« previous next »
Pages: 1 2 [3]   Go Down

Author Topic: Please Help!  (Read 26554 times)

0 Members and 1 Guest are viewing this topic.

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #30 on: July 23, 2007, 03:33:32 PM »
I run scanned once again and I've found this, Win32:Delf-PZ (Trj) in C:\Program Files\Alwil Software\Avast4\DATA\moved. I moved it to chest right now. Scanned with VirusTotal and found this...

Antivirus Version Last Update Result
AhnLab-V3 2007.7.21.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 TR/Delphi.Downloader.Gen
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.22 Win32:Delf-PZ
AVG 7.5.0.476 2007.07.22 Generic5.BTC
BitDefender 7.2 2007.07.23 Generic.Malware.FBdld.7E4DC7DF
CAT-QuickHeal 9.00 2007.07.23 no virus found
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 DLOADER.Trojan
eSafe 7.0.15.0 2007.07.22 suspicious Trojan/Worm
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 W32/Malware.XNN
Ikarus T3.1.1.8 2007.07.23 Win32.SuspectCrc
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5079 2007.07.20 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 W32/Malware.XNN
Panda 9.0.0.4 2007.07.23 Suspicious file
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 no virus found
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.22 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Trojan.Delphi.Downloader.Gen
Additional information
File size: 24176 bytes
MD5: 2d8a3e99677a803eda9141316959b487
SHA1: 59da92e7cb4574a0c92534e4659786c2a957b1a9
packers: UPX
packers: UPX
packers: UPX
packers: UPX
« Last Edit: July 23, 2007, 03:44:36 PM by MeDIeVaL »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89061
  • No support PMs thanks
Re: Please Help!
« Reply #31 on: July 23, 2007, 03:46:07 PM »
You shouldn't need to right click to be able to install, the common means is to double click an installation file.

Well a cut and paste of your words into google returns many hits, http://www.google.com/search?q=I+can%27t+right+click.

This is the file for the chest C:\Program Files\Alwil Software\Avast4\ashChest.exe you can access it  from explorer and double click to open it. Thought if as you say avast is disabled I don't know if this will work. Have just read your latest post and it doesn't seem avast is disabled as you said.

Find TaskMgr.exe on your system and make a copy of it in a temp location, rename it to TaskMgr1.exe, that should give you access to the task manager as the other file name is being intercepted.

See this http://www.dougknox.com/xp/utils/xp_emerutils.htm little application.

Quote
This small VB 6 utility will create a usable backup copy of Taskmgr.exe, MSConfig.exe and Regedit.EXE in a new folder, called C:\EmergencyUtils.  The new copies will be named Copy_of_Taskmgr.exe, Copy_of_MSConfig.exe and Copy_of_Regedit.com.

These programs are extremely helpful, and usually necessary in helping to rid your computer of a viral infection.  Many virus programs will intercept these programs, based on their original file name, and prevent them from running.  The alternate copies will not encounter this problem.  Simply navigate to the C:\EmergencyUtils folder and double click the file you need to run.

What you found in the moved folder is something that you previously found and you selected the Move/Rename option rather than move to chest. You haven't found something new, but something previously detected and once mover it was renamed original-file-name.exe.vir (the .vir being added by avast).
« Last Edit: July 23, 2007, 03:49:48 PM by DavidR »
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #32 on: July 23, 2007, 04:02:02 PM »
I've to set it manually everytime I want to scan or else the Resident Protection stay in Disable setting. On access scanner totally disable. Everytime I've clicked the icon in tray icon this warning appeared...avast!: The AAVm subsystem detected a RPC error.
Logged

mauserme

  • Guest
Re: Please Help!
« Reply #33 on: July 23, 2007, 04:04:03 PM »
Download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.


After posting those logs download and scan with F-Secure BlackLight

http://www.f-secure.com/blacklight/

Don't make any changes with this - just post this log too.
Logged

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #34 on: July 24, 2007, 08:59:22 AM »
"Ahiey" - 2007-07-24 14:53:09 - ComboFix  - Service Pack 2  NTFS  


(((((((((((((((((((((((((   Files Created from 2007-06-24 to 2007-07-24  )))))))))))))))))))))))))))))))


2007-07-24 14:27   <DIR>   d--------   C:\Program Files\Executive Software
2007-07-24 11:12   <DIR>   d--------   C:\Program Files\Nero
2007-07-24 11:12   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2007-07-24 11:12   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-24 11:07   <DIR>   d--------   C:\Program Files\AskTBar
2007-07-24 11:00   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-07-24 00:57   <DIR>   d--------   C:\WINDOWS\system32\appmgmt
2007-07-24 00:40   75,932   --a------   C:\WINDOWS\system32\drivers\klick.dat
2007-07-24 00:40   75,248   --a------   C:\WINDOWS\zllsputility.exe
2007-07-24 00:40   74,396   --a------   C:\WINDOWS\system32\drivers\klin.dat
2007-07-24 00:40   4,212   ---h-----   C:\WINDOWS\system32\zllictbl.dat
2007-07-24 00:40   174,112   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-24 00:40   11,264   --a------   C:\WINDOWS\system32\SpOrder.dll
2007-07-24 00:40   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-24 00:39   110,360   --a------   C:\WINDOWS\system32\drivers\kl1.sys
2007-07-24 00:39   1,086,952   --a------   C:\WINDOWS\system32\zpeng24.dll
2007-07-24 00:39   <DIR>   d--------   C:\WINDOWS\system32\ZoneLabs
2007-07-24 00:38   <DIR>   d--------   C:\WINDOWS\Internet Logs
2007-07-23 21:52   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-23 21:52   <DIR>   d--------   C:\DOCUME~1\Ahiey\APPLIC~1\Ahead
2007-07-23 19:57   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-07-23 19:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-07-23 19:38   <DIR>   d--------   C:\DOCUME~1\Ahiey\APPLIC~1\Nokia
2007-07-23 19:35   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2007-07-23 19:35   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2007-07-23 19:34   <DIR>   d--------   C:\Program Files\DIFX
2007-07-23 19:33   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2007-07-23 19:33   <DIR>   d--------   C:\DOCUME~1\Ahiey\APPLIC~1\PC Suite
2007-07-23 19:32   90,624   --a------   C:\WINDOWS\system32\nmwcdcls.dll
2007-07-23 19:32   8,320   --a------   C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-07-23 19:32   65,536   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2007-07-23 19:32   137,216   --a------   C:\WINDOWS\system32\drivers\nmwcd.sys
2007-07-23 19:32   12,288   --a------   C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-07-23 19:32   12,288   --a------   C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-07-23 19:32   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-07-23 19:32   <DIR>   d--------   C:\Program Files\Nokia
2007-07-23 19:31   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-23 19:03   <DIR>   d--------   C:\Program Files\Safer Networking
2007-07-23 13:31   <DIR>   d--------   C:\DOCUME~1\Ahiey\APPLIC~1\Roxio
2007-07-23 13:20   <DIR>   d--------   C:\Program Files\Common Files\Roxio Shared
2007-07-23 13:18   57,344   --a------   C:\WINDOWS\uneng.exe
2007-07-23 13:18   49,152   --a------   C:\WINDOWS\system32\cdrtc.dll
2007-07-23 13:18   45,056   --a------   C:\WINDOWS\system32\cdral.dll
2007-07-23 13:18   <DIR>   d--------   C:\Program Files\Roxio
2007-07-23 13:18   <DIR>   d--------   C:\Program Files\directx
2007-07-23 13:18   <DIR>   d--------   C:\Program Files\Common Files\Adaptec Shared
2007-07-23 12:32   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-07-23 12:31   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-07-23 12:31   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-07-23 12:30   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-07-22 21:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-07-22 21:31   <DIR>   d--------   C:\DOCUME~1\Ahiey\APPLIC~1\WinRAR
2007-07-22 21:05   <DIR>   d--------   C:\DOCUME~1\Ahiey\APPLIC~1\Apple Computer
2007-07-22 20:58   <DIR>   d--------   C:\WINDOWS\pss
2007-07-22 20:13   <DIR>   d--------   C:\Program Files\QuickTime
2007-07-22 20:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 20:12   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-07-22 20:12   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-22 20:11   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2007-07-22 20:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-22 20:07   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2007-07-22 20:06   74,240   --a------   C:\WINDOWS\system32\usbui.dll
2007-07-22 20:06   57,472   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2007-07-22 20:05   9,344   --a------   C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-22 20:05   8,832   --a------   C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-07-22 20:05   14,080   --a------   C:\WINDOWS\system32\drivers\CmBatt.sys
2007-07-22 20:05   14,080   --a------   C:\WINDOWS\system32\drivers\battc.sys
2007-07-22 20:04   9,936   --a------   C:\WINDOWS\system\LZEXPAND.DLL
2007-07-22 20:04   9,008   --a------   C:\WINDOWS\system\VER.DLL
2007-07-22 20:04   85,020   --a------   C:\WINDOWS\system32\dgsetup.dll
2007-07-22 20:04   82,944   --a------   C:\WINDOWS\system\OLECLI.DLL
2007-07-22 20:04   8,704   --a------   C:\WINDOWS\system32\batt.dll
2007-07-22 20:04   8,192   -ra------   C:\WINDOWS\system32\kbdhept.dll
2007-07-22 20:04   74,752   --a------   C:\WINDOWS\system32\storprop.dll
2007-07-22 20:04   7,168   -ra------   C:\WINDOWS\system32\kbdcz.dll
2007-07-22 20:04   69,584   --a------   C:\WINDOWS\system\AVICAP.DLL
2007-07-22 20:04   69,120   --a------   C:\WINDOWS\NOTEPAD.EXE
2007-07-22 20:04   68,768   --a------   C:\WINDOWS\system\MMSYSTEM.DLL
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdycl.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdsl1.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdsl.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdpl.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdhu.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdhela3.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdcz2.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdcz1.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\kbdcr.dll
2007-07-22 20:04   6,656   -ra------   C:\WINDOWS\system32\KBDAL.DLL
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdtuq.dll
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdtuf.dll
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdlv1.dll
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdlv.dll
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdhela2.dll
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdgkl.dll
2007-07-22 20:04   6,144   -ra------   C:\WINDOWS\system32\kbdest.dll
2007-07-22 20:04   5,632   -ra------   C:\WINDOWS\system32\kbdro.dll
2007-07-22 20:04   5,632   -ra------   C:\WINDOWS\system32\kbdpl1.dll
2007-07-22 20:04   5,632   -ra------   C:\WINDOWS\system32\kbdmon.dll
2007-07-22 20:04   5,632   -ra------   C:\WINDOWS\system32\kbdlt1.dll
2007-07-22 20:04   5,632   -ra------   C:\WINDOWS\system32\kbdlt.dll
Logged

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #35 on: July 24, 2007, 09:00:04 AM »
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 17:17:43   5,204   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2007-05-16 01:18:44   95,864   ----a-w   C:\WINDOWS\system32\NeroCo.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 09:42 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-07-19 09:42 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2006-07-19 09:41 C:\WINDOWS\ALCMTR.EXE]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-04-25 04:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMASTER]
"C:\Program Files\TweakMASTER\TwMaster.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R0 srescan;srescan;C:\WINDOWS\system32\ZoneLabs\srescan.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
S1 SASDIFSV;SASDIFSV;-\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
S1 SASKUTIL;SASKUTIL;-\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
S3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 SASENUM;SASENUM;-\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

*Newly Created Service* - DISKEEPER

Contents of the 'Scheduled Tasks' folder
2007-07-22 12:13:02  C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 14:55:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 14:56:26

   --- E O F ---
Logged

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #36 on: July 24, 2007, 09:14:47 AM »
This my HijackThis log, got to separate it into 2 causr character limitations...  :P

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:57 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\Ahiey\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
Logged

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #37 on: July 24, 2007, 09:15:27 AM »
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 211.24.140.98 211.24.140.98
O1 - Hosts: 202.146.73.33 wlan1.maxis.net.my
O1 - Hosts: 202.75.129.240 signup.maxis.net.my
O1 - Hosts: 58.71.131.88 myaccount.maxis.net.my
O1 - Hosts: 202.75.129.146 www.maxis.com.my
O1 - Hosts: 207.68.183.32 www.msn.com
O1 - Hosts: 69.147.91.81 webmessenger.yahoo.com
O1 - Hosts: 68.142.194.15 messenger.yahoo.com
O1 - Hosts: 62.219.18.18 www.forumeter.com
O1 - Hosts: 87.106.8.215 www.safer-networking.org
O1 - Hosts: 165.21.86.223 www.inklineglobal.com
O1 - Hosts: 157.238.217.82 appsmtpus.redmatch.com
O1 - Hosts: 207.44.199.159 www.internetdownloadmanager.com
O1 - Hosts: 69.65.109.143 fileforum.betanews.com
O1 - Hosts: 216.73.86.52 ad.doubleclick.net
O1 - Hosts: 69.65.109.141 ads.betanews.com
O1 - Hosts: 12.130.60.8 view.atdmt.com
O1 - Hosts: 209.85.143.166 pagead2.googlesyndication.com
O1 - Hosts: 209.191.92.114 login.yahoo.com
O1 - Hosts: 75.126.53.167 www.avast.com
O1 - Hosts: 69.147.97.194 us.f633.mail.yahoo.com
O1 - Hosts: 209.85.27.168 www.superantispyware.com
O1 - Hosts: 70.84.157.228 forum.avast.com
O1 - Hosts: 17.149.160.10 www.apple.com
O1 - Hosts: 207.200.98.37 www.winamp.com
O1 - Hosts: 198.104.255.163 www2.network.aptimus.com
O1 - Hosts: 17.254.2.134 swdlp.apple.com
O1 - Hosts: 209.131.36.158 www.yahoo.com
O1 - Hosts: 74.6.146.119 search.yahoo.com
O1 - Hosts: 203.115.194.73 star-jobs.com
O1 - Hosts: 157.238.217.120 match.star-jobs.com
O1 - Hosts: 192.150.18.101 www.adobe.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Implements TweakBHO - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B0C7EF4-EE82-4EA4-8A2D-D61239738D41}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B0C7EF4-EE82-4EA4-8A2D-D61239738D41}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9788 bytes
Logged

MeDIeVaL

  • Guest
Re: Please Help!
« Reply #38 on: July 24, 2007, 09:35:30 AM »
F-Secure Blacklight found nuthin' so it's impossible to send the log but seem e'thing okies rite now. Found out that RegAlyzer very helpful if your registry has been disable and you know how to handle it manually.
« Last Edit: July 25, 2007, 08:07:58 AM by MeDIeVaL »
Logged

mauserme

  • Guest
Re: Please Help!
« Reply #39 on: July 26, 2007, 05:37:14 AM »
Thanks for the tip on RegAlyxzer - I'll give it a try.

Oh and, your logs look find (in case you didn't already know  :) )
Logged
Pages: 1 2 [3]   Go Up
« previous next »