Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Internet won't view certain pages

[Fixed] Hijackthis! Logs - Internet won't view certain pages posted in the Security & Safety forums; I can't get on yahoo, google, select forums(I can get on here), and other sites. The progress bar stalls at 50%. I can get on them in safe mode, but ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-19-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
KillrAce - See this Members User comments on their Profile page
Exclamation Internet won't view certain pages
I can't get on yahoo, google, select forums(I can get on here), and other sites. The progress bar stalls at 50%. I can get on them in safe mode, but not in normal mode. I've done Spybot SD, CCleaner, Norton, and many others that didn't find anything here's my HJT log file. plz help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:59 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\system32\wvUllmMg.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {6813df27-fdf5-c5c9-6e44-4e94a63735d7} - {7d53736a-49e4-44e6-9c5c-5fdf72fd3186} - C:\WINDOWS\system32\utnqmhrw.dll
O2 - BHO: (no name) - {A4D54588-7013-4386-B080-5F56D2FD8C47} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F130CC7F-B22B-458E-AF12-B255B02E536D} - C:\WINDOWS\system32\pmnoMecA.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [70634db3] rundll32.exe "C:\WINDOWS\system32\tkbporli.dll",b
O4 - HKLM\..\Run: [BM73507e2f] Rundll32.exe "C:\WINDOWS\system32\kytnumej.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Braondon\LOCALS~1\Temp\lctqxtis.dll", run
O4 - HKCU\..\Run: [70634db3] rundll32.exe "C:\DOCUME~1\Braondon\LOCALS~1\Temp\gbojcykl.dll", b
O4 - HKCU\..\Run: [BM73507e2f] Rundll32.exe "C:\DOCUME~1\Braondon\LOCALS~1\Temp\xbrlwfhl.dll", s
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Braondon\My Documents\My Music\Corel Sample Music\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.thepiratebay.org
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dmlang - dmlang.dll (file missing)
O20 - Winlogon Notify: wvUllmMg - C:\WINDOWS\SYSTEM32\wvUllmMg.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://halotech.org/signatures/sigcache/32083_1.png
O24 - Desktop Component 2: (no name) - http://gamercard.xbox.com/Killr%20Ace.card

--
End of file - 10804 bytes


Last edited by KillrAce; 06-19-2008 at 09:45 PM. Reason: Didn't have hidden folders
  #2  
Old 06-19-2008
Jelly Bean's Avatar
Moderation Team Leader
My PC
 
Join Date: Feb 2008
Location: Swansea
Posts: 5,160
PC Experience: I Try My Best.
Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page
Send a message via MSN to Jelly Bean Send a message via Yahoo to Jelly Bean Send a message via Skype™ to Jelly Bean
Default Re: Internet won't view certain pages
Hello and welcome to PC Help Forum.

I have moved your thread to HJT section.



__________________
It is all in the hardware..........................................
Sources:
Microsoft Home Page /Seagate Home Page /Petri Home Page

PCHF Rules / Home Page / Prework /Windows Vista Home Page / XBOX360 / Test your Internet Speed
  #3  
Old 06-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,089
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Internet won't view certain pages
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix


Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #4  
Old 06-20-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
KillrAce - See this Members User comments on their Profile page
Default Re: Internet won't view certain pages
Man, was that scary!!! All those warnings of 1/100 PCs crash using it and then it taking 2 1/2 hours(THE THING SAID 10 MINS!!! waaaaaaaaaah). PS, after running CF and SDFix, Vfinder.exe, CF23135.exe, cmd.exe, and C:\$Mft show up as corrupt... anyway...

ComboFix 08-06-19.2 - b 2008-06-20 1:43:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -5:00]
Running from: C:\Documents and Settings\b\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\b\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\abW9
C:\Temp\fse
C:\temp\iee
C:\WINDOWS\BM73507e2f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AceMonmp.ini
C:\WINDOWS\system32\AceMonmp.ini2
C:\WINDOWS\system32\dgdgatmu.ini2
C:\WINDOWS\system32\dgdgatmu.tmp
C:\WINDOWS\system32\iifedaYo.dll
C:\WINDOWS\system32\ilropbkt.ini
C:\WINDOWS\system32\kytnumej.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnoMecA.dll
C:\WINDOWS\system32\tkbporli.dll
C:\WINDOWS\system32\utnqmhrw.dll
C:\WINDOWS\system32\vhmuirnv.dll
C:\WINDOWS\system32\vnriumhv.ini
C:\WINDOWS\system32\watetuce.dll
C:\WINDOWS\system32\wvUllmMg.dll
C:\WINDOWS\system32\WxbJkUvw.ini
C:\WINDOWS\system32\WxbJkUvw.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 01:22 . 2008-06-20 01:24 <DIR> d-------- C:\Documents and Settings\b\Application Data\Yahoo!
2008-06-20 00:25 . 2006-05-26 00:59 <DIR> d-------- C:\Documents and Settings\b\Application Data\Symantec
2008-06-20 00:25 . 2008-06-20 00:27 <DIR> d-------- C:\Documents and Settings\b\Application Data\Gtek
2008-06-20 00:25 . 2008-06-20 00:25 <DIR> d-------- C:\Documents and Settings\b
2008-06-20 00:17 . 2008-06-20 00:17 <DIR> d-------- C:\SDFix
2008-06-19 22:16 . 2008-06-19 22:16 80,384 --a------ C:\WINDOWS\system32\umtagdgd.dll
2008-06-19 22:13 . 2008-06-19 22:13 90,112 --a------ C:\WINDOWS\system32\hcfjomiy.dll
2008-06-19 15:02 . 2008-06-19 15:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 11:23 . 2008-06-19 11:23 <DIR> d-------- C:\Documents and Settings\Administrator\.java
2008-06-19 03:40 . 2008-06-19 15:01 <DIR> d-------- C:\Program Files\CCleaner
2008-06-19 02:26 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-06-19 02:24 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-06-19 02:23 . 2001-08-17 13:28 604,253 --a------ C:\WINDOWS\system32\dllcache\vmodem.sys
2008-06-19 02:22 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-19 02:21 . 2001-08-17 22:36 216,064 --a------ C:\WINDOWS\system32\dllcache\um34scan.dll
2008-06-19 02:20 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-19 02:19 . 2004-08-04 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-06-19 02:18 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-06-19 02:17 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-06-19 02:17 . 2001-08-17 22:36 114,688 --a------ C:\WINDOWS\system32\dllcache\sonypi.dll
2008-06-19 02:17 . 2001-08-17 22:36 106,584 --a------ C:\WINDOWS\system32\dllcache\spdports.dll
2008-06-19 02:17 . 2004-08-04 05:00 101,376 --a------ C:\WINDOWS\system32\dllcache\srusbusd.dll
2008-06-19 02:17 . 2001-08-17 22:36 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2008-06-19 02:17 . 2001-08-17 13:51 61,824 --a------ C:\WINDOWS\system32\dllcache\speed.sys
2008-06-19 02:17 . 2001-08-17 12:11 48,736 --a------ C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-06-19 02:17 . 2001-08-17 12:51 37,040 --a------ C:\WINDOWS\system32\dllcache\sonypi.sys
2008-06-19 02:17 . 2001-08-17 22:36 24,660 --a------ C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-06-19 02:17 . 2001-08-17 13:51 16,896 --a------ C:\WINDOWS\system32\dllcache\stcusb.sys
2008-06-19 02:17 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-19 02:15 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-19 02:14 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-06-19 02:13 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-19 02:12 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-06-19 02:11 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-19 02:10 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\dllcache\ptpusd.dll
2008-06-19 02:09 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-06-19 02:03 . 2004-08-04 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-06-19 02:02 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-06-19 02:01 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
2008-06-19 02:00 . 2001-08-17 12:11 128,000 --a------ C:\WINDOWS\system32\dllcache\n100325.sys
2008-06-19 01:59 . 2004-08-04 05:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-19 01:58 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
2008-06-19 01:57 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-19 01:56 . 2004-08-04 05:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-06-19 01:55 . 2004-08-04 05:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-06-19 01:54 . 2004-08-04 00:56 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-06-19 01:53 . 2004-08-04 05:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-19 01:52 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-06-19 01:51 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-19 01:50 . 2001-08-17 12:15 455,680 --a------ C:\WINDOWS\system32\dllcache\fus2base.sys
2008-06-19 01:49 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-06-19 01:48 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-06-19 01:47 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-19 01:46 . 2001-08-17 22:36 419,357 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-06-19 01:45 . 2004-08-04 00:56 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-06-19 01:44 . 2004-08-04 05:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-06-19 01:43 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-06-19 01:42 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-19 01:41 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-19 01:39 . 2003-03-24 16:52 32,827 --a------ C:\WINDOWS\system32\dllcache\tcptest.exe
2008-06-19 01:39 . 2003-03-24 16:52 20,536 --a------ C:\WINDOWS\system32\dllcache\shtml.dll
2008-06-19 01:39 . 2003-03-24 16:52 16,437 --a------ C:\WINDOWS\system32\dllcache\shtml.exe
2008-06-19 01:39 . 2003-03-24 16:52 16,384 --a------ C:\WINDOWS\system32\dllcache\tcptsat.dll
2008-06-19 01:38 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-06-19 01:25 . 2003-03-24 16:52 188,480 --a------ C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-06-19 01:25 . 2003-03-24 16:52 20,540 --a------ C:\WINDOWS\system32\dllcache\author.dll
2008-06-19 01:25 . 2003-03-24 16:52 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2008-06-19 01:25 . 2003-03-24 16:52 16,439 --a------ C:\WINDOWS\system32\dllcache\author.exe
2008-06-19 01:25 . 2003-03-24 16:52 16,439 --a------ C:\WINDOWS\system32\dllcache\admin.exe
2008-06-18 21:47 . 2008-06-19 01:22 <DIR> d-------- C:\WINDOWS\wt
2008-06-18 02:25 . 2008-06-18 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 14:43 . 2008-06-16 14:46 <DIR> d-------- C:\WINDOWS\system32\netrax01
2008-06-16 14:43 . 2008-06-16 14:43 <DIR> d-------- C:\Temp\itmp4
2008-06-13 01:55 . 2002-08-07 12:09 430,080 --a------ C:\WINDOWS\system32\cmcs21.ocx
2008-06-13 01:55 . 1998-06-24 00:00 103,744 --a------ C:\WINDOWS\system32\mscomm32.ocx
2008-06-13 01:55 . 1998-03-26 01:12 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2008-06-13 00:32 . 2008-06-13 00:32 <DIR> d-------- C:\songs
2008-06-13 00:26 . 2008-06-13 00:26 <DIR> d-------- C:\Documents and Settings\Braondon\Application Data\fretsonfire
2008-06-13 00:16 . 2008-06-13 00:18 <DIR> d-------- C:\Program Files\Alarian
2008-06-12 18:24 . 2008-06-15 02:50 <DIR> d-------- C:\Documents and Settings\Braondon\Application Data\Hamachi
2008-06-12 16:04 . 2008-06-12 16:04 144 --a------ C:\Dark_Silence's private ro server tutorial with hamachi(and images!) - GamerzPlanet - For All Your Online Gaming Needs!!.URL
2008-06-12 15:44 . 2008-06-19 02:32 <DIR> d-------- C:\Program Files\Hamachi
2008-06-12 15:44 . 2008-06-12 15:49 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-12 15:40 . 2008-02-27 20:03 <DIR> d-------- C:\12255_eathena_stable_sql
2008-06-12 14:18 . 2008-06-12 15:12 <DIR> d-------- C:\Program Files\Macromedia
2008-06-12 14:18 . 2008-06-12 15:12 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-06-12 07:41 . 2008-06-12 07:41 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-06-12 07:41 . 2008-06-12 07:41 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_010 05.Wdf
2008-06-12 07:20 . 2008-06-12 07:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\fretsonfire
2008-06-10 18:29 . 2008-04-14 06:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:29 . 2008-04-14 06:01 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 01:27 . 2008-06-19 16:24 <DIR> d-------- C:\Documents and Settings\Braondon\Application Data\uTorrent
2008-05-27 22:57 . 2008-05-27 22:57 <DIR> d-------- C:\Documents and Settings\Braondon\Application Data\InstallShield Installation Information
2008-05-27 22:22 . 2008-06-08 00:57 <DIR> d-------- C:\Documents and Settings\Braondon\Application Data\LimeWire
2008-05-26 19:49 . 2008-05-26 19:58 <DIR> d-------- C:\Documents and Settings\Braondon\Application Data\Yahoo!
2008-05-24 02:25 . 2008-05-31 21:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 02:25 . 2008-05-24 02:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 01:39 . 2008-06-12 10:58 89 --a------ C:\WINDOWS\RCASMVVC.ini
2008-05-24 01:02 . 2008-05-24 01:02 <DIR> d-------- C:\Program Files\Sun
2008-05-24 01:01 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-24 00:56 . 2008-05-24 00:56 <DIR> d-------- C:\Program Files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-20 07:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-19 07:33 --------- d-----w C:\Program Files\Graal
2008-06-16 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 02:23 --------- d-----w C:\Documents and Settings\Sydney\Application Data\Yahoo!
2008-05-24 06:01 --------- d-----w C:\Program Files\Java
2008-05-11 02:58 --------- d-----w C:\Documents and Settings\Braondon\Application Data\Talkback
2008-05-11 02:45 --------- d--h--w C:\Documents and Settings\Braondon\Application Data\Gtek
2008-05-10 05:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 05:54 --------- d-----w C:\Program Files\RCA
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-02 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-28 03:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 04:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\fretsonfire
2008-04-26 15:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\uTorrent
2007-11-08 03:26 88 --sh--r C:\WINDOWS\system32\F3A02192FC.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-25 04:51 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2005-04-05 19:23 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-05-26 01:07 169472]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-26 16:30 282624]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 07:44 185896]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmlang]
dmlang.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Documents and Settings\\Guest\\Desktop\\utorrent.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Documents and Settings\\Guest\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"10386:TCP"= 10386:TCP:BitComet 10386 TCP
"10386:UDP"= 10386:UDP:BitComet 10386 UDP

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - FeAr.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 02:53:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
.
************************************************** ************************
.
Completion time: 2008-06-20 3:06:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 08:06:24

Pre-Run: 86,597,545,984 bytes free
Post-Run: 88,120,975,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

254 --- E O F --- 2008-06-11 00:28:31




SDFix Report:

SDFix: Version 1.194
Run by Administrator on Fri 06/20/2008 at 03:26 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found




Folder C:\WINDOWS\system32\netrax01 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 03:36:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\ system32\\LEXPPS.EXE:*isabled:LEXPPS.EXE"
"C:\\Documents and Settings\\Guest\\Desktop\\utorrent.exe"="C:\\Docum ents and Settings\\Guest\\Desktop\\utorrent.exe:*isabled: utorrent"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS \\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\Guest\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"="C:\\Docume nts and Settings\\Guest\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe:*isabled:M ySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 7 Jun 2006 88 A.SHR --- "C:\i386\F3A02192FC.sys"
Wed 7 Jun 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Wed 7 Nov 2007 88 ..SHR --- "C:\WINDOWS\system32\F3A02192FC.sys"
Wed 2 Apr 2008 104 ..SHR --- "C:\WINDOWS\system32\FC9221A0F3.sys"
Wed 2 Apr 2008 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 18 Jun 2007 177,152 A..H. --- "C:\Documents and Settings\Braondon\Desktop\utorrent.exe"
Mon 18 Jun 2007 177,152 A..H. --- "C:\Documents and Settings\Guest\Desktop\utorrent.exe"
Mon 26 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67d da0ffd4dea8c0d990dc65796\BIT2C.tmp"
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\b\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Fri 20 Jun 2008 8 A..H. --- "C:\Documents and Settings\b\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\b\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Braondon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Sat 10 May 2008 8 A..H. --- "C:\Documents and Settings\Braondon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Braondon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp "
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Reve\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Reve\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Reve\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Reve\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Reve\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Reve\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp "
Fri 20 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sydney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Fri 20 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sydney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Fri 20 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sydney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Fri 20 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sydney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Sydney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp "
Thu 20 Mar 2008 8 A..H. --- "C:\Documents and Settings\Sydney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp "

Finished!


Last edited by KillrAce; 06-20-2008 at 09:47 AM.
  #5  
Old 06-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,089
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Internet won't view certain pages
Ok.Nearly done...

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:


http://www.pchelpforum.com/progress-...tml#post272059

Collect::
C:\WINDOWS\system32\umtagdgd.dll
C:\WINDOWS\system32\hcfjomiy.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmlang]
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #6  
Old 06-20-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
KillrAce - See this Members User comments on their Profile page
Default Re: Internet won't view certain pages
Originally Posted by Pancake View Post
Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
That never happened. I did everything you asked, and my internet was fully working, but nothing came up with the log. The Windows Explorer process never rebooted itself after combofix, so I did it manually after about ten minutes after the log file opened.

Something Odd: Before I did what you said above, I tried getting on yahoo and it worked, afterwords, it doesn't. Also, when I create new accounts on here (not sure about old accounts) they too are able to access yahoo it seems, but it's MY screen name (Braondon) that won't. Very confusing. Anyway....




ComboFix 08-06-19.4 - d 2008-06-20 11:25:52.2 - NTFSx86
Running from: C:\Documents and Settings\Braondon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\d\Desktop\CFScript.lnk
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Desktop\Install WinAntiSpyware 2007 .lnk
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\TA_Start.lnk
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 11:17 . 2006-05-26 00:59 <DIR> d-------- C:\Documents and Settings\d\Application Data\Symantec
2008-06-20 11:17 . 2008-06-20 11:18 <DIR> d-------- C:\Documents and Settings\d\Application Data\Gtek
2008-06-20 11:17 . 2008-06-20 11:17 <DIR> d-------- C:\Documents and Settings\d
2008-06-20 04:05 . 2008-06-20 11:10 414 ---hs---- C:\WINDOWS\system32\dgdgatmu.ini
2008-06-20 03:21 . 2008-06-20 03:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-20 00:17 . 2008-06-20 03:41 <DIR> d-------- C:\SDFix
2008-06-19 22:16 . 2008-06-19 22:16 80,384 --a------ C:\WINDOWS\system32\umtagdgd.dll
2008-06-19 22:13 . 2008-06-19 22:13 90,112 --a------ C:\WINDOWS\system32\hcfjomiy.dll
2008-06-19 15:02 . 2008-06-19 15:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 11:23 . 2008-06-19 11:23 <DIR> d-------- C:\Documents and Settings\Administrator\.java
2008-06-19 03:40 . 2008-06-19 15:01 <DIR> d-------- C:\Program Files\CCleaner
2008-06-19 02:26 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-06-19 02:24 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-06-19 02:23 . 2001-08-17 13:28 604,253 --a------ C:\WINDOWS\system32\dllcache\vmodem.sys
2008-06-19 02:22 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-19 02:21 . 2001-08-17 22:36 216,064 --a------ C:\WINDOWS\system32\dllcache\um34scan.dll
2008-06-19 02:20 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-19 02:19 . 2004-08-04 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-06-19 02:18 . 2001-08-17 14:56 172,768 --a------