Page 1 of 4 1234 LastLast
Results 1 to 10 of 33

Thread: homepage hijacked by: http://awesomehomepage.com/newsletter.php?list=positivethoughts

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default homepage hijacked by: http://awesomehomepage.com/newsletter.php?list=positivethoughts

    I have been having a problem with my homepage as described in title since last Wednesday. I have Windows Xp SP2 which is updated regularly and automatically. When I found that I had a problem
    *I restored my pc to an earlier date previous to Wednesday, but it did not solve the problem.
    *I also ran trendmicro housecall online virus scanner and deleted objects it could delete, some could not be healed.
    *I did an online Kapersky virus scanner and it provided this log:
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, August 31, 2007 12:48:40 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 31/08/2007
    Kaspersky Anti-Virus database records: 400642
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 93898
    Number of viruses found: 14
    Number of infected objects: 68
    Number of suspicious objects: 0
    Duration of the scan process: 02:11:05

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-08-31_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\CA.eTrust.PestPatrol.v5.0.1.5.Anti-Spyware.MultiLanguage.WinALL.Regged.Read.NFO-BLiZZARD.ZIP.bac_a01724/installer.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\CA.eTrust.PestPatrol.v5.0.1.5.Anti-Spyware.MultiLanguage.WinALL.Regged.Read.NFO-BLiZZARD.ZIP.bac_a01724/installer.exe/stream Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\CA.eTrust.PestPatrol.v5.0.1.5.Anti-Spyware.MultiLanguage.WinALL.Regged.Read.NFO-BLiZZARD.ZIP.bac_a01724/installer.exe Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\CA.eTrust.PestPatrol.v5.0.1.5.Anti-Spyware.MultiLanguage.WinALL.Regged.Read.NFO-BLiZZARD.ZIP.bac_a01724 ZIP: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\CA.eTrust.PestPatrol.v5.0.1.5.Anti-Spyware.MultiLanguage.WinALL.Regged.Read.NFO-BLiZZARD.ZIP.bac_a01724 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\Family.Feud.v1.09.PLUS.1.TRAINER-PiZZA.ZIP.bac_a01724/installer.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\Family.Feud.v1.09.PLUS.1.TRAINER-PiZZA.ZIP.bac_a01724/installer.exe/stream Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\Family.Feud.v1.09.PLUS.1.TRAINER-PiZZA.ZIP.bac_a01724/installer.exe Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\Family.Feud.v1.09.PLUS.1.TRAINER-PiZZA.ZIP.bac_a01724 ZIP: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\Family.Feud.v1.09.PLUS.1.TRAINER-PiZZA.ZIP.bac_a01724 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\installer.exe.bac_a01724/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\installer.exe.bac_a01724/stream Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\installer.exe.bac_a01724 NSIS: infected - 2 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\installer.exe.bac_a01724 CryptFF.b: infected - 2 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\license.exe.bac_a01724 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\license.exe.bac_a01960 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.Suite.Edition.v7.61.keygen.zip.bac_a01724/installer.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.Suite.Edition.v7.61.keygen.zip.bac_a01724/installer.exe/stream Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.Suite.Edition.v7.61.keygen.zip.bac_a01724/installer.exe Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.Suite.Edition.v7.61.keygen.zip.bac_a01724 ZIP: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.Suite.Edition.v7.61.keygen.zip.bac_a01724 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.v7.10.Suite.Edition.Incl.Keymaker-NiTROUS.ZIP.bac_a01724/installer.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.v7.10.Suite.Edition.Incl.Keymaker-NiTROUS.ZIP.bac_a01724/installer.exe/stream Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.v7.10.Suite.Edition.Incl.Keymaker-NiTROUS.ZIP.bac_a01724/installer.exe Infected: Trojan.Win32.VB.ami skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.v7.10.Suite.Edition.Incl.Keymaker-NiTROUS.ZIP.bac_a01724 ZIP: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\SmartDraw.v7.10.Suite.Edition.Incl.Keymaker-NiTROUS.ZIP.bac_a01724 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\WinUpdate.exe.bac_a01724/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\WinUpdate.exe.bac_a01724 NSIS: infected - 1 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\WinUpdate.exe.bac_a01724 UPX: infected - 1 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\WinUpdate.exe.bac_a01724 PE_Patch.UPX: infected - 1 skipped
    C:\Documents and Settings\lina\.housecall\Quarantine\WinUpdate.exe.bac_a01724 CryptFF.b: infected - 1 skipped
    C:\Documents and Settings\lina\.housecall6.6\Quarantine\kernel for outlook express_fastest_BitTorrent_downloader.exe.bac_a02424/file12 Infected: Trojan.Win32.Inject.ba skipped
    C:\Documents and Settings\lina\.housecall6.6\Quarantine\kernel for outlook express_fastest_BitTorrent_downloader.exe.bac_a02424 Inno: infected - 1 skipped
    C:\Documents and Settings\lina\.housecall6.6\Quarantine\kernel for outlook express_fastest_BitTorrent_downloader.exe.bac_a02424 CryptFF.b: infected - 1 skipped
    C:\Documents and Settings\lina\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
    C:\Documents and Settings\lina\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\advancedelearningbuilder326.keygen.zip/crack-inf.exe/data0004 Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\advancedelearningbuilder326.keygen.zip/crack-inf.exe Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\advancedelearningbuilder326.keygen.zip ZIP: infected - 2 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Articulate_Spelling_v1.24_Home_Version-DIGERATI.ZIP/crack-inf.exe/data0004 Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Articulate_Spelling_v1.24_Home_Version-DIGERATI.ZIP/crack-inf.exe Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Articulate_Spelling_v1.24_Home_Version-DIGERATI.ZIP ZIP: infected - 2 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0057.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0058.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0059.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0060.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0061.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe/WISE0062.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe WiseSFX: infected - 12 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe WiseSFX Dropper: infected - 12 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Random.Test.Generator.Pro.v8.2.WinALL.Regged-SCF.ZIP/crack-inf.exe/data0004 Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Random.Test.Generator.Pro.v8.2.WinALL.Regged-SCF.ZIP/crack-inf.exe Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Random.Test.Generator.Pro.v8.2.WinALL.Regged-SCF.ZIP ZIP: infected - 2 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Teachers.Personal.Information.Manager.v1.3.16.WinALL.Incl.Keygen-BRD.ZIP/crack-inf.exe/data0004 Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Teachers.Personal.Information.Manager.v1.3.16.WinALL.Incl.Keygen-BRD.ZIP/crack-inf.exe Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Teachers.Personal.Information.Manager.v1.3.16.WinALL.Incl.Keygen-BRD.ZIP ZIP: infected - 2 skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\WebQuiz.XP.ZIP/crack-inf.exe/data0004 Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\WebQuiz.XP.ZIP/crack-inf.exe Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\WebQuiz.XP.ZIP ZIP: infected - 2 skipped
    C:\Documents and Settings\lina\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.248.Crwl Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.248.gthr Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\00010001.ci Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\DocId.Map Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk1.gthr Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk2.gthr Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Ntfy201.gthr Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSS.log Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSStmp.log Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\RSApp.edb Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\tmp.edb Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Logs\MAPI.txt Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf19.tmp Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf1A.tmp Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Perflib_Perfdata_2e8.dat Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\lina\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\lina\My Documents\cracks\CrackServer_WinALL.exe/data0004 Infected: Trojan-Clicker.Win32.VB.jx skipped
    C:\Documents and Settings\lina\My Documents\cracks\CrackServer_WinALL.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\lina\ntuser.dat Object is locked skipped
    C:\Documents and Settings\lina\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{44F73B40-8A04-491A-B572-0F7C03378B94}\RP411\A0123765.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
    C:\System Volume Information\_restore{44F73B40-8A04-491A-B572-0F7C03378B94}\RP426\A0127421.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
    C:\System Volume Information\_restore{44F73B40-8A04-491A-B572-0F7C03378B94}\RP427\change.log Object is locked skipped
    C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_1c8.dat Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_940.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  2. #2
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default homepage hijacked by: http://awesomehomepage.com/newsletter.php?list=positivethoughts

    *After that I ran SpyBot in SAfe Mode, fixed 2 problems and rebooted.
    *Then I used HJT and saved this log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:24:02, on 31/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CNAC4RPK.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/newslette...sitivethoughts
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.elvira.int.tc
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.elvira.int.tc
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = lina
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchToolBHO - {A23BF7EF-4A12-4799-B9CD-72C36EE21983} - C:\Program Files\SearchTool\SearchTool.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
    O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1147730576500
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147730668375
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O20 - AppInit_DLLs: Runner.dll,cdcinmhe.dll,Runner.dll,dghccmll.dll,Runner.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    --
    End of file - 10114 bytes

    Hope I have given you all relevant details so that you can help me get rid of this problem. Regards and Thanks

  3. #3
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Hi,

    Go to this page.
    Enter the url of this thread in the first field.
    Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

    C:\Program Files\SearchTool\SearchTool.dll

    Select it and click ok:
    Then click the Send File button below.

    Also, Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.

  4. #4
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    I have sent the dll file as instructed.
    I am posting here HJT Uninstall files list:

    1Click DVD Copy Pro 1.0.0.9
    3D Home Architect Home Design Deluxe 6
    7 Wonders of the Ancient World
    Adobe Flash Player 9 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 8.1.0
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.0
    Arabesque
    ART-SHOP X-Lite
    AVG 7.5
    Azteca
    Bonus Content - Bathroom Items March 2006
    Bonus Content - Bedroom Items February 2006
    Bonus Content - Dining Room Items December 2005
    Bonus Content - Foyer Items January 2006
    Bonus Content - Kitchen Items November 2005
    Bonus Content - Media Items
    CA eTrust PestPatrol
    Canon LBP5000
    CFGSmart 1.1
    Chicktionary
    Chief Architect 10.0 Demo
    Chief Architect Content Installer: Living Room Items October 2005
    Chuzzle Deluxe 1.0
    CleanMyPC - Registry Cleaner
    C-Media 3D Audio
    Cubology
    CuteSITE Builder
    Diskeeper Professional Edition
    DVD Region+CSS Free 5.9.8.5
    Egyptian Addiction
    Family Feud
    Harvest Mania To Go
    HDFSmart 1.8
    HHD Software Hex Editor 3.12
    HijackThis 2.0.2
    HNFSmart 2.4fix2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    HTT Humax Turbo Suite 2.0
    HUMAX ZORRO TOOLBOX V2
    IDSmart 1.0
    Indeo® software
    Java Runtime Environment 1.1
    Jig Words
    Kaspersky Online Scanner
    Lesson Planner 1.3.0.14.
    LiveUpdate 3.0 (Symantec Corporation)
    Luck Charm Deluxe
    Mahjong Match
    Marvin Symbols for Chief Architect
    Merillat(R) Cabinet Doors
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Premium
    Microsoft Office XP Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mind Machine
    MLS for MsWord v4.0b
    Monkey Madness
    Mystery Case Files - Prime Suspects
    Mystery Solitaire - Secret Island
    Nero 6 Ultra Edition
    Nessy Demo
    Numericon
    NVIDIA Windows 2000/XP Display Drivers
    OE-Mail Recovery 1.7.5.1
    Pantheon
    Pat Sajak’s Lucky Letters
    Pat Sajak's Lucky Letters
    Power MP3 WMA Converter 1.15
    PowerDVD
    ProShow Gold
    Rainbow Mystery
    Recover My Files
    RegAlyzer
    RichFX Player
    Scanner
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917537)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926247)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939373)
    Shareaza version 2.2.1.0
    Slot Words
    SmartSound Quicktracks Plugin
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy 1.4
    Super WHATword?
    Teachers' PRO 5.4
    The Cleaner
    The Da Vinci Code
    The Poppit! Show
    Tri-Peaks Solitaire To Go
    True Sword 4

  5. #5
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Hi,

    Do you have any idea with what this C:\Program Files\SearchTool\SearchTool.dll is related? Did you install it?
    It has references to this forum in its strings: http://swnet.spb.ru/board/index.php?act=home

    Does this look familiar for you? If so, please let me know where you exactly installed it and what it does.

    Also do next please, since there's still a lot of malware present here... * Download Combofix to your desktop.
    Doubleclick combofix.exe
    Follow the prompts.
    Don't click on the window while the fix is running, because that will cause your system to hang.

    When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
    Post the contents of this log in your next reply together with a new hijackthislog.
    Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

  6. #6
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Sidenote.. Ever wondered why you got infected?

    I see you're not afraid of visiting cracksites and other illegal sites, because some cracks are being flagged as malicious.
    If you visit cracksites, use cracks, you'll ALWAYS get infected. This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.
    You really have to change your surfing habits though, because these malware bundles may contain a keylogger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.
    Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.
    So is it really worth it? Get illegal software for "free", but compromise/break your computer instead.... :(
    Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.

    In anyway, please delete next files:

    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\clipartfree.exe
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\advancedelearningbuilder326.keygen.zip
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Articulate_Spelling_v1.24_Home_Version-DIGERATI.ZIP
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Random.Test.Generator.Pro.v8.2.WinALL.Regged-SCF.ZIP
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\Teachers.Personal.Information.Manager.v1.3.16.WinALL.Incl.Keygen-BRD.ZIP
    C:\Documents and Settings\lina\Desktop\My Downloads\school_progs\WebQuiz.XP.ZIP
    C:\Documents and Settings\lina\My Documents\cracks\CrackServer_WinALL.exe


    Also delete this folder Housecall created:

    C:\Documents and Settings\lina\.housecall\Quarantine

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    I have no idea where C:\Program Files\SearchTool\SearchTool.dll came from and don't know the site: http://swnet.spb.ru/board/index.php?act=home

    After I deleted the files you told me to delete in your second pose I ran the combofix and got this log:

    ComboFix 07-08-30.3 - "lina" 2007-09-04 15:29:26.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT 2:00]


    ((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


    2007-09-04 01:02 <DIR> d-------- C:\Program Files\ACW
    2007-09-03 22:23 <DIR> d-------- C:\WINDOWS\system32\backuped
    2007-09-03 22:23 <DIR> d-------- C:\Program Files\True Sword 4
    2007-09-03 22:23 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\True Sword
    2007-09-02 23:30 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-09-02 22:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-09-02 09:58 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\Uniblue
    2007-08-30 17:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-08-30 17:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-08-30 14:27 <DIR> d-------- C:\Program Files\Safer Networking
    2007-08-30 11:25 3,188 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-30 03:57 <DIR> d-------- C:\Program Files\Trend Micro
    2007-08-30 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-30 00:28 <DIR> d-------- C:\Program Files\SearchTool
    2007-08-30 00:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-08-29 12:48 <DIR> d-------- C:\Program Files\HUMAX ZORRO TOOLBOX V2
    2007-08-27 08:10 <DIR> d-------- C:\Program Files\WinUpdater
    2007-08-21 20:43 <DIR> d-------- C:\Program Files\Web Page Maker V2
    2007-08-21 20:43 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\Web Page Maker V2
    2007-08-18 14:07 <DIR> d-------- C:\Program Files\Humax Digital
    2007-08-18 13:56 <DIR> d-------- C:\Program Files\Change to 5400z_plus
    2007-08-18 13:56 43,520 --a------ C:\WINDOWS\system32\HBuilder.exe
    2007-08-18 13:56 2,764 --a------ C:\WINDOWS\system32\PQB.bat
    2007-08-18 13:56 191 --a------ C:\WINDOWS\system32\pls.reg
    2007-08-15 10:14 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-08-15 09:26 <DIR> d-------- C:\Program Files\Florikey V4.0 Beta


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-03 21:45 --------- d-------- C:\Program Files\Windows Desktop Search
    2007-09-01 16:28 --------- d-------- C:\Program Files\The Cleaner
    2007-09-01 01:33 --------- d-------- C:\Program Files\Windows Live Toolbar
    2007-08-30 04:20 --------- d-------- C:\Program Files\XoftSpySE
    2007-08-18 13:57 --------- d-------- C:\Program Files\Florikey
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-09 19:19 --------- d-------- C:\Program Files\Easy Outlook Express Backup
    2007-07-05 14:32 --------- d-------- C:\Program Files\Pat Sajak's Lucky Letters
    2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-24 11:46 737280 --a--c--- C:\WINDOWS\iun6002.exe
    2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2001-11-23 12:08 712704 --a--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL


    ((((((((((((((((((((((((((((( snapshot_2007-09-02_233553.96 )))))))))))))))))))))))))))))))))))))))))

    ----a-w 81,920 2003-06-06 09:21:56 C:\WINDOWS\eSellerateControl350.dll
    ----a-w 356,352 2005-10-11 12:40:52 C:\WINDOWS\eSellerateEngine.dll
    -c--a-w 17,408 2003-03-31 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\PSAPIOLD.DLL
    -c--a-w 23,040 2004-08-03 22:56:46 C:\WINDOWS\ServicePackFiles\i386\PSAPIOLD.DLL
    ----a-w 227,628 2007-09-04 07:26:23 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    ----atw 16,384 2007-09-04 07:26:09 C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
    ----atw 16,384 2007-09-02 23:06:53 C:\WINDOWS\Temp\Perflib_Perfdata_884.dat

    ----a-w 227,626 2007-09-02 21:17:02 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    -c--atw 16,384 2006-05-18 14:35:39 C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
    ----atw 16,384 2007-07-04 10:32:14 C:\WINDOWS\Temp\Perflib_Perfdata_884.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "eTrust PestPatrol Active Protection"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2004-09-27 07:09]
    "DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 17:52]
    "Cmaudio"="cmicnfg.cpl" []
    "BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-23 11:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-15 08:58]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-07-29 20:12]
    "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 14:17]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

    C:\DOCUME~1\lina\STARTM~1\Programs\Startup\
    Diskeeper 9 Professional Edition Registration.lnk - C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe [2005-01-04 14:24:12]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 02:18 49152]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
    R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys
    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys
    R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys
    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys
    S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
    RApcss RpcSs


    Contents of the 'Scheduled Tasks' folder
    2007-09-03 13:38:00 C:\WINDOWS\Tasks\TC_update.job - C:\Program Files\The Cleaner\cleaner.exe
    2007-05-08 21:10:13 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
    2007-09-04 07:26:33 C:\WINDOWS\Tasks\XoftSpySE 2.job
    2007-09-01 08:46:45 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-04 15:31:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-04 15:32:33
    C:\ComboFix-quarantined-files.txt ... 2007-09-04 15:32
    C:\ComboFix2.txt ... 2007-09-04 15:08
    C:\ComboFix3.txt ... 2007-09-03 00:43

    --- E O F ---

    This is the HJT log that i did in the end of all:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:35:14, on 04/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CNAC4RPK.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.elvira.int.tc
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1147730576500
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147730668375
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    --
    End of file - 8188 bytes

    Yes, I am very ashamed to say that there was a period when I was addicted to cracks and cracksites. I would download programmes and find a crack for them. Sometimes I did it just for the high of cracking a programme. At times I would then uninstall the prog cos it was no use to me. However, I am getting rid of my addiction, because, as you saaid, it is very dangerous and not worthwhile.

    BTW, thanks for helping me. I have to get rid of this problem because it's driving me crazy.

  8. #8
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Ok, since you don't know this SearchTool and I see the folder was created recently, it should go, because that's why I asked a sample in the first place, since it looked suspicious.
    There's also some other files and folders that need to go..
    I see you already fixed some entries in HijackThis?

    anyway,

    First and important thing... I see you are running Teatimer.
    I suggest you to disable it because it can interfere with the changes you'll make on your system.
    When everything is done and your log is clean again, you can enable it again.
    If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    How to disable TeaTimer during HijackThis Cleanup
    Then, Download ResetTeaTimer.bat.
    Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

    Then,

    Do next please.. * Open notepad - don't use any other texteditor than notepad or the script will fail.
    Copy/paste the text in the quotebox below into notepad:

    Folder::
    C:\Program Files\SearchTool
    C:\Program Files\WinUpdater

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinUpdater"=-
    Save this as txtfile CFScript

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

  9. #9
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    After following yr instructions, pc rebooted and many services seem to have been disabled or deactivated, they are not working. I can't log onto the internet. I get an error window named: Windows Desktop Search Tool Tray Administration and i cant go anywhere from there. Now I have connected the internet cable modem to my laptop and I'm contacting you from here.

    I also tried to go back to a restore point but it would't allow me to, it says: System Restore is not protecting your computer I have saved combifix logfile and also hijack this, but cannot get them on this computer.

    Help!!

  10. #10
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    This is really strange...

    Have you been deleting anything else I didn't ask? Because I see you have been fixing entries in your HijackThislog already while I didn't instructed it yet.

    I can't log onto the internet. I get an error window named: Windows Desktop Search Tool Tray Administration
    You have not been deleting the C:\Program Files\Windows Desktop Search folder as well?
    Because that error seems to be related with Windows Desktop Search.

    Does your Internet Explorer open when the add-ons are disabled? To do this, go to start > all programs > System Tools > Internet Explorer (No Add-ons)
    Or rightclick your Internet Explorer icon on your desktop and select the "Start Without add-ons" button there.
    This will launch your Internet Explorer in a non add-on mode.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •