My Anti Spyware
News, Free Programs, Online Scanners, Tutorials
Post your problems with Spyware, Hijackers, Trojans...
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister     ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Windows Explorer closes by itself.

 
Post new topic   Reply to topic    My Anti Spyware Forum Index -> Spyware Removal
View previous topic :: View next topic  
Author Message
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Mon Jun 09, 2008 11:48 am    Post subject: Windows Explorer closes by itself. Reply with quote
Today it suddenly started to happen.I dont know what is wrong but my explore gets close down by itself.That is no icons appear on the desktop,it juat appears blank.Any help would be appreciated.

Here is the log.
Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:50, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\mswinexe.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\CRICKET\FRAPS\FRAPS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\Explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\mswinexe.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\system32\mswinexe.exe",
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Fraps] D:\CRICKET\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [WindowsExplorer] C:\WINDOWS\system32\mswinexe.exe
O4 - HKCU\..\Policies\Explorer\Run: [update.exe] C:\Windows\explorer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Add to &LinkFox - res://F:\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36922064-1032-4511-9ED1-D24226C959E7}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB668C02-A371-44D1-9253-869420148C60}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Program%20Files/CricketBar/skins/cricbanner.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/PAVANS~1.BHA/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 6140 bytes
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Mon Jun 09, 2008 9:32 pm    Post subject: Reply with quote
Hello Pavanbharadwaj, welcome to the forum!

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:
Quote:
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\mswinexe.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\system32\mswinexe.exe",
O4 - HKCU\..\Policies\Explorer\Run: [WindowsExplorer] C:\WINDOWS\system32\mswinexe.exe
O4 - HKCU\..\Policies\Explorer\Run: [update.exe] C:\Windows\explorer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe


Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Reboot your computer.

Download combofix. Double click on combofix.exe and follow the prompts.

Post a fresh HijackThis log + a combofix log with your reply.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Tue Jun 10, 2008 11:36 am    Post subject: Reply with quote
Thanks for your reply.I have done everything you said and here are the log files.

Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:26, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mswinexe.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\CRICKET\FRAPS\FRAPS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\mswinexe.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\system32\mswinexe.exe",
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Fraps] D:\CRICKET\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [WindowsExplorer] C:\WINDOWS\system32\mswinexe.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Add to &LinkFox - res://F:\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36922064-1032-4511-9ED1-D24226C959E7}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB668C02-A371-44D1-9253-869420148C60}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6977 bytes


log.txt
 Description:
Combofix log

Download
 Filename:  log.txt
 Filesize:  21.34 KB
 Downloaded:  112 Time(s)
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Wed Jun 11, 2008 9:19 am    Post subject: Reply with quote
Run HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:
Quote:
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\mswinexe.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\system32\mswinexe.exe",
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)


Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open notepad, copy/paste the text in the quote box below into notepad:

Quote:
KillAll::

Folder::
C:\WINDOWS\cnQ
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\izo
C:\WINDOWS\system32\abD

File::
C:\WINDOWS\system32\EraserAHS.tlg
C:\w3dn9f.bat
C:\uqb0julr.bat
C:\WINDOWS\system32\vbzip10.dll
C:\ka1nk.bat
C:\qjatw9aj.exe
C:\qpe6.com
C:\x.bat
C:\imt8.cmd
C:\930jn.bat
C:\mka.bat
C:\8386nac.com
C:\WINDOWS\system32\mswinexe.exe
C:\0.com
C:\1.bat
C:\h8i.com
C:\dp.cmd
C:\x1dg.exe
C:\bqk.bat
C:\vt6e.cmd
C:\WINDOWS\system32\qoMfeefe.dll
C:\WINDOWS\system32\cbXRiiJd.dll
C:\WINDOWS\system32\nnnlLcAT.dll
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\WindowsUpdates.exe
H:\autoinst.exe
H:\6qe.com
C:\DOCUME~1\PAVANS~1.BHA\LOCALS~1\Temp\nya.exe
C:\WINDOWS\system32\winlogin.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\Browser Helper Objects\{05CE0DA9-BFC0-402D-9709-FD473D0504B3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\Browser Helper Objects\{1B0EDB73-AE42-49BC-A166-F13CA20E2DCF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\Browser Helper Objects\{ABEE2D45-DA92-4FA1-B29B-3BDEEC5BA1E5}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WindowsExplorer"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04821b96-6516-11dc-8966-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{526bad14-5576-11dc-b35b-0016768d63c4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{036309A2-B046-F842-0406-040204020301}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{166F04A4-5557-2C79-0107-070001030602}]



Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Post a combofix log and a fresh HijackThis log with your reply
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Wed Jun 11, 2008 11:54 am    Post subject: Reply with quote
Here are the logs.Thanks for helping.

Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:41, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C98577A9-A280-4495-86FB-7A52FA986340} - C:\WINDOWS\system32\nnnlLcAT.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36922064-1032-4511-9ED1-D24226C959E7}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB668C02-A371-44D1-9253-869420148C60}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 7130 bytes


log.txt
 Description:
Combofix log.

Download
 Filename:  log.txt
 Filesize:  18.58 KB
 Downloaded:  123 Time(s)
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Wed Jun 11, 2008 11:04 pm    Post subject: Reply with quote
Looks more clean Smile

Run HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:
Quote:
O2 - BHO: (no name) - {C98577A9-A280-4495-86FB-7A52FA986340} - C:\WINDOWS\system32\nnnlLcAT.dll (file missing)
O8 - Extra context menu item: &Search - ?p=ZNfox000
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)


Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open notepad, copy/paste the text in the quote box below into notepad:
Quote:
File::
C:\WINDOWS\system32\qoMfeefe.dll_old
C:\2jqj.bat


Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe.

Make a fresh HijackThis log.

Post a HijackThis log + a combofix log with your answer.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Thu Jun 12, 2008 8:41 am    Post subject: Reply with quote
Thanks for your help.Everything looks alright now.

Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:31, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36922064-1032-4511-9ED1-D24226C959E7}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB668C02-A371-44D1-9253-869420148C60}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6651 bytes


log.txt
 Description:
Combofix log.

Download
 Filename:  log.txt
 Filesize:  15.03 KB
 Downloaded:  100 Time(s)
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Thu Jun 12, 2008 9:22 am    Post subject: Reply with quote
Logs are ok, but in your last log i have found new spyware entry. Its strange.

Fix it:
Open notepad, copy/paste the text in the quote box below into notepad:
Quote:
File::
C:\WINDOWS\system32\kavo.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]


Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe.

Also download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.
Double click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post both dss logs + combofix log with your answer.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Thu Jun 12, 2008 9:51 am    Post subject: Reply with quote
I noticed that kavo a few days ago.It was posting some error at start up.Hope its fixed now.

extra.txt
 Description:
DSS extra log.

Download
 Filename:  extra.txt
 Filesize:  22.22 KB
 Downloaded:  117 Time(s)
main.txt
 Description:
DSS main log

Download
 Filename:  main.txt
 Filesize:  22.54 KB
 Downloaded:  111 Time(s)
log.txt
 Description:
Combo fix log.

Download
 Filename:  log.txt
 Filesize:  15.03 KB
 Downloaded:  102 Time(s)
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Fri Jun 13, 2008 2:56 am    Post subject: Reply with quote
ok, just checked dss logs, please fix one entry:

Open notepad, copy/paste the text in the quote box below into notepad:
Quote:
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run\AutorunsDisabled]


Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe.

Post a combofix log + a fresh dss log with your reply.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Fri Jun 13, 2008 3:43 am    Post subject: Reply with quote
Tahank you so much for your help.

main.txt
 Description:
dss log

Download
 Filename:  main.txt
 Filesize:  17.51 KB
 Downloaded:  99 Time(s)
log.txt
 Description:
combofix log

Download
 Filename:  log.txt
 Filesize:  14.97 KB
 Downloaded:  104 Time(s)
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Fri Jun 13, 2008 10:40 pm    Post subject: Reply with quote
Good news, both logs are ok Smile

Your java is out date, please update here.
Quote:
Download a fresh installer. Go to Start > Settings > Control Panel double-click on Add/Remove programs and remove older version of Java (J2SE Runtime Environment).
Click the Remove or Change/Remove button.
Reboot your computer once all Java components are removed.
Run fresh java installation file.


Uninstall combofix.

Make a new restore point.
Quote:
Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.


Check your antivirus/antispyware auto protection, enable if need (some spyware/trojans can disable autoprotection)
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
pavanbharadwaj



Joined: 09 Jun 2008
Posts: 7
PostPosted: Sat Jun 14, 2008 4:02 am    Post subject: Reply with quote
Thank you for all your help.It helped me so much.
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Sun Jun 15, 2008 1:10 am    Post subject: Reply with quote
Glad to help your Smile
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    My Anti Spyware Forum Index -> Spyware Removal All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
phpBB SEO