Hello

Posted 8/22/2009 10:00 AM
#76364
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
i just want you ta have a look at this <br/>i used the programe that you usually recommend(fix) <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 12:52:15 م, on 22/08/2009 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\AlienGUIse\wbload.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\igfxtray.exe <br/>C:\WINDOWS\system32\hkcmd.exe <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\Program Files\Google\Update\GoogleUpdate.exe <br/>C:\WINDOWS\system32\igfxsrvc.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe <br/>C:\Program Files\MP4 Player\mp4Player.exe <br/>C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>C:\Program Files\Internet Download Manager\IDMan.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\Program Files\Internet Download Manager\IEMonitor.exe <br/>C:\Program Files\Windows Live\Contacts\wlcomm.exe <br/>C:\Program Files\Anti Netcut\Anti NetCut.exe <br/>C:\Program Files\JetAudio\JetAudio.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Alwil Software\Avast4\setup\avast.setup <br/>C:\Documents and Settings\nermeen\My Documents\Downloads\Programs\HiJackThis_2.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm <br/>R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll <br/>R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll <br/>O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe" <br/>O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" <br/>O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" <br/>O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE" <br/>O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE" <br/>O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files\Systweak\Advanced System Protector\ASP.exe" /autorun <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background <br/>O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S <br/>O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw <br/>O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot <br/>O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') <br/>O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') <br/>O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') <br/>O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe <br/>O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe <br/>O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm <br/>O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm <br/>O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: خدمة تحديث Google (gupdate1ca2134a455594) (gupdate1ca2134a455594) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/> <br/>-- <br/>End of file - 6511 bytes
Posted 8/22/2009 11:36 AM
#76365
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello nermeen :smile: <br/> <br/> <br/> <br/>Go to add/remove programs in controlpanel, and remove: <br/>[color=black>[b]MP4P]and<B> AskSearch.[/b][/color] <br/> <br/> <br/> <br/>"MP4P Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads." <br/> <br/> <br/> <br/>AskSearch is classified as malware, spyware, adware, or other potentially unwanted software. <br/> <br/>Reboot, post new hijackthis log and tell if you have any problems with your computer ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/22/2009 7:42 PM
#76377
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
thanks for your reply <br/>i will easily uninstall mp4 player ,but it is not the case with ask search.simply i can not get rid of if .when i try to uninstall it i receive an error message.i is not the first time i can only remove it when i use a new windows.what should i do.moreover i have a lot of spywares on the computer which are really difficult to delete.thanks
Posted 8/23/2009 3:43 AM
#76388
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. <br/> <br/> <br/> <br/> <br/> <br/><SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Download <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">This<SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> program.<SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">and save<SPAN class=apple-converted-space><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">it on the desktop. Then double click on it<SPAN class=apple-converted-space><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">(Fix_download.exe). <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">You may have to allow the program to download files<SPAN class=apple-converted-space><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">from the web!<SPAN class=apple-converted-space><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/> <br/><SPAN class=apple-style-span>The program download the necessary cleaning programs. Once the program<SPAN class=apple-converted-space> <br/><SPAN class=apple-style-span>is downloaded, there will be a folder on your desktop named<SPAN class=apple-converted-space> <br/><SPAN class=apple-style-span>Fix.<SPAN style="mso-spacerun: yes"> – if the instructions not automatically opens, so<SPAN class=apple-converted-space> <br/><SPAN class=apple-style-span>double-click "FIX_manual.htm" in Fix folder.<SPAN class=apple-converted-space> <br/> <br/><SPAN class=apple-style-span>Please follow the instructions and copy the logs here, <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">in this Topic.<SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <SPAN class=apple-style-span><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Note <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">: <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Fix_download.exe<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">is detected by some antivirus programs<SPAN style="mso-spacerun: yes"> as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">If necessary, <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt">temporarily disable your anti-virus, real-time protection before downloading<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial"> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN style="COLOR: #333333; mso-ansi-language: EN"><o:p></o:p> <br/> <br/><SPAN lang=EN style="COLOR: black">Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer. <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 3:53 AM
#76391
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
thanks for your help <br/> <br/>i am sorry to have to tell you that i downloaded this programe and it was infected with win32 trojan _gen(other) so is the system volume information,according to the scan by avast.it didnt even work ,when i tried i got an error message.what happened did it got infected the second it entered the computer???
Posted 8/23/2009 4:53 AM
#76397
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Seems your computer are pretty much messed up. <br/> <br/> <br/>We´ll try this scanner then -> <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">Please download DDS: http://download.bleepingcomputer.com/sUBs/dds.scr <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> to your Desktop and doubleclick on DDs.scr to run it. <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">If your security software includes script blocking features, please disable these before you run this utility. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">When the scan has finished, two logs will open. <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">Copy and paste both reports in this topic. <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'">The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'"> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'"><SPAN lang=EN style="COLOR: black">Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer. <o:p></o:p> <br/> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 5:11 AM
#76400
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
okay there are the logs . <br/> <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/> <br/>DDS (Ver_09-07-30.01) <br/> <br/>Microsoft Windows XP Professional <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 23/08/2009 04:13:13 ص <br/>System Uptime: 23/08/2009 05:44:58 ص (3 hours ago) <br/> <br/>Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2C <br/>Processor: Intel(R) Celeron(R) D CPU 3.06GHz | Socket 775 | 3067/133mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>C: is FIXED (NTFS) - 20 GiB total, 16.819 GiB free. <br/>D: is FIXED (NTFS) - 95 GiB total, 4.376 GiB free. <br/>E: is FIXED (NTFS) - 95 GiB total, 21.955 GiB free. <br/>F: is FIXED (NTFS) - 88 GiB total, 82.29 GiB free. <br/>G: is CDROM () <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>==== System Restore Points =================== <br/> <br/>RP1: 23/08/2009 04:15:13 ص - Installed Windows Media Player 11 <br/>RP2: 23/08/2009 04:15:55 ص - Installed Windows XP Wudf01000. <br/>RP3: 23/08/2009 04:17:53 ص - Installed Browser Configuration Utility <br/>RP4: 23/08/2009 04:20:30 ص - Installed Windows XP KB888111WXPSP2. <br/>RP5: 23/08/2009 04:20:57 ص - Installed Realtek High Definition Audio Driver <br/>RP6: 23/08/2009 04:24:38 ص - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver <br/>RP7: 23/08/2009 04:26:57 ص - Installed COWON Media Center - jetAudio Plus VX <br/>RP8: 23/08/2009 04:31:30 ص - Installed SUPERAntiSpyware Free Edition <br/> <br/>==== Installed Programs ====================== <br/> <br/>Adobe Flash Player 10 Plugin <br/>AlienGUIse Theme Manager <br/>Anti Netcut 2 <br/>avast! Antivirus <br/>Browser Configuration Utility <br/>COWON Media Center - jetAudio Plus VX <br/>High Definition Audio Driver Package - KB888111 <br/>Hotfix for Windows XP (KB896344) <br/>Intel(R) Graphics Media Accelerator Driver <br/>Microsoft Choice Guard <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) <br/>Microsoft Visual C++ 2005 Redistributable <br/>Mozilla Firefox (3.5.2) <br/>REALTEK GbE & FE Ethernet PCI-E NIC Driver <br/>Realtek High Definition Audio Driver <br/>Replay Media Catcher 3.02 <br/>ScanSpyware v3.7 <br/>Security Update for Windows Media Player (KB911564) <br/>Security Update for Windows XP (KB901017) <br/>Security Update for Windows XP (KB911927) <br/>SUPERAntiSpyware Free Edition <br/>WebFldrs XP <br/>Windows Media Format 11 runtime <br/>Windows Media Player 11 <br/>Windows XP Hotfix - KB887797 <br/>Windows XP Hotfix - KB892489 <br/>Yahoo! Messenger <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>23/08/2009 04:14:57 ص, information: Windows File Protection [64032] - Windows File Protection is not active on this system. <br/> <br/>==== End Of File =========================== <br/> <br/>DDS (Ver_09-07-30.01) - NTFSx86 <br/>Run by Administrator at 8:02:53.36 on Sun 08/23/2009 <br/>Internet Explorer: 6.0.2900.2180 <br/>Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1013.191 [GMT 3:00] <br/> <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>svchost.exe <br/>svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\Program Files\AlienGUIse\wbload.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\igfxtray.exe <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\WINDOWS\system32\igfxsrvc.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Internet Download Manager\IDMan.exe <br/>C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\Program Files\Internet Download Manager\IEMonitor.exe <br/>C:\Program Files\Anti Netcut\Anti NetCut.exe <br/>E:\Install\برامج مهمة\very important\wlsetup-custom.exe <br/>C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>D:\GAMES\silk road\Silkroad Arabic\sro_client.exe <br/>D:\GAMES\silk road\Silkroad Arabic\sro_client.exe <br/>C:\Program Files\JetAudio\JetAudio.exe <br/>D:\GAMES\silk road\Silkroad Arabic\New Folder (2).exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Alwil Software\Avast4\setup\avast.setup <br/>C:\Documents and Settings\Administrator\Desktop\ssss.scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = about:blank <br/>uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll <br/>mWinlogon: SfcDisable=-99 (0xffffff9d) <br/>BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll <br/>uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe <br/>uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot <br/>uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe <br/>uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet <br/>mRun: [IgfxTray] c:\windows\system32\igfxtray.exe <br/>mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe <br/>mRun: [Persistence] c:\windows\system32\igfxpers.exe <br/>mRun: [RTHDCPL] RTHDCPL.EXE <br/>mRun: [Alcmtr] ALCMTR.EXE <br/>mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe <br/>mRun: [antinetcut2] c:\program files\anti netcut\Anti NetCut.exe <br/>dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE <br/>dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" <br/>dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe <br/>StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\alienw~1.lnk - c:\program files\alienguise\alienwaredock\ObjectDock.exe <br/>uPolicies-explorer: NoSMHelp = 1 (0x1) <br/>uPolicies-explorer: NoResolveTrack = 1 (0x1) <br/>uPolicies-explorer: NoInstrumentation = 1 (0x1) <br/>dPolicies-explorer: NoSMHelp = 1 (0x1) <br/>dPolicies-explorer: NoResolveTrack = 1 (0x1) <br/>dPolicies-explorer: NoInstrumentation = 1 (0x1) <br/>IE: Download with IDM - e:\install\new folder\idm9\IEExt.htm <br/>IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\IEGetAll.htm <br/>IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\IEExt.htm <br/>IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\IEGetVL.htm <br/>Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll <br/>Notify: igfxcui - igfxdev.dll <br/>Notify: WB - c:\program files\alienguise\fastload.dll <br/>AppInit_DLLs: wbsys.dll <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/>SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL <br/> <br/>================= FIREFOX =================== <br/> <br/>FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\yee0ff2l.default\ <br/>FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll <br/> <br/>---- FIREFOX POLICIES ---- <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); <br/>c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); <br/>c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-23 78416] <br/>R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968] <br/>R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-23 20560] <br/>R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-23 147640] <br/>R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-23 250040] <br/>R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-23 348344] <br/>R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2009-08-23 07:07 3,072 a------- c:\windows\system32\drivers\audstub.sys <br/>2009-08-23 07:06 57,472 a------- c:\windows\system32\drivers\redbook.sys <br/>2009-08-23 07:05 74,240 a------- c:\windows\system32\usbui.dll <br/>2009-08-23 07:04 <DIR> --d----- c:\program files\common files\ODBC <br/>2009-08-23 07:03 5,632 a----r-- c:\windows\system32\kbdheb.dll <br/>2009-08-23 07:03 <DIR> --d--r-- c:\documents and settings\all users\Documents <br/>2009-08-23 07:02 <DIR> --d----- c:\windows\system32\CatRoot2 <br/>2009-08-23 07:02 <DIR> --d----- c:\windows\system32\CatRoot <br/>2009-08-23 07:02 <DIR> --d----- C:\Documents and Settings <br/>2009-08-23 07:01 1,735 a------- c:\windows\system32\$winnt$.inf <br/>2009-08-23 06:50 <DIR> --d----- c:\program files\Microsoft <br/>2009-08-23 06:40 <DIR> --d----- c:\program files\common files\Windows Live <br/>2009-08-23 05:31 <DIR> --d----- c:\program files\common files\DVDVideoSoft <br/>2009-08-23 05:28 <DIR> --d----- c:\program files\KB823980Scan <br/>2009-08-23 05:23 <DIR> --d----- c:\program files\Anti Netcut <br/>2009-08-23 04:41 <DIR> --d----- c:\program files\Replay Media Catcher <br/>2009-08-23 04:38 <DIR> --d----- c:\program files\common files\Stardock <br/>2009-08-23 04:38 <DIR> --d----- c:\program files\AlienGUIse <br/>2009-08-23 04:36 <DIR> --d----- c:\program files\ScanSpyware v3.7 <br/>2009-08-23 04:35 <DIR> --d----- c:\program files\Internet Download Manager <br/>2009-08-23 04:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com <br/>2009-08-23 04:31 <DIR> --d----- c:\program files\SUPERAntiSpyware <br/>2009-08-23 04:31 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com <br/>2009-08-23 04:31 <DIR> --d----- c:\program files\common files\Wise Installation Wizard <br/>2009-08-23 04:30 <DIR> --d----- c:\program files\Yahoo! <br/>2009-08-23 04:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\IDM <br/>2009-08-23 04:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\DMCache <br/>2009-08-23 04:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\COWON <br/>2009-08-23 04:26 <DIR> --d----- c:\program files\JetAudio <br/>2009-08-23 04:26 <DIR> --d----- c:\program files\common files\COWON <br/>2009-08-23 04:21 <DIR> --d----- c:\program files\Realtek <br/>2009-08-23 04:17 <DIR> --d----- c:\program files\Browser Configuration Utility <br/>2009-08-23 04:15 <DIR> --dsh--- c:\documents and settings\all users\DRM <br/>2009-08-23 04:11 <DIR> --d-h--- c:\program files\WindowsUpdate <br/>2009-08-23 04:11 <DIR> --d----- c:\program files\Online Services <br/>2009-08-23 04:10 <DIR> --d----- c:\program files\common files\MSSoap <br/>2009-08-23 04:08 <DIR> --d----- c:\program files\Windows NT <br/> <br/>==================== Find3M ==================== <br/> <br/>2009-08-23 06:43 237,568 a------- c:\windows\system32\rmc_rtspdl.dll <br/>2009-08-23 06:43 156,672 a------- c:\windows\system32\rmc_fixasf.exe <br/>2009-08-23 06:43 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL <br/>2009-08-23 05:23 286,720 -------- c:\windows\Setup1.exe <br/>2009-08-23 05:23 73,216 a------- c:\windows\ST6UNST.EXE <br/>2009-08-23 04:25 16,608 a------- c:\windows\gdrv.sys <br/>2009-08-23 04:09 21,640 a------- c:\windows\system32\emptyregdb.dat <br/>2006-09-16 16:20 1,880,140 a------- c:\program files\Anti NetCut.CAB <br/>2006-09-16 16:20 3,808 a------- c:\program files\SETUP.LST <br/>1998-06-18 00:00 140,800 a------- c:\program files\setup.exe <br/> <br/>============= FINISH: 8:03:15.84 =============== <br/> i hope that is what you need ,thanks
Posted 8/23/2009 5:29 AM
#76403
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
It is. <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please download combofix here -><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Now, please make sure no other programs are running, close all other windows.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/>Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. <br/>Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. <br/>It may take a while to complete scanning and this is normal. <br/> <br/>You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after <br/>scanning has completed. <br/> <br/>Combofix will create a logfile and display it after your computer has rebooted. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Usually located in c:\combofix.txt, please post it to your next reply<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 6:11 AM
#76408
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
it seems like a very powerful programe can you please tell me what do you suspect.
Posted 8/23/2009 6:33 AM
#76409
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Infections

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 12:09 PM
#76413
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
hello again , <br/> <br/>can you please have a look at this it may be the problem. <br/> <br/> <br/> <br/>Application Information <br/> <br/>======================= <br/> <br/> <br/> <br/>Application Version: ScanSpyware v3.7 build 3.7.0.8 <br/> <br/>Original Database: pests08-03-04.db <br/> <br/>Updated Database: pests08-03-04.db <br/> <br/>Current Date: Sunday, August 23, 2009 02:04:30 PM <br/> <br/>__________________________________________________ <br/> <br/> <br/> <br/>Directories recognized: <br/> <br/>======================= <br/> <br/> <br/> <br/>__________________________________________________ <br/> <br/> <br/> <br/>Files recognized: <br/> <br/>================= <br/> <br/> <br/> <br/>[Gain.Gator] <br/> <br/>C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe <br/> <br/> <br/> <br/>[MySearch] <br/> <br/>C:\WINDOWS\SET4.tmp <br/> <br/> <br/> <br/>__________________________________________________ <br/> <br/> <br/> <br/>Registry keys recognized: <br/> <br/>========================= <br/> <br/> <br/> <br/>[C-Dilla] <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\C07ft5Y <br/> <br/> <br/> <br/>[MyWebSearch] <br/> <br/>HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} <br/> <br/> <br/> <br/>[MyWebSearch] <br/> <br/>HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} <br/> <br/> <br/> <br/>[Download Accelerator Plus] <br/> <br/>HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ftp <br/> <br/> <br/> <br/>[Download Accelerator Plus] <br/> <br/>HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http <br/> <br/> <br/> <br/>__________________________________________________ <br/> <br/> <br/> <br/>Registry values recognized: <br/> <br/>=========================== <br/> <br/> <br/> <br/>__________________________________________________ <br/> <br/> <br/> <br/>Cookies recognized: <br/> <br/>=================== <br/> <br/> <br/> <br/>__________________________________________________
Posted 8/24/2009 2:24 AM
#76432
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
No. I don´t trust ScanSpyware program as it is a Rogue program. <br/> <br/> <br/> <br/> <br/>Still waiting for a combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/27/2009 3:20 AM
#76549
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
hello <br/>i don not know why you stopped answering but thanks any way with your help i had most of my problems solved except for one thing .in each scan i perform scan the antivirus detects a trojan horse on the system volume information restore . obviously it can not be deleted by the normal scan because i notice it every time .can you please tell me how dangerous it is and how can i remove it . <br/>thanks again <br/>waiting for your reply
Posted 8/27/2009 3:27 AM
#76550
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I DO NOT stopped answering, as I mention in my last reply, am I waiting for you to post a combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/27/2009 3:36 AM
#76551
User avatar

nermeen Member

Date Joined Nov 2016
Total Posts: 8
i am sorry i did not see it before,i will send you the log as soon as i have it. <br/>thanks <br/> <br/> <br/>by the way what does rogue program means
Posted 8/27/2009 4:30 AM
#76553
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
No problem. <br/> <br/>It means -> unreliable, untrustworthy

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 1:15 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.