\Program Files\Crawler
2007-12-25 10:46:04 0 d-------- C:\Documents and Settings\Amy\Application Data\Spyware Terminator
2007-12-25 10:45:53 0 d-------- C:\Program Files\Spyware Terminator
2007-12-25 09:45:45 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-25 09:45:45 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-25 09:45:45 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-25 09:12:48 786432 --a------ C:\Documents and Settings\user\ntuser.dat
2007-12-25 09:12:27 7920 --ahs---- C:\WINDOWS\system32\nqtwa.ini2
2007-12-25 09:12:11 327168 --a------ C:\WINDOWS\system32\awtqn.dll
2007-12-25 09:08:11 0 d-------- C:\Program Files\Helper
2007-12-25 09:08:07 2 --a------ C:\675358726
2007-12-25 09:08:01 54054 --a------ C:\WINDOWS\system32\xpdx.sys
2007-12-25 09:07:58 53248 --a------ C:\WINDOWS\system32\strike12.dll <Not Verified; Bruder De; Project MAYHEM>
2007-12-25 09:07:58 19625 --a------ C:\WINDOWS\system32\conf.dat
2007-12-25 09:07:58 57856 --a------ C:\fjls.exe
2007-12-25 09:07:00 40448 --a------ C:\WINDOWS\system32\rqrsqpq.dll
2007-12-25 08:55:23 0 d-------- C:\Program Files\Cloudbrain
2007-12-24 02:30:56 0 d-------- C:\Program Files\AIM6
2007-12-22 03:25:47 0 d-------- C:\Program Files\Microsoft Games


-- Find3M Report ---------------------------------------------------------------

2008-01-01 21:12:14 0 --a------ C:\WINDOWS\TempFile
2007-12-30 23:56:09 0 d-------- C:\Program Files\ICQToolbar
2007-12-30 00:33:53 0 d-------- C:\Program Files\MSN Messenger
2007-12-29 22:40:09 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-29 22:28:30 0 d-------- C:\Program Files\Kontiki
2007-12-29 22:15:29 0 d-------- C:\Program Files\DAEMON Tools
2007-12-29 22:15:28 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-29 22:15:19 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-29 22:11:30 0 d-------- C:\Program Files\Apoint
2007-12-29 21:18:48 0 d-------- C:\Program Files\WildTangent
2007-12-29 21:17:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 12:42:15 0 d-------- C:\Documents and Settings\Amy\Application Data\LimeWire
2007-12-25 08:56:22 0 d-------- C:\Documents and Settings\Amy\Application Data\Adobe
2007-11-02 15:29:10 0 d-------- C:\Program Files\EA GAMES


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{531BE052-76FC-4b05-9CCD-AF6AA265113C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]
25/12/2007 09:07 40448 --a------ C:\WINDOWS\system32\rqrsqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E195526F-3521-4130-8BC1-DBC74CFE686E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E708A276-400C-490A-9E04-FA8CB3080845}]
25/12/2007 09:12 327168 --a------ C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/05/2005 03:24]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 09:43 C:\WINDOWS\ALCMTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 03:23]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 08:21]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 09:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/08/2006 16:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 14:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/05/2005 22:12]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [06/10/2005 17:12]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [17/02/2006 16:59]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24/11/2006 00:06]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/12/2007 10:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 12:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

C:\Documents and Settings\Amy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [20/07/2006 17:19:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [20/07/2006 17:19:45]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DB0B918E-A0A8-482B-8D75-A682816B0C7B}"= C:\WINDOWS\system32\rqrsqpq.dll [25/12/2007 09:07 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsqpq]
rqrsqpq.dll 25/12/2007 09:07 40448 C:\WINDOWS\system32\rqrsqpq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqn.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34202316-3dee-11db-b7f5-0013ce948770}]
AutoRun\command- H:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-01-01 21:37:01 ------------
Attached Files
File Type: txt extra.txt (21.8 KB, 1 views)
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-05-2008, 11:33 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Quote:
I had been downloading some stuff
Downloading what, exactly, and from where? Some of the infection I see comes from looking for serials or cracks.

You have no AntiVirus application on this machine, and two P2P programs. All this adds up to an excellent way to get your machine infected.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( Limewire, BitLord ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disconnect from the internet....pull the plug!
  3. Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  6. Re-establish an internet connection.
  7. I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

    Install this FREE AntiVirus program, update it, and run a full system scan.

    Avira PersonalEdition Classic

    Here is a tutorial on it's setup and use:

    http://www.techsupportforum.com/cont...ticles/64.html

    Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    ---------------------------------------------------------------------------------------------

  8. Please download HijackThis to your desktop

    Alternate link

    Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

    ---------------------------------------------------------------------------------------------

Post logs from:

ComboFix
HijackThis
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-05-2008, 04:20 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


Yeah you are right I was looking for a serial, which in hindsight yes it was stupid and I feel like an idiot.

Here are both the logs you wanted.

log.txt is the combofix one.

When I was running combofix, right at the end it said "The process tried to write to a nonexistent pipe" Then my computer bluescreened, and then restarted, don't know if thats meant to happen or not.

Thanks for your help :)

ComboFix 08-01-06.4 - Amy 2008-01-05 21:35:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.158 [GMT 0:00]
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\catsr.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\drivers\efheqjaq.dat
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\rqrsqpq.dll
C:\WINDOWS\system32\strike12.dll
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NGKSKOVV
-------\ngkskovv
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-05 21:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 10:58 . 2008-01-05 10:58 <DIR> d-------- C:\Program Files\Wireless LAN Utility
2008-01-05 10:58 . 2004-03-12 14:37 73,472 --------- C:\WINDOWS\system32\drivers\sisnpf.sys
2008-01-05 10:58 . 2004-03-15 12:02 7,467 --a------ C:\WINDOWS\system32\setparam.ini
2008-01-05 10:58 . 2004-03-15 12:02 7,467 --a------ C:\WINDOWS\setparam.ini
2008-01-05 10:57 . 2008-01-05 10:57 <DIR> d-------- C:\Program Files\SiS162u
2008-01-05 10:57 . 2004-02-04 15:15 237,568 --a------ C:\WINDOWS\system32\SiSWPars.dll
2008-01-05 10:57 . 2004-02-04 15:15 155,648 --a------ C:\WINDOWS\system32\SiSWInst.dll
2008-01-05 10:57 . 2004-04-06 06:56 153,600 --a------ C:\WINDOWS\system32\drivers\sis162u.sys
2008-01-05 10:57 . 2003-11-13 07:33 49,152 --a------ C:\WINDOWS\system32\SiSWBase.dll
2008-01-05 10:57 . 2008-01-05 10:58 9,648 --a------ C:\WINDOWS\system32\wunilog.ini
2008-01-02 00:58 . 2008-01-02 00:58 <DIR> d-------- C:\Program Files\MusicBrainz Tagger
2008-01-01 21:20 . 2008-01-01 21:20 <DIR> d-------- C:\Deckard
2007-12-29 22:12 . 2007-12-29 22:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-29 22:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-29 21:25 . 2007-12-29 21:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-29 21:25 . 2007-12-29 21:25 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-29 21:25 . 2007-12-29 21:25 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-29 21:24 . 2007-12-29 22:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-26 13:20 . 2007-12-26 16:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-25 22:31 . 2008-01-05 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:31 . 2007-12-25 22:31 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:29 . 2007-12-29 22:27 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:29 . 2007-12-25 22:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 18:57 . 2007-12-25 22:26 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 12:29 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\iTunes(2)
2007-12-25 12:29 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\iPod(2)
2007-12-25 12:16 . 2007-12-25 18:57 <DIR> d-------- C:\Program Files\QuickTime(2)
2007-12-25 10:46 . 2007-12-25 10:47 <DIR> d-------- C:\Program Files\Crawler
2007-12-25 10:46 . 2007-12-25 18:57 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Spyware Terminator
2007-12-25 10:45 . 2007-12-25 18:58 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-25 09:08 . 2007-12-25 09:08 2 --a------ C:\675358726
2007-12-25 09:07 . 2007-12-25 09:07 57,856 --a------ C:\fjls.exe
2007-12-25 08:55 . 2007-12-25 08:55 <DIR> d-------- C:\Program Files\Cloudbrain
2007-12-24 02:30 . 2007-12-24 02:36 <DIR> d-------- C:\Program Files\AIM6
2007-12-22 03:44 . 2007-12-22 03:44 854,248 --a------ C:\My-baby.bmp
2007-12-22 03:42 . 2007-03-11 20:24 93,682 --a------ C:\My-baby.bmp.jpg
2007-12-22 03:25 . 2007-12-22 03:44 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-22 03:08 . 2007-12-26 00:35 1,220 --a------ C:\WINDOWS\entpack.ini
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-05 21:28 --------- d-----w C:\Program Files\BitLord
2007-12-30 23:56 --------- d-----w C:\Program Files\ICQToolbar
2007-12-30 00:33 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 22:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-29 22:28 --------- d-----w C:\Program Files\Kontiki
2007-12-29 22:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-29 22:15 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-29 22:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-29 22:11 --------- d-----w C:\Program Files\Apoint
2007-12-29 21:18 --------- d-----w C:\Program Files\WildTangent
2007-12-29 21:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-26 12:42 --------- d-----w C:\Documents and Settings\Amy\Application Data\LimeWire
2007-12-24 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-21 11:35 98,104 ----a-w C:\Documents and Settings\Amy\Application Data\GDIPFONTCACHEV1.DAT
2007-09-03 17:08 436 ----a-w C:\Documents and Settings\Amy\Application Data\wklnhst.dat
2006-05-20 23:44 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-07-19 15:43 8 --sh--r C:\WINDOWS\system32\4AD380B73A.sys
2006-07-19 15:43 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{531BE052-76FC-4b05-9CCD-AF6AA265113C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-27 03:24 6746112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 08:21 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-12 16:16 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57 133016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 17:12 368128]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 16:59 124520]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-20 17:19:45]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 12:51]
S3 FLEXlm License Manager;FLEXlm License Manager;C:\FLEXLM\awkeygen.exe [2006-08-26 09:20]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 16:50:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 15:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 21:51:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 21:53:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 21:53:11

Here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:07, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eastlothianperegrines.spaces....d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXlm License Manager - Globetrotter Software Inc - C:\FLEXLM\awkeygen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10109 bytes
Attached Files
File Type: txt log.txt (10.5 KB, 1 views)
File Type: txt hijack this.txt (9.9 KB, 2 views)
Last edited by tetonbob; 01-05-2008 at 05:34 PM.
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-05-2008, 05:44 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
Blue screen was likely caused by removal of one of the buggy malware drivers. One of the possible side effects of serials.

It should not happen again.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/207771-internet-browser-not-loading-pages-post1249510.html

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{531BE052-76FC-4b05-9CCD-AF6AA265113C}]

Collect::
C:\fjls.exe
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-06-2008, 11:10 AM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


This is the new combofix log, but no window appeared to send any file to the internet, I was definitely connected to the net but nothing happened except the log file opened.

ComboFix 08-01-06.4 - Amy 2008-01-07 18:01:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT 0:00]
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-06 23:15 . 2008-01-06 23:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 21:58 . 2008-01-06 21:58 <DIR> d-------- C:\Program Files\Avira
2008-01-06 21:58 . 2008-01-06 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-05 21:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 10:58 . 2008-01-05 10:58 <DIR> d-------- C:\Program Files\Wireless LAN Utility
2008-01-05 10:58 . 2004-03-12 14:37 73,472 --------- C:\WINDOWS\system32\drivers\sisnpf.sys
2008-01-05 10:58 . 2004-03-15 12:02 7,467 --a------ C:\WINDOWS\system32\setparam.ini
2008-01-05 10:58 . 2004-03-15 12:02 7,467 --a------ C:\WINDOWS\setparam.ini
2008-01-05 10:57 . 2008-01-05 10:57 <DIR> d-------- C:\Program Files\SiS162u
2008-01-05 10:57 . 2004-02-04 15:15 237,568 --a------ C:\WINDOWS\system32\SiSWPars.dll
2008-01-05 10:57 . 2004-02-04 15:15 155,648 --a------ C:\WINDOWS\system32\SiSWInst.dll
2008-01-05 10:57 . 2004-04-06 06:56 153,600 --a------ C:\WINDOWS\system32\drivers\sis162u.sys
2008-01-05 10:57 . 2003-11-13 07:33 49,152 --a------ C:\WINDOWS\system32\SiSWBase.dll
2008-01-05 10:57 . 2008-01-05 10:58 9,648 --a------ C:\WINDOWS\system32\wunilog.ini
2008-01-02 00:58 . 2008-01-02 00:58 <DIR> d-------- C:\Program Files\MusicBrainz Tagger
2008-01-01 21:20 . 2008-01-01 21:20 <DIR> d-------- C:\Deckard
2007-12-29 22:12 . 2007-12-29 22:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-29 22:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-29 21:25 . 2007-12-29 21:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-29 21:25 . 2007-12-29 21:25 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-29 21:25 . 2007-12-29 21:25 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-29 21:24 . 2008-01-06 22:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-26 13:20 . 2007-12-26 16:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-25 22:31 . 2008-01-07 11:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:31 . 2007-12-25 22:31 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:29 . 2007-12-29 22:27 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:29 . 2007-12-25 22:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 18:57 . 2007-12-25 22:26 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 12:29 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\iTunes(2)
2007-12-25 12:29 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\iPod(2)
2007-12-25 12:16 . 2007-12-25 18:57 <DIR> d-------- C:\Program Files\QuickTime(2)
2007-12-25 10:46 . 2007-12-25 10:47 <DIR> d-------- C:\Program Files\Crawler
2007-12-25 10:46 . 2007-12-25 18:57 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Spyware Terminator
2007-12-25 10:45 . 2007-12-25 18:58 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-25 09:08 . 2007-12-25 09:08 2 --a------ C:\675358726
2007-12-25 08:55 . 2007-12-25 08:55 <DIR> d-------- C:\Program Files\Cloudbrain
2007-12-24 02:30 . 2007-12-24 02:36 <DIR> d-------- C:\Program Files\AIM6
2007-12-22 03:44 . 2007-12-22 03:44 854,248 --a------ C:\My-baby.bmp
2007-12-22 03:42 . 2007-03-11 20:24 93,682 --a------ C:\My-baby.bmp.jpg
2007-12-22 03:25 . 2007-12-22 03:44 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-22 03:08 . 2007-12-26 00:35 1,220 --a------ C:\WINDOWS\entpack.ini
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-05 21:28 --------- d-----w C:\Program Files\BitLord
2007-12-30 23:56 --------- d-----w C:\Program Files\ICQToolbar
2007-12-30 00:33 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 22:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-29 22:28 --------- d-----w C:\Program Files\Kontiki
2007-12-29 22:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-29 22:15 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-29 22:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-29 22:11 --------- d-----w C:\Program Files\Apoint
2007-12-29 21:18 --------- d-----w C:\Program Files\WildTangent
2007-12-29 21:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-26 12:42 --------- d-----w C:\Documents and Settings\Amy\Application Data\LimeWire
2007-12-24 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-21 11:35 98,104 ----a-w C:\Documents and Settings\Amy\Application Data\GDIPFONTCACHEV1.DAT
2007-09-03 17:08 436 ----a-w C:\Documents and Settings\Amy\Application Data\wklnhst.dat
2006-05-20 23:44 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-07-19 15:43 8 --sh--r C:\WINDOWS\system32\4AD380B73A.sys
2006-07-19 15:43 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_21.52.55.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 13:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 14:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-06 22:04:59 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 10:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2008-01-07 11:55:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-27 03:24 6746112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 08:21 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-12 16:16 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57 133016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 17:12 368128]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 16:59 124520]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-06 22:04 249896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-20 17:19:45]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 12:51]
S3 FLEXlm License Manager;FLEXlm License Manager;C:\FLEXLM\awkeygen.exe [2006-08-26 09:20]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]

*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 16:50:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 15:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 18:05:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 1824
ComboFix-quarantined-files.txt 2008-01-07 1802
ComboFix2.txt 2008-01-07 13:52:17
ComboFix3.txt 2008-01-06 21:53:41

Here's the hijack this one too

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:05, on 07/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eastlothianperegrines.spaces....d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXlm License Manager - Globetrotter Software Inc - C:\FLEXLM\awkeygen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9875 bytes
Attached Files
File Type: txt combofixlog.txt (10.6 KB, 1 views)
File Type: txt hijackthis2.txt (9.6 KB, 1 views)
Last edited by tetonbob; 01-06-2008 at 11:14 AM.
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-06-2008, 11:18 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
Please don't attach logs unless it's requested. They are more difficult for me to review that way. Just post them in a reply. Thanks.

Go to Start > Run and copy/paste the following, then press Enter:

C:\Qoobox\ComboFix2.txt

A notepad file should open.

Post the contents of that file.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-06-2008, 03:24 PM   #7 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


Re: Internet Browser Not Loading Pages
Ok no problem :)

ComboFix 08-01-06.4 - Amy 2008-01-07 13:46:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.161 [GMT 0:00]
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-06 23:15 . 2008-01-06 23:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 21:58 . 2008-01-06 21:58 <DIR> d-------- C:\Program Files\Avira
2008-01-06 21:58 . 2008-01-06 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-05 21:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 10:58 . 2008-01-05 10:58 <DIR> d-------- C:\Program Files\Wireless LAN Utility
2008-01-05 10:58 . 2004-03-12 14:37 73,472 --------- C:\WINDOWS\system32\drivers\sisnpf.sys
2008-01-05 10:58 . 2004-03-15 12:02 7,467 --a------ C:\WINDOWS\system32\setparam.ini
2008-01-05 10:58 . 2004-03-15 12:02 7,467 --a------ C:\WINDOWS\setparam.ini
2008-01-05 10:57 . 2008-01-05 10:57 <DIR> d-------- C:\Program Files\SiS162u
2008-01-05 10:57 . 2004-02-04 15:15 237,568 --a------ C:\WINDOWS\system32\SiSWPars.dll
2008-01-05 10:57 . 2004-02-04 15:15 155,648 --a------ C:\WINDOWS\system32\SiSWInst.dll
2008-01-05 10:57 . 2004-04-06 06:56 153,600 --a------ C:\WINDOWS\system32\drivers\sis162u.sys
2008-01-05 10:57 . 2003-11-13 07:33 49,152 --a------ C:\WINDOWS\system32\SiSWBase.dll
2008-01-05 10:57 . 2008-01-05 10:58 9,648 --a------ C:\WINDOWS\system32\wunilog.ini
2008-01-02 00:58 . 2008-01-02 00:58 <DIR> d-------- C:\Program Files\MusicBrainz Tagger
2008-01-01 21:20 . 2008-01-01 21:20 <DIR> d-------- C:\Deckard
2007-12-29 22:12 . 2007-12-29 22:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-29 22:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-29 21:25 . 2007-12-29 21:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-29 21:25 . 2007-12-29 21:25 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-29 21:25 . 2007-12-29 21:25 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-29 21:24 . 2008-01-06 22:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-26 13:20 . 2007-12-26 16:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-25 22:31 . 2008-01-07 11:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:31 . 2007-12-25 22:31 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:29 . 2007-12-29 22:27 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:29 . 2007-12-25 22:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 18:57 . 2007-12-25 22:26 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 12:29 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\iTunes(2)
2007-12-25 12:29 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\iPod(2)
2007-12-25 12:16 . 2007-12-25 18:57 <DIR> d-------- C:\Program Files\QuickTime(2)
2007-12-25 10:46 . 2007-12-25 10:47 <DIR> d-------- C:\Program Files\Crawler
2007-12-25 10:46 . 2007-12-25 18:57 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Spyware Terminator
2007-12-25 10:45 . 2007-12-25 18:58 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-25 09:45 . 2007-12-25 09:45 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-25 09:08 . 2007-12-25 09:08 2 --a------ C:\675358726
2007-12-25 08:55 . 2007-12-25 08:55 <DIR> d-------- C:\Program Files\Cloudbrain
2007-12-24 02:30 . 2007-12-24 02:36 <DIR> d-------- C:\Program Files\AIM6
2007-12-22 03:44 . 2007-12-22 03:44 854,248 --a------ C:\My-baby.bmp
2007-12-22 03:42 . 2007-03-11 20:24 93,682 --a------ C:\My-baby.bmp.jpg
2007-12-22 03:25 . 2007-12-22 03:44 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-22 03:08 . 2007-12-26 00:35 1,220 --a------ C:\WINDOWS\entpack.ini
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-05 21:28 --------- d-----w C:\Program Files\BitLord
2007-12-30 23:56 --------- d-----w C:\Program Files\ICQToolbar
2007-12-30 00:33 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 22:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-29 22:28 --------- d-----w C:\Program Files\Kontiki
2007-12-29 22:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-29 22:15 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-29 22:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-29 22:11 --------- d-----w C:\Program Files\Apoint
2007-12-29 21:18 --------- d-----w C:\Program Files\WildTangent
2007-12-29 21:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-26 12:42 --------- d-----w C:\Documents and Settings\Amy\Application Data\LimeWire
2007-12-24 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-21 11:35 98,104 ----a-w C:\Documents and Settings\Amy\Application Data\GDIPFONTCACHEV1.DAT
2007-09-03 17:08 436 ----a-w C:\Documents and Settings\Amy\Application Data\wklnhst.dat
2006-05-20 23:44 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-07-19 15:43 8 --sh--r C:\WINDOWS\system32\4AD380B73A.sys
2006-07-19 15:43 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_21.52.55.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 13:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 14:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-06 22:04:59 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 10:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2008-01-07 11:55:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-27 03:24 6746112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 08:21 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-12 16:16 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57 133016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 17:12 368128]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 16:59 124520]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-06 22:04 249896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-20 17:19:45]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 12:51]
S3 FLEXlm License Manager;FLEXlm License Manager;C:\FLEXLM\awkeygen.exe [2006-08-26 09:20]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34202316-3dee-11db-b7f5-0013ce948770}]
\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 16:50:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 15:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 13:51:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 13:52:16
ComboFix-quarantined-files.txt 2008-01-07 13:51:53
ComboFix2.txt 2008-01-06 21:53:41
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-06-2008, 03:30 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
Something's not quite adding up. Please bear with me.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
vfind -ltf "%systemdrive%\fjls.*" >log.txt
notepad log.txt
Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Copy that information into your next reply, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-06-2008, 04:16 PM   #9 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


Re: Internet Browser Not Loading Pages
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-06-2008, 04:21 PM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
Ok then...perhaps Avira removed the file already...

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-07-2008, 10:42 AM   #11 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


Re: Internet Browser Not Loading Pages
Sorry for the delay, that kapersky scan took forever.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 08, 2008 5:39:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/01/2008
Kaspersky Anti-Virus database records: 503426
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 93656
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 07:46:18

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Amy\LOCALS~1\Temp\mirc63.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Amy\LOCALS~1\Temp\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Amy\LOCALS~1\Temp\mirc63.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\history.dat Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\key3.db Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Amy\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\Amy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5k21y4o3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Amy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Amy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Amy\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\efheqjaq.dat.vir Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B05B0712-A375-47FC-9120-E7FBDDA0F2AC}\RP299\A0401807.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{B05B0712-A375-47FC-9120-E7FBDDA0F2AC}\RP299\A0403553.dll Object is locked skipped
C:\System Volume Information\_restore{B05B0712-A375-47FC-9120-E7FBDDA0F2AC}\RP301\A0405580.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{B05B0712-A375-47FC-9120-E7FBDDA0F2AC}\RP301\A0407580.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{B05B0712-A375-47FC-9120-E7FBDDA0F2AC}\RP301\A0407582.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{B05B0712-A375-47FC-9120-E7FBDDA0F2AC}\RP309\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3661.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:21, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eastlothianperegrines.spaces....d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXlm License Manager - Globetrotter Software Inc - C:\FLEXLM\awkeygen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10110 bytes
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-07-2008, 11:36 AM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
If you use mIRC, we can ignore that one find by Kaspersky.

Other items found by Kaspersky will be addressed by uninstalling ComboFix using the instructions described below.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

    Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-07-2008, 12:22 PM   #13 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Windows XP


Re: Internet Browser Not Loading Pages
Thanks a lot for all your help. It is much appreciated and everything seems to be working now.

Great site you've got here, I'll send you guys a donation for all the help :)
murdoch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-07-2008, 12:55 PM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home


Re: Internet Browser Not Loading Pages
You're quite welcome for the help.

Surf Safely!
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:14 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85