Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page John Berry's Home Page..Ever heard of it??
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-07-2008, 04:52 AM   #1 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP SP 2


EEK! John Berry's Home Page..Ever heard of it??
My default browser is IE(though i dont use it much). I use FF. And one day when i opened IE and typed in google.com, something else appeared.

[img=http://img353.imageshack.us/img353/1132/johnberrylo2.th.jpg]

I tried typing many other websites, but the same result. Any help??

Thnx guyz
vickystylton is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 08-10-2008, 09:54 PM   #2 (permalink)
Analyst, Security Team
 
MoralTerror's Avatar
 
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp


Re: John Berry's Home Page..Ever heard of it??
Hi vickystylton and welcome to TSF

Sorry for delay in getting to you, the forum is really busy and all our helpers are volunteers

Please follow the 5 steps in this post http://www.techsupportforum.com/secu...oval-help.html

If for any reason you are unable to complete any of the steps move on to the next one and let me know when you make your reply here.

DO NOT start a new topic. This would result in you having to wait again. Please post the requested logs in a reply to this thread.
__________________

Proud member of ASAP since 2007

Proud member of UNITE since 2008

Our help is completely free but please consider donating to the site to help keep it running
MoralTerror is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2008, 05:00 PM   #3 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP SP 2


Re: John Berry's Home Page..Ever heard of it??
PANDA ACTIVE SCAN 2.0

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-13 05:20:15
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 6
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 8.0.0.454 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00049331 Joke/Cflip Jokes No 0 Yes No F:\Utilities\VIDEOS\Entertainment\screenflip.exe
00049331 Joke/Cflip Jokes No 0 Yes No F:\Utilities\VIDEOS\Entertainment\Flash\new flashes\BADDAY.EXE
00101185 HackTool/Gendel.A SecRisk No 0 Yes No G:\Games\N F S\setup\gendel32.ex_
00103032 Joke/Gun Jokes No 0 Yes No F:\Utilities\VIDEOS\Entertainment\GUN.EXE
00155558 Trj/MadCow.A Virus/Trojan No 0 Yes No F:\Utilities\VIDEOS\Entertainment\Flash\new flashes\MADCOW.EXE
00194066 Application/Pskill.E HackTools No 0 Yes No F:\Softwares\Last XP Softwares\AppsWPIw\PEExplorer\pskill.exe
00194066 Application/Pskill.E HackTools No 0 Yes No F:\Softwares\Last XP Softwares\WPI\TXTOEM\Windows\System32\pskill.exe
00194066 Application/Pskill.E HackTools No 0 No No F:\Softwares\Last XP Softwares\AppsWPIw\LimeWire\LimeWire-Pro_setup.exe[F:\Softwares\Last XP Softwares\AppsWPIw\LimeWire\LimeWire-Pro_setup.exe][pskill.exe]
00279434 Spyware/Conducent-Timesink Spyware No 1 Yes No F:\Utilities\diary\TSUninstaller.exe
00279434 Spyware/Conducent-Timesink Spyware No 1 Yes No F:\System Volume Information\_restore{81E7767C-F3BE-410E-A477-59E8E43326BC}\RP99\A0026892.exe
00288208 Application/HideWindow.S HackTools No 0 Yes No F:\Softwares\Last XP Softwares\WPI\TXTOEM\Windows\System32\cmdow.exe
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Aji\wallpapers\STARS\Kajol\Temp.Htt
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Aji\wallpapers\STARS\Kajol\desktop.ini
00527204 Application/PRScheduler HackTools No 0 Yes No C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
00527204 Application/PRScheduler HackTools No 0 Yes No C:\System Volume Information\_restore{81E7767C-F3BE-410E-A477-59E8E43326BC}\RP75\A0021144.exe
01020663 Generic Malware Virus/Trojan No 0 Yes No F:\Utilities\Style-xp\Style.XP.3.18\Keygen\KeyGen [ Style XP 3.18 ].exe
01182314 Hacktool/CookiesView HackTools No 0 No No F:\Softwares\Last XP Softwares\AppsWPIw\Nirsoft\NIRSOFT46TOOLS.CAB[NIRSOFT.CAB][mzcv.exe]
01196741 Bck/mIRCBased.BC Virus/Trojan No 1 Yes No F:\Softwares\Last XP Softwares\AppsWPIw\PEExplorer\install.exe
01895148 Malicious Packer SecRisk No 0 Yes No F:\Utilities\Software Cracks\Tweak Me\Load.exe
02194580 Generic Malware Virus/Trojan No 0 No No F:\Softwares\Last XP Softwares\AppsWPIw\Nirsoft\NIRSOFT46TOOLS.CAB[NIRSOFT.CAB][asterwin.exe]
02652976 Hacktool/Dialupass.G HackTools No 0 No No F:\Softwares\Last XP Softwares\AppsWPIw\Nirsoft\NIRSOFT46TOOLS.CAB[NIRSOFT.CAB][ProduKey.exe]
02901133 Adware/OneStep Adware No 0 Yes No C:\System Volume Information\_restore{81E7767C-F3BE-410E-A477-59E8E43326BC}\RP65\A0019037.exe
02901133 Adware/OneStep Adware No 0 Yes No C:\System Volume Information\_restore{81E7767C-F3BE-410E-A477-59E8E43326BC}\RP64\A0018987.exe
02931435 Trj/PiratHack Virus/Trojan No 1 Yes No F:\Utilities\Virus scan\Norton 2005\NORTON 2005 - SystemWorks + Internet Security + Ghost 9.0 + GoBack + ALL KEYGENS\NORTON KEY-GENERATORS\KeyGens Norton 2005\NG 9.0 - Keygen SSG.exe
02931435 Trj/PiratHack Virus/Trojan No 1 Yes No F:\Utilities\Virus scan\Norton 2005\NORTON 2005 - SystemWorks + Internet Security + Ghost 9.0 + GoBack + ALL KEYGENS\Norton Ghost 9.0 (2005)\KEY-GENERATOR NG 9.0\ssg-ng90.exe
02940764 Generic Malware Virus/Trojan No 0 Yes No F:\Utilities\Virus scan\Norton 2005\NORTON 2005 - SystemWorks + Internet Security + Ghost 9.0 + GoBack + ALL KEYGENS\NORTON KEY-GENERATORS\KeyGens Norton 2005\NAV 2005 - Keygen TMG.exe
03445437 Generic Trojan Virus/Trojan No 0 Yes No F:\Softwares\Last XP Softwares\AppsWPIw\!Nero7\Keygen.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location _M
;===================================================================================================================================================================================
No G:\Antivirus\Avg\Avg.exe _M
No G:\Games\Save games\gta vc\***** DODO\***** DODO.exe _M
No G:\Songs\malayalam\New\ALBUMS\Balabhaskar\Balabhaskar.exe _M
No G:\Songs\malayalam\New\collections\collections.exe _M
No G:\Songs\malayalam\New\Eazhupunnatharakan\Eazhupunnatharakan.exe _M
No G:\Songs\malayalam\New\Venugopal Hits\Venugopal Hits.exe _M
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description _M
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 _M
184379 MEDIUM MS08-001 _M
182048 HIGH MS07-069 _M
182046 HIGH MS07-067 _M
182043 HIGH MS07-064 _M
179553 HIGH MS07-061 _M
176382 HIGH MS07-057 _M
176383 HIGH MS07-058 _M
170911 HIGH MS07-050 _M
170907 HIGH MS07-046 _M
170906 HIGH MS07-045 _M
170904 HIGH MS07-043 _M
164915 HIGH MS07-035 _M
164913 HIGH MS07-033 _M
164911 HIGH MS07-031 _M
160623 HIGH MS07-027 _M
157262 HIGH MS07-022 _M
157261 HIGH MS07-021 _M
157260 HIGH MS07-020 _M
157259 HIGH MS07-019 _M
156477 HIGH MS07-017 _M
150253 HIGH MS07-016 _M
150249 HIGH MS07-013 _M
150248 HIGH MS07-012 _M
150247 HIGH MS07-011 _M
150243 HIGH MS07-008 _M
150242 HIGH MS07-007 _M
150241 MEDIUM MS07-006 _M
145501 HIGH MS07-004 _M
141034 HIGH MS06-076 _M
141033 MEDIUM MS06-075 _M
137571 HIGH MS06-070 _M
133387 MEDIUM MS06-065 _M
133386 MEDIUM MS06-064 _M
133385 MEDIUM MS06-063 _M
133379 HIGH MS06-057 _M
129977 MEDIUM MS06-053 _M
129976 MEDIUM MS06-052 _M
126093 HIGH MS06-051 _M
126092 MEDIUM MS06-050 _M
126087 HIGH MS06-046 _M
126086 MEDIUM MS06-045 _M
126082 HIGH MS06-041 _M
126081 HIGH MS06-040 _M
123421 HIGH MS06-036 _M
123420 HIGH MS06-035 _M
120825 MEDIUM MS06-032 _M
120823 MEDIUM MS06-030 _M
120818 HIGH MS06-025 _M
120815 HIGH MS06-022 _M
117384 MEDIUM MS06-018 _M
114666 HIGH MS06-015 _M
108744 MEDIUM MS06-008 _M
108743 MEDIUM MS06-007 _M
108742 MEDIUM MS06-006 _M
104567 HIGH MS06-002 _M
104237 HIGH MS06-001 _M
96574 HIGH MS05-053 _M
93395 HIGH MS05-051 _M
93394 HIGH MS05-050 _M
93454 MEDIUM MS05-049 _M
;===================================================================================================================================================================================
vickystylton is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2008, 05:09 PM   #4 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP SP 2


Re: John Berry's Home Page..Ever heard of it??
HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:55 AM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmail.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.242.17.34:80
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CommandBar.CtrlMHook - {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7637 bytes
vickystylton is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2008, 11:10 PM   #5 (permalink)
Analyst, Security Team
 
MoralTerror's Avatar
 
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp


Re: John Berry's Home Page..Ever heard of it??
Hi vickystylton

Cracked (Illegal) Software

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for further help, please uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here at TSF but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites.

-------------------------

P2P - I also see you have P2P software <uTorrent> installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

-------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________

Proud member of ASAP since 2007

Proud member of UNITE since 2008

Our help is completely free but please consider donating to the site to help keep it running
MoralTerror is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-28-2008, 12:40 AM   #6 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP SP 2


Re: John Berry's Home Page..Ever heard of it??
sry fr the delay...my net's got some probs...

The prob wit IE's still not gone, anyways, here's the log:


ComboFix 08-08-27.03 - Administrator 2008-08-28 12:52:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1623 [GMT 5.5:30]
Running from: G:\Software\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Syskernel12.dll
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 09:11 . 2008-08-28 09:11 <DIR> d-------- C:\Program Files\UseNeXT
2008-08-28 07:53 . 2008-08-28 07:53 <DIR> d-------- C:\Program Files\EACOM
2008-08-28 04:41 . 2008-08-28 05:32 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-28 04:05 . 2008-08-28 12:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\UseNeXT
2008-08-27 19:28 . 2000-04-03 22:05 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2008-08-27 17:35 . 2008-08-27 17:35 <DIR> d-------- C:\Documents and Settings\Administrator\.VirtualBox
2008-08-27 17:35 . 2008-07-29 21:24 54,896 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-08-27 17:35 . 2008-07-29 21:24 41,616 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Program Files\eMule
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\eMule
2008-08-27 07:28 . 2008-08-27 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Torrent Episode Downloader
2008-08-27 07:26 . 2008-08-27 07:26 <DIR> d-------- C:\Program Files\Torrent Episode Downloader
2008-08-26 18:29 . 2008-08-26 18:29 <DIR> d-------- C:\Program Files\Kozmos
2008-08-24 19:13 . 2008-08-24 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-24 19:13 . 2008-08-24 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-21 08:24 . 2008-08-21 08:24 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-20 13:05 . 2008-08-20 13:05 <DIR> d-------- C:\Program Files\Veoh Networks
2008-08-19 22:37 . 2008-08-19 22:37 1,643 --a------ C:\WINDOWS\cheatbook.ini
2008-08-19 08:29 . 2008-08-19 08:29 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-19 07:28 . 2008-08-19 07:28 <DIR> d-------- C:\Program Files\Archive
2008-08-18 23:07 . 2008-08-18 23:07 503 --a------ C:\WINDOWS\eReg.dat
2008-08-15 11:53 . 2008-08-15 11:54 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\WMV9_VCM
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\River Past
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\Common Files\River Past
2008-08-15 11:47 . 2008-08-15 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\River Past G5
2008-08-15 11:47 . 2008-08-15 11:47 166,193 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-08-13 17:00 . 2008-08-13 17:00 <DIR> d-------- C:\Program Files\Blackjack International
2008-08-13 08:19 . 2008-08-13 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BeachPartyCraze
2008-08-13 08:10 . 2008-08-13 08:10 <DIR> d-------- C:\WINDOWS\Beach Party Craze
2008-08-13 05:35 . 2008-08-13 05:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 04:16 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-13 04:15 . 2008-08-13 04:15 <DIR> d-------- C:\Program Files\Panda Security
2008-08-12 11:10 . 2008-08-12 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-08-12 11:09 . 2008-08-12 11:09 <DIR> d-------- C:\WINDOWS\Elf Bowling - Hawaiian Vacation
2008-08-12 08:02 . 2008-08-12 08:02 <DIR> d-------- C:\WINDOWS\The Race
2008-08-12 08:02 . 2008-08-12 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev
2008-08-11 09:10 . 2008-08-11 09:10 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-11 09:10 . 2008-08-11 09:10 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-11 09:09 . 2008-08-11 09:09 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-11 09:09 . 2008-08-28 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-11 09:09 . 2008-08-28 12:53 5,067,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-11 09:09 . 2008-08-28 12:53 622,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-11 09:09 . 2008-08-28 12:53 44,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-11 09:09 . 2008-08-28 12:53 7,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-11 09:05 . 2008-08-11 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-10 12:41 . 2008-08-10 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 12:22 . 2008-08-10 12:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-08-09 11:26 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-08-09 11:26 . 2004-12-10 10:47 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-08-09 10:06 . 2008-08-12 12:38 <DIR> d-------- C:\Temp
2008-08-09 09:48 . 2008-08-09 09:48 17,610,096 --a------ C:\WINDOWS\system32\x-dvd-ripper-platinum5.exe
2008-08-09 09:48 . 2008-05-06 11:31 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-08-09 09:48 . 2008-05-06 11:31 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-09 09:44 . 2008-08-09 10:00 <DIR> d-------- C:\MyAudio
2008-08-09 09:42 . 2008-08-09 10:07 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-08-09 08:04 . 2008-08-09 08:04 <DIR> d-------- C:\Program Files\Command Prompt Explorer Bar
2008-08-06 20:33 . 2008-08-06 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-06 20:30 . 2008-08-06 20:34 <DIR> d-------- C:\Program Files\SlySoft
2008-08-06 20:27 . 2008-08-06 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-04 18:35 . 2008-08-09 09:30 34 --a------ C:\WINDOWS\cdplayer.ini
2008-08-04 18:34 . 2008-08-09 09:30 <DIR> d-------- C:\Program Files\AudioGrabber
2008-08-04 07:14 . 2008-08-04 07:14 32 --a------ C:\WINDOWS\go
2008-08-03 15:36 . 2008-08-03 15:36 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-31 22:15 . 2008-07-31 22:15 <DIR> d-------- C:\Program Files\CCleaner
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 06:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-28 02:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-27 13:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-08-27 12:04 --------- d-----w C:\Program Files\Sun
2008-08-23 12:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-23 12:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-19 03:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-08-19 02:26 --------- d-----w C:\Program Files\Yahoo!
2008-08-18 17:19 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-18 15:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-08-12 06:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\M3
2008-08-11 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-08-11 02:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-08-10 06:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-08-09 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 00:38 --------- d-----w C:\Program Files\uTorrent
2008-08-04 14:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-07-25 07:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-07-24 06:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-07-21 13:04 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-21 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayPond
2008-07-21 00:43 --------- d-----w C:\Program Files\Dream Match Tennis
2008-07-20 06:42 --------- d-----w C:\Program Files\Raw Modders Union
2008-07-20 06:13 --------- d-----w C:\Program Files\Game Cam V2
2008-07-18 12:38 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-18 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-14 10:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-08 10:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-07-06 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-06 16:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-06 16:14 --------- d-----w C:\Program Files\Alcohol 120 Portable
2008-07-06 08:45 --------- d-----w C:\Program Files\M3
2008-07-05 02:56 --------- d-----w C:\Program Files\Java
2008-07-05 02:55 --------- d-----w C:\Program Files\Common Files\Java
2008-07-01 19:18 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-01 18:23 --------- d-----w C:\Program Files\Vista Drive Icon
2008-07-01 18:11 --------- d-----w C:\Program Files\VisualTaskTips
2008-06-29 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-29 19:42 0 ----a-w C:\Program Files\temp01
2008-06-29 19:42 --------- d-----w C:\Program Files\bfgclient
2008-06-29 10:11 --------- d-----w C:\Program Files\Microsoft Games
2008-06-29 07:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-28 17:50 --------- d-----w C:\Program Files\RealChess
2008-06-28 17:45 --------- d-----w C:\Program Files\Windows Sidebar GadgetInstaller
2008-06-17 08:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-31 06:34 63,237 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-31 06:34 6,054 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-31 06:34 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-19 06:32 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2004-08-03 23:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 23:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 23:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe
2004-08-03 23:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 21:28 217544]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 14:12 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 22:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-08 11:27 29744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 12:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 23:56 55808 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 03:35:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 01:11:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 13:13:08 180224]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-05-08 10:31:20 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VisualTaskTips.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\VisualTaskTips.lnk
backup=C:\WINDOWS\pss\VisualTaskTips.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-04 17:44 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-15 01:39 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
--a------ 2008-04-13 18:09 49152 C:\Program Files\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
--------- 2004-08-26 05:26 65536 C:\Program Files\Huawei\MT841\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 12:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 12:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 01:07 593920 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-08 22:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-13 18:06 3660848 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 10:58 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2007-07-11 09:37 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-r------- 2007-07-11 09:37 2808832 C:\WINDOWS\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 12:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-11 09:37 16132608 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-07-11 09:37 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2007-07-11 09:37 86016 C:\WINDOWS\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Huawei\\MT841\\dslagent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"E:\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-08 11:27]
S3 PCIUtil;PCI Utility;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PCIUtil.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 23:37]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 23:37]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 23:37]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 23:38]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 23:36]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 23:39]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 23:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe315ec-3cfe-11dd-a39f-89284bcd549d}]
\Shell\AutoRun\command - L:\AUTORUN.EXE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-TopDesk - C:\Program Files\TopDesk\topdesk.exe
MSConfigStartUp-_Alcohol - C:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/webhp?complete=1&hl=en
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 12:54:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2008-08-28 12:57:42 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-08-28 07:27:39

Pre-Run: 4,481,941,504 bytes free
Post-Run: 4,933,607,424 bytes free

317




I dnt really use much pirated soft...n yea..those keygens...i juz copied them frm a dvd..ive never used those keygens.

And ive visited hxxp://www.serials.ws a couple or three times(again, for my friend, not fr me!)
Last edited by MoralTerror; 08-28-2008 at 05:53 PM. Reason: edit url
vickystylton is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-28-2008, 05:59 PM   #7 (permalink)
Analyst, Security Team
 
MoralTerror's Avatar
 
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp


Re: John Berry's Home Page..Ever heard of it??
Quote:
Originally Posted by vickystylton View Post

I dnt really use much pirated soft...n yea..those keygens...i juz copied them frm a dvd..ive never used those keygens.

And ive visited hxxp://www.serials.ws a couple or three times(again, for my friend, not fr me!)
that's NOT a good idea

REMINDER
Quote:
Originally Posted by MoralTerror View Post
As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine
Your post is missing the new HijackThis log
__________________

Proud member of ASAP since 2007

Proud member of UNITE since 2008

Our help is completely free but please consider donating to the site to help keep it running
MoralTerror is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-28-2008, 11:05 PM   #8 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP SP 2


Re: John Berry's Home Page..Ever heard of it??
yea...i wont b visitin dem again...

and sir, again tellin ya, they r juz keygens, wich i havn used.

Ive got many freewares, n a couple of trials, nuthin else.

And yea, ive used cracks fr some games, sry

Assure u tat ill uninstall them...

HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:39 AM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmail.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.242.17.34:80
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7327 bytes
vickystylton is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-29-2008, 08:48 AM   #9 (permalink)
Analyst, Security Team
 
MoralTerror's Avatar
 
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp


Re: John Berry's Home Page..Ever heard of it??
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
F:\Utilities\VIDEOS\Entertainment\screenflip.exe
F:\Utilities\VIDEOS\Entertainment\Flash\new flashes\BADDAY.EXE
F:\Utilities\VIDEOS\Entertainment\GUN.EXE
F:\Utilities\VIDEOS\Entertainment\Flash\new flashes\MADCOW.EXE
F:\Utilities\diary\TSUninstaller.exe
D:\Aji\wallpapers\STARS\Kajol\Temp.Htt
D:\Aji\wallpapers\STARS\Kajol\desktop.ini
F:\Utilities\Style-xp\Style.XP.3.18\Keygen\KeyGen [ Style XP 3.18 ].exe
F:\Utilities\Virus scan\Norton 2005\NORTON 2005 - SystemWorks + Internet Security + Ghost 9.0 + GoBack + ALL KEYGENS\NORTON KEY-GENERATORS\KeyGens Norton 2005\NG 9.0 - Keygen SSG.exe
F:\Utilities\Virus scan\Norton 2005\NORTON 2005 - SystemWorks + Internet Security + Ghost 9.0 + GoBack + ALL KEYGENS\Norton Ghost 9.0 (2005)\KEY-GENERATOR NG 9.0\ssg-ng90.exe
F:\Utilities\Virus scan\Norton 2005\NORTON 2005 - SystemWorks + Internet Security + Ghost 9.0 + GoBack + ALL KEYGENS\NORTON KEY-GENERATORS\KeyGens Norton 2005\NAV 2005 - Keygen TMG.exe
F:\Softwares\Last XP Softwares\AppsWPIw\!Nero7\Keygen.exe
Driver::
"PCI Utility"
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

--------------------------
  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start

    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button

    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

--------------------------
Required Logs

c:\ComboFix.txt
%ProgramFiles%\EsetOnlineScanner\log.txt
new HijackThis log


Please also provide an update on system behaviour
__________________

Proud member of ASAP since 2007

Proud member of UNITE since 2008

Our help is completely free but please consider donating to the site to help keep it running
MoralTerror is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-19-2008, 05:51 AM   #10 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP SP 2


Re: John Berry's Home Page..Ever heard of it??
hmm...solved the problem..twas my fault. i'd typed a proxy at internet options-->Connections-->LAN settings-->Use a proxy server for your.....i'd typed in the proxy60.242.17.34. Dunno why and when though..:D

anyways, thnx fr ur time n help guyz..:)
vickystylton is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-19-2008, 06:34 AM   #11 (permalink)
Analyst, Security Team
 
MoralTerror's Avatar
 
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp


Re: John Berry's Home Page..Ever heard of it??
Hi vickystylton

Thanks for letting us know. We will now move this thread to the resolved forum. Should you need further help please post a new thread.
__________________

Proud member of ASAP since 2007

Proud member of UNITE since 2008

Our help is completely free but please consider donating to the site to help keep it running
MoralTerror is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:44 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84