Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Immediate help needed

[Fixed] Hijackthis! Logs - Immediate help needed posted in the Security & Safety forums; Since a few days I have been facing problems browsing the internet. It has been giving me a real headache. I therefore seek the help of fellow members to help ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 07-23-2008
raidang's Avatar
Bronze Member
My PC
 
Join Date: Jul 2008
Location: India, New Delhi
Posts: 34
PC Experience: Experienced
raidang - See this Members User comments on their Profile page
Default Immediate help needed
Since a few days I have been facing problems browsing the internet. It has been giving me a real headache. I therefore seek the help of fellow members to help me solve the issue permanently..

The problems I have been facing are described below:

Often I'm not able to log in to www.orkut.com or www.gmail.com or www.wireclub.com..When I typed in Google in my Firefox browser it gives strings like "waiting for dt.tongji.cn.yahoo.com" and "waiting for log2.soft.cn.yahoo.com" in the Firefox status bar and my internet connection too gets slowed down. When I try to open www.gmail.com, it gives the string "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&l tmplcache=2" in the address bar and the page does not open. But sometimes it gets fine again.
And I also get errors using Yahoo Messenger. When I log in to Yahoo messenger, it gives errors similar to:
An error has occurred in the script on this page.

Line: 46
Char: 48
Error: Expected 'j'
Code: 0
URL: http://insider.msg.yahoo.com/client_ad.php?p=409640

and then it ask me to click either "yes" or "no"..

I am using Mcafee VirusScan 8.0.0 with latest updates (July 22, 2008). I have done full system scan in Safe Mode but could not find anything. But often sometimes when I log in to yahoo messenger and get the error mentioned above, Mcafee detects a Trojan named "VBS/Psyme". Mcafee only blocks the running of the script and it does not provide any option like "Clean, Delete or Quarantine".

I am also using Trojan Remover 6.7.1 with latest definition updates (23 July 2008) but it does not detect any problem. Scanned for issues using Safe Mode too but can't find any issue.

I am also using Spy bot Search and Destroy with latest definition updates but it does not detect any issue. Can't find any issue even if I scan my system in Safe Mode.

I also use SpywareBlaster with latest definition updates but it does not detect any issue.

I have also tried "Smitfraudfix.exe" but even it does not detect any issue.

I used CCleaner software to clean Temporary Internet files, clean the registry etc.

I even uninstalled Internet Explorer from the Add/Remove Programs-Add/Remove Windows Components option. But it does not help in any way.

I therefore request fellow members to help me solve this issue.

I have provided the HijackThis Log file below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:53, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\Softwares Collection\Hijack This\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E7A95C-9DCC-4526-8360-BB327E5017FC}: NameServer = 172.16.0.1
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4059 bytes

Edit by Axephilic: Moved to the [New]HijackThis logs forum.


Last edited by Axephilic; 07-24-2008 at 03:08 AM. Reason: Added clue
  #2  
Old 07-24-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,609
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Immediate help needed
Ok.Let see what we can find...


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 07-24-2008
raidang's Avatar
Bronze Member
My PC
 
Join Date: Jul 2008
Location: India, New Delhi
Posts: 34
PC Experience: Experienced
raidang - See this Members User comments on their Profile page
Default Re: Immediate help needed
Thanks for your quick response.

Well, I have attached the ComboFix.txt Log file for review. I am hoping to hear from you soon.


ComboFix 08-07-23.4 - Raidang's 2008-07-24 10:56:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.183 [GMT 5.5:30]
Running from: C:\Documents and Settings\Raidang's\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-24 03:23 . 2008-07-24 03:23 <DIR> d-------- C:\Program Files\PC Auto Shutdown
2008-07-24 03:23 . 2008-07-24 03:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Auto Shutdown
2008-07-22 19:59 . 2008-07-22 19:59 <DIR> d-------- C:\Program Files\Camtech
2008-07-22 19:59 . 1999-05-07 08:00 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-07-22 19:59 . 2000-07-09 19:15 106,496 --a------ C:\WINDOWS\system32\MBPrgBar.ocx
2008-07-22 19:59 . 2001-09-03 07:52 766 --a------ C:\WINDOWS\win98Logo.ico
2008-07-22 18:59 . 2008-07-22 19:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 18:59 . 2008-07-23 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-22 03:12 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-22 03:12 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-07-22 03:12 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-07-22 03:12 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-07-22 03:12 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-07-22 03:12 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-07-22 03:12 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-07-22 03:12 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-07-22 03:12 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-07-22 03:12 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-07-22 03:11 . 2003-03-19 09:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-07-22 03:11 . 2003-03-19 08:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-22 03:11 . 2005-06-02 18:19 228,352 --a------ C:\WINDOWS\system32\drivers\BTCamDrv.sys
2008-07-22 01:36 . 2008-07-23 20:54 <DIR> d-------- C:\Documents and Settings\Raidang's\dwhelper
2008-07-21 22:53 . 2008-07-23 21:26 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-21 21:41 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-07-21 21:40 . 2008-07-21 22:55 <DIR> d-------- C:\IE-SPYAD
2008-07-21 21:19 . 2008-07-23 14:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-20 20:27 . 2008-07-20 20:27 17,920 --a------ C:\WINDOWS\system32\toolbars.dll
2008-07-20 20:27 . 2008-07-20 20:27 17,920 --a------ C:\WINDOWS\system32\tbrs.dll
2008-07-20 20:26 . 2008-07-20 20:26 17,920 --a------ C:\WINDOWS\system32\tbsrch.dll
2008-07-20 20:26 . 2008-07-20 20:26 17,920 --a------ C:\WINDOWS\system32\tbsch.dll
2008-07-20 19:09 . 2008-07-24 02:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 18:58 . 2008-07-23 21:38 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-20 18:58 . 2008-07-20 18:58 <DIR> d-------- C:\Documents and Settings\Raidang's\Application Data\Simply Super Software
2008-07-20 18:58 . 2008-07-20 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-20 18:58 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-20 18:58 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-20 18:58 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-20 18:58 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-20 18:58 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-20 18:56 . 2008-07-22 13:06 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-20 05:14 . 2008-07-20 05:14 <DIR> d-------- C:\Documents and Settings\Raidang's\Application Data\Media Player Classic
2008-07-19 20:19 . 2008-07-19 21:46 <DIR> d-------- C:\quarantine
2008-07-19 20:05 . 2008-07-19 22:10 <DIR> d-------- C:\Documents and Settings\Raidang's\Application Data\LimeWire
2008-07-19 19:56 . 2008-07-19 19:57 <DIR> d-------- C:\Program Files\LimeWire
2008-07-19 16:51 . 2008-07-19 17:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 16:50 . 2008-07-19 16:50 <DIR> d---s---- C:\Documents and Settings\Raidang's\UserData
2008-07-19 15:16 . 2008-07-19 15:16 <DIR> d-------- C:\Program Files\CCleaner
2008-07-18 21:51 . 2008-07-18 21:51 <DIR> d-------- C:\WINDOWS\Sun
2008-07-18 21:50 . 2005-08-26 18:14 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-07-18 21:48 . 2008-07-19 20:05 <DIR> d-------- C:\Program Files\Java
2008-07-18 21:48 . 2008-07-18 21:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-17 19:45 . 2008-07-17 19:45 <DIR> d-------- C:\Documents and Settings\Raidang's\Contacts
2008-07-17 19:44 . 2008-07-17 19:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-17 19:44 . 2008-07-17 19:44 <DIR> d-------- C:\Program Files\MSN Messenger
2008-07-17 19:36 . 2008-07-17 19:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-17 19:36 . 2008-07-17 19:36 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-17 19:36 . 2003-06-18 17:31 17,920 --------- C:\WINDOWS\system32\mdimon.dll
2008-07-17 19:36 . 2008-07-17 19:36 376 --------- C:\WINDOWS\ODBC.INI
2008-07-17 19:14 . 2008-07-23 17:10 512 --a------ C:\WINDOWS\randseed.rnd
2008-07-17 19:08 . 2008-07-17 19:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-17 19:05 . 2008-07-17 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-17 18:49 . 2008-07-17 19:05 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-17 17:30 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-07-17 17:29 . 2004-09-21 18:18 148,830 --------- C:\WINDOWS\system32\drivers\bcbthub.sys
2008-07-17 17:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe.vir
2008-07-17 17:18 . 2008-07-23 21:52 2,652 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-17 17:05 . 2008-07-17 17:05 0 --------- C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-23 09:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 09:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-23 07:52 --------- d-----w C:\Program Files\Winamp
2008-07-17 11:38 --------- d-----w C:\Program Files\Opera
2008-07-17 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-17 11:22 --------- d-----w C:\Program Files\Yahoo!
2008-07-17 11:19 --------- d-----w C:\Program Files\Google
2008-07-17 11:14 --------- d-----w C:\Program Files\Network Associates
2008-07-17 11:14 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-07-17 11:14 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2008-07-17 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2008-07-17 11:08 --------- d-----w C:\Program Files\Realtek
2008-07-17 11:07 4,096 ------w C:\WINDOWS\gdrv.sys
2008-07-17 11:07 --------- d-----w C:\Program Files\AMD
2008-07-17 10:52 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-17 08:01 7307264]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2005-10-17 08:01 86016]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-07-23 21:34 909392]
"PC Auto Shutdown"="C:\Program Files\PC Auto Shutdown\AutoShutdown.exe" [2007-12-17 00:09 1392728]
"nwiz"="nwiz.exe" [2005-10-17 08:01 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 11:14 15473664 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\Raidang's\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 PCAutoShutdown_Service;PCAutoShutdown_Service;C:\P rogram Files\PC Auto Shutdown\ShutdownService.exe [2007-12-17 00:09]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 18:19]

*Newly Created Service* - CATCHME
*Newly Created Service* - ENTDRV51
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
O17 -: HKLM\CCS\Interface\{F4E7A95C-9DCC-4526-8360-BB327E5017FC}: NameServer = 172.16.0.1


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 10:57:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-07-24 10:58:45
ComboFix-quarantined-files.txt 2008-07-24 05:28:33

Pre-Run: 7,023,001,600 bytes free
Post-Run: 7,011,975,168 bytes free

152
Attached Files
File Type: txt ComboFix.txt (10.8 KB, 1 views)


Last edited by Pancake; 07-24-2008 at 06:44 AM. Reason: Copied and pasted for better viewing....
  #4  
Old 07-24-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,609
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Immediate help needed
I think your problem maybe with java.



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:



File::
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\WS2Fix.exe.vir
C:\WINDOWS\system32\tmp.reg

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 07-24-2008
raidang's Avatar
Bronze Member
My PC
 
Join Date: Jul 2008
Location: India, New Delhi
Posts: 34
PC Experience: Experienced
raidang - See this Members User comments on their Profile page
Default Re: Immediate help needed
Thanks again for your response. I have followed your instructions and have attached the HijackThis and ComboFix log files for review. Hoping to hear from you soon.
Attached Files
File Type: log hijackthis.log (4.3 KB, 0 views)
File Type: txt ComboFix.txt (10.9 KB, 2 views)


  #6  
Old 07-24-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,609
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Immediate help needed
I cant see anymore files to remove so if things are no better I will move you to another forum for help.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #7  
Old 07-25-2008
raidang's Avatar
Bronze Member
My PC
 
Join Date: Jul 2008
Location: India, New Delhi
Posts: 34
PC Experience: Experienced
raidang - See this Members User comments on their Profile page
Default Re: Immediate help needed
I'm sorry I could not post any reply yesterday. I actually couldn't log into my account to post. Well, as of now the problem seems to have been gone as i could log into this site and other sites as well.

Yesterday I made a full system scan but found nothing. I then formatted my C: drive and made a clean installation of windows XP Professional and then added other softwares (anti virus, Firefox, opera, Trojan remover, spybot search & destroy, spyware blaster etc with latest updates). I also made windows updates. But when I tried to log in to orkut, gmail, and this website (pchelpforum.com), i just could not log in. I could not browse those sites yesterday, but today it's been working fine. I just couldn't understand why it is so.

Well, i have attached Deckard's System Scanner log files (main.txt & extra.txt) for review.

I'm hoping to hear from you soon. And I would like to thank you for all your efforts. Thank you
Attached Files
File Type: txt main.txt (24.9 KB, 1 views)
File Type: txt extra.txt (9.4 KB, 1 views)



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

Tags
internet explorer , needed , script error , yahoo messenger

« Pc running slower and error messages | Just a quick HJT check »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 07:48 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top