The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Why i cannot log in to my facebook

Posted 4/19/2010 9:10 AM
#85136
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
i have problem concern about facebook...
i cannot log in into my account...
when i log in, and this link will appear...
https://chips01.justfree.com/croft.php?charset_test=%E2%82%AC%2C%C2%B4%2C%EF%BF%BD%2C%EF%BF%BD%2C%3F%2C%3F%2C%3F&locale=en_US&non_com_login=&email=paulz_garu%40yahoo.com&pass=101194&charset_test=%E2%82%AC%2C%C2%B4%2C%EF%BF%BD%2C%EF%BF%BD%2C%3F%2C%3F%2C%3F&lsd=BCZUb
please someone help me....
Posted 4/19/2010 11:22 AM
#85139
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello and welcome to BG.








Please follow this guide:

Before-posting-a-log


Follow the instructions and copy the logs here, in this Topic.



Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/19/2010 4:51 PM
#85143
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
it seems take time for me...
any other option??
i think it the error came when i download botpoker zyga...
can you tell me how to get rid the trouble so i can log in to my facebook...
Posted 4/19/2010 5:34 PM
#85146
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
doesn't have another option???
Posted 4/19/2010 5:36 PM
#85147
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
it take long time to scan.... like 6-8 hours....
Posted 4/20/2010 5:17 AM
#85161
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
ok its done...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:22 PM, on 20/4/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\compaq\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\New Folder (3)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 79.106.2.131 localhost
O1 - Hosts: 79.106.2.131 facebook.com
O1 - Hosts: 79.106.2.131 www.facebook.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Join Air\UIExec.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Google Update] "C:\Users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E645F73D-6BA2-4491-8841-5BBED39491B6}: NameServer = 203.82.64.67 203.82.64.41
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6787 bytes
Posted 4/20/2010 5:18 AM
#85162
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4006

Windows 6.0.6000
Internet Explorer 7.0.6000.16890

20/4/2010 1:50:02 AM
mbam-log-2010-04-20 (01-50-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 202698
Time elapsed: 4 hour(s), 8 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\ClonySoft\Vista x86 OneClick Activator\VistaActivationCrackSetup.exe (Worm.VB) -> Quarantined and deleted successfully.
C:\Users\compaq\Contacts\Pictures\Documents\Downloads\Zynga_Poker (1).exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\compaq\Contacts\Pictures\Documents\Downloads\Zynga_Poker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\GENERALS\New Folder (5)\New Folder (3)\New Folder\pack1\No$GBA with Extras\2 Extras\7 Bonus\fr-041_debris.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\GENERALS\New Folder (5)\New Folder (3)\New Folder\pack1\No$GBA with Extras\2 Extras\7 Bonus\fr-048_precison.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\GENERALS\hints_files\Cheat Engine\Systemcallretriever.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Posted 4/20/2010 5:19 AM
#85163
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
DDS (Ver_10-03-17.01) - NTFSx86
Run by compaq at 12:14:15.64 on Tue 20/04/2010
Internet Explorer: 7.0.6000.16890
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.60.1033.18.501.85 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\compaq\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\compaq\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Searchme Toolbar: {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [Google Update] "c:\users\compaq\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SM?RT-Protection] c:\program files\smadav\SM?RTP.exe rtp
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [UIExec] "c:\program files\join air\UIExec.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Hosts: 79.106.2.131 localhost
Hosts: 79.106.2.131 facebook.com
Hosts: 79.106.2.131 www.facebook.com
================= FIREFOX ===================

FF - ProfilePath - c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\eiafoegi.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\users\compaq\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-19 60936]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-3-5 240128]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-4-15 9216]

=============== Created Last 30 ================

2010-04-19 13:31:54 0 d-----w- c:\users\compaq\appdata\roaming\Malwarebytes
2010-04-19 13:31:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 13:31:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 13:31:18 0 d-----w- c:\programdata\Malwarebytes
2010-04-19 13:31:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 13:03:18 0 d-----w- c:\programdata\Yahoo! Companion
2010-04-19 13:01:20 0 d-----w- c:\program files\Yahoo!
2010-04-19 05:59:06 0 d-----w- c:\users\compaq\appdata\roaming\Avira
2010-04-19 05:56:20 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 05:56:12 0 d-----w- c:\program files\Avira
2010-04-19 04:30:43 0 d-----w- c:\users\compaq\appdata\roaming\Sammsoft
2010-04-19 04:29:31 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-04-19 03:19:47 0 d-----w- c:\program files\TrendMicro
2010-04-18 08:48:07 0 d-----w- c:\program files\Smadav
2010-04-18 08:46:53 0 d-sh--w- C:\[Smad-Cage]
2010-04-18 08:14:49 0 d-sh--r- c:\users\compaq\appdata\roaming\system32
2010-04-16 02:55:50 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-16 02:55:01 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-04-16 02:54:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-16 02:54:06 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-15 08:57:32 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-04-15 08:57:32 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-04-15 08:57:32 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-04-15 08:57:32 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-04-15 08:57:04 0 d-----w- c:\windows\system32\SupportAppCB
2010-04-15 08:57:03 0 d-----w- c:\program files\Join Air

==================== Find3M ====================

2010-04-15 08:58:08 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-15 08:58:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-15 08:58:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-30 07:17:02 720896 ----a-w- c:\windows\iun6002ev.exe
2010-02-24 02:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-09-13 01:48:38 174 --sha-w- c:\program files\desktop.ini
2009-08-25 20:30:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-17 04:36:31 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-17 04:36:31 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-17 04:36:31 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 12:16:43.17 ===============
Posted 4/20/2010 5:20 AM
#85164
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 5/3/2008 3:16:16 PM
System Uptime: 20/4/2010 12:07:37 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30D9
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | CPU | 800/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 33.871 GiB free.
D: is FIXED (NTFS) - 56 GiB total, 33.769 GiB free.
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Advanced Registry Optimizer
Alkitab Elektronik
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
CCleaner
CyberLink YouCam
Declan's Korean Dictionary v1.2
Diablo - Hellfire
GOM Player
Google Chrome
HDAUDIO Soft Data Fax Modem with SmartCP
HP Quick Launch Buttons 6.30 C2
Intel(R) Graphics Media Accelerator Driver
Join Air
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Nero 7 Ultra Edition
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
PowerDVD
Pro Evolution Soccer 6
Searchme Toolbar
StarCraft - Broodwar
Stronghold Crusader
Touch Pad Driver
Vista x86 OneClick Activator
WarCraft II
Winamp (remove only)
WinRAR archiver
WinZip
Yahoo! Toolbar
YouTube Downloader 2.5.3

==== End Of File ===========================
Posted 4/20/2010 5:21 AM
#85165
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
its done...
what should i do now???
Posted 4/20/2010 11:36 AM
#85166
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Good :smile:





Please download combofix: Here

Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.





Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.

There are details for disabling many programmes: Here






Now, please make sure no other programs are running, close all other windows.


Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply



The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/20/2010 12:28 PM
#85170
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
ComboFix 10-04-19.05 - compaq 20/04/2010 20:00:32.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.60.1033.18.501.118 [GMT 8:00]
Running from: c:\users\compaq\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\users\compaq\AppData\Roaming\system32
c:\users\compaq\AppData\Roaming\system32\logs.dat

.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 12:13 . 2010-04-20 12:14 -------- d-----w- c:\users\compaq\AppData\Local\temp
2010-04-20 12:13 . 2010-04-20 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 11:53 . 2010-04-20 11:56 -------- d-----w- C:\32788R22FWJFW
2010-04-20 04:47 . 2010-04-20 04:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 04:45 . 2010-04-20 04:45 -------- d-----w- c:\program files\Java
2010-04-19 13:31 . 2010-04-19 13:31 -------- d-----w- c:\users\compaq\AppData\Roaming\Malwarebytes
2010-04-19 13:31 . 2010-03-29 16:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 13:31 . 2010-04-19 13:31 -------- d-----w- c:\programdata\Malwarebytes
2010-04-19 13:31 . 2010-03-29 16:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 13:31 . 2010-04-19 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 13:03 . 2010-04-19 13:03 -------- d-----w- c:\users\compaq\AppData\Roaming\Yahoo!
2010-04-19 13:03 . 2010-04-19 13:03 -------- d-----w- c:\programdata\Yahoo! Companion
2010-04-19 13:01 . 2010-04-19 13:04 -------- d-----w- c:\program files\Yahoo!
2010-04-19 05:59 . 2010-04-19 05:59 -------- d-----w- c:\users\compaq\AppData\Roaming\Avira
2010-04-19 05:56 . 2010-03-01 01:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-19 05:56 . 2010-02-16 05:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-19 05:56 . 2009-05-11 03:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-19 05:56 . 2009-05-11 03:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-19 05:56 . 2010-04-19 05:56 -------- d-----w- c:\program files\Avira
2010-04-19 04:30 . 2010-04-19 04:30 -------- d-----w- c:\users\compaq\AppData\Roaming\Sammsoft
2010-04-19 04:29 . 2010-04-19 05:01 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-04-19 03:19 . 2010-04-19 03:19 -------- d-----w- c:\program files\TrendMicro
2010-04-18 08:48 . 2010-04-19 08:32 -------- d-----w- c:\program files\Smadav
2010-04-18 08:46 . 2010-04-18 10:56 -------- d-----w- C:\[Smad-Cage]
2010-04-16 02:55 . 2010-04-16 02:55 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-04-16 02:55 . 2010-04-16 02:55 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-16 02:55 . 2010-04-16 02:55 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-16 02:55 . 2010-04-16 02:55 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-04-16 02:55 . 2010-04-16 02:55 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-04-16 02:55 . 2010-04-16 02:55 35552 ----a-w- c:\windows\system32\wups.dll
2010-04-16 02:55 . 2010-04-16 02:55 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-04-16 02:54 . 2010-04-16 02:54 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-16 02:54 . 2010-04-16 02:54 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-15 08:57 . 2010-01-18 03:21 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-04-15 08:57 . 2010-01-18 03:21 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-04-15 08:57 . 2010-01-18 03:21 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-04-15 08:57 . 2010-01-18 03:20 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-04-15 08:57 . 2010-04-15 08:57 -------- d-----w- c:\windows\system32\SupportAppCB
2010-04-15 08:57 . 2010-04-15 08:59 -------- d-----w- c:\program files\Join Air

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 04:49 . 2009-07-29 13:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 05:56 . 2008-03-05 07:48 -------- d-----w- c:\programdata\Avira
2010-04-15 08:57 . 2008-03-05 11:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 07:17 . 2009-01-07 12:09 720896 ----a-w- c:\windows\iun6002ev.exe
2010-03-02 02:41 . 2010-03-02 02:41 -------- d-----w- c:\program files\Declan's Korean Dictionary
2010-03-01 15:32 . 2009-10-30 08:15 -------- d-----w- c:\program files\Opera 10.10 Beta
2010-02-24 02:16 . 2009-10-06 06:08 181632 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2006-11-02 271360]

[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Google Update"="c:\users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-08-15 1006264]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-08-03 196608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2010-02-10 133120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-3-5 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-03-05 240128]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2010-02-10 247296]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-18 9216]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637298864-2404296480-3153837003-1000Core.job
- c:\users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-16 10:16]

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-637298864-2404296480-3153837003-1000UA.job
- c:\users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-16 10:16]
.
.
Posted 4/20/2010 12:28 PM
#85171
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\eiafoegi.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\compaq\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-04-20 20:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-20 20:20:16
ComboFix-quarantined-files.txt 2010-04-20 12:20

Pre-Run: 35,678,195,712 bytes free
Post-Run: 35,935,817,728 bytes free

- - End Of File - - 4B36B6AB9886C82EC74B723CCE509783
Posted 4/20/2010 12:29 PM
#85172
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
its done...
tq for helping...
what should i do now???
Posted 4/20/2010 3:04 PM
#85178
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
THE NEXT STEP??
Posted 4/20/2010 5:38 PM
#85182
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
touch...
how about mine???
what should i do now???
Posted 4/21/2010 1:47 AM
#85184
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Easy now. I do it in my sparetime, and you don´t get a bill. If you are so impatient I´ll suggest you find another forum. Otherwise I´ll look to it asap.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/21/2010 3:13 AM
#85189
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
sorry...
you may have your time...
please help me ok....
Posted 4/21/2010 6:44 AM
#85193
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok :smile:



Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop








Killall::
Snapshot::
DDS::
uStart Page = about:blank
Hosts::
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]
SecCenter::
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.





User image



Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.





Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply, and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/21/2010 8:39 AM
#85196
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
i have done it...
but i cannot find the log file...
how is that???
and 1 more thing... i can log in to my facebook after that...
does i need to run combofix again???
or what need i do next??
tahnk you for helping me...
Posted 4/21/2010 8:44 AM
#85197
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
i'm sorry.... i try to find the logfile hardly and i manage to get it...

this the logfile...
ComboFix 10-04-19.05 - compaq 21/04/2010 15:55:02.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.60.1033.18.501.122 [GMT 8:00]
Running from: C:\Users\compaq\Desktop\ComboFix.exe
Command switches used :: C:\Users\compaq\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 08:08:18 . 2010-04-21 08:14:12 -------- d-----w- C:\Users\compaq\AppData\Local\temp
2010-04-21 08:08:18 . 2010-04-21 08:08:18 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-04-21 08:08:18 . 2010-04-21 08:08:18 -------- d-----w- C:\Users\Desktop\AppData\Local\temp
2010-04-21 08:08:18 . 2010-04-21 08:08:18 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-04-21 07:50:38 . 2010-04-21 07:51:33 -------- d-----w- C:\32788R22FWJFW
2010-04-20 16:37:22 . 2010-04-20 17:19:18 -------- d-----w- C:\Users\compaq\AppData\Roaming\GanymedeNet
2010-04-20 04:47:53 . 2010-04-20 04:46:13 411368 ----a-w- C:\Windows\system32\deployJava1.dll
2010-04-20 04:45:41 . 2010-04-20 04:45:41 -------- d-----w- C:\Program Files\Java
2010-04-19 13:31:54 . 2010-04-19 13:31:55 -------- d-----w- C:\Users\compaq\AppData\Roaming\Malwarebytes
2010-04-19 13:31:25 . 2010-03-29 16:46:30 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-04-19 13:31:18 . 2010-04-19 13:31:18 -------- d-----w- C:\ProgramData\Malwarebytes
2010-04-19 13:31:18 . 2010-03-29 16:45:52 20824 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-04-19 13:31:17 . 2010-04-19 13:31:38 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-19 13:03:19 . 2010-04-19 13:03:19 -------- d-----w- C:\Users\compaq\AppData\Roaming\Yahoo!
2010-04-19 13:03:18 . 2010-04-19 13:03:19 -------- d-----w- C:\ProgramData\Yahoo! Companion
2010-04-19 13:01:20 . 2010-04-19 13:04:10 -------- d-----w- C:\Program Files\Yahoo!
2010-04-19 05:59:06 . 2010-04-19 05:59:06 -------- d-----w- C:\Users\compaq\AppData\Roaming\Avira
2010-04-19 05:56:20 . 2010-03-01 01:05:24 124784 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2010-04-19 05:56:20 . 2010-02-16 05:24:01 60936 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2010-04-19 05:56:20 . 2009-05-11 03:49:28 51992 ----a-w- C:\Windows\system32\drivers\avgntdd.sys
2010-04-19 05:56:20 . 2009-05-11 03:49:28 17016 ----a-w- C:\Windows\system32\drivers\avgntmgr.sys
2010-04-19 05:56:12 . 2010-04-19 05:56:12 -------- d-----w- C:\Program Files\Avira
2010-04-19 04:30:43 . 2010-04-19 04:30:43 -------- d-----w- C:\Users\compaq\AppData\Roaming\Sammsoft
2010-04-19 04:29:31 . 2010-04-19 05:01:05 -------- d-----w- C:\Program Files\Advanced Registry Optimizer
2010-04-19 03:19:47 . 2010-04-19 03:19:47 -------- d-----w- C:\Program Files\TrendMicro
2010-04-18 08:48:07 . 2010-04-19 08:32:33 -------- d-----w- C:\Program Files\Smadav
2010-04-18 08:46:53 . 2010-04-18 10:56:02 -------- d-----w- C:\[Smad-Cage]
2010-04-16 02:55:50 . 2010-04-16 02:55:50 53472 ----a-w- C:\Windows\system32\wuauclt.exe
2010-04-16 02:55:50 . 2010-04-16 02:55:50 44768 ----a-w- C:\Windows\system32\wups2.dll
2010-04-16 02:55:50 . 2010-04-16 02:55:50 2421760 ----a-w- C:\Windows\system32\wucltux.dll
2010-04-16 02:55:50 . 2010-04-16 02:55:50 1929952 ----a-w- C:\Windows\system32\wuaueng.dll
2010-04-16 02:55:01 . 2010-04-16 02:55:01 87552 ----a-w- C:\Windows\system32\wudriver.dll
2010-04-16 02:55:01 . 2010-04-16 02:55:01 35552 ----a-w- C:\Windows\system32\wups.dll
2010-04-16 02:55:00 . 2010-04-16 02:55:00 575704 ----a-w- C:\Windows\system32\wuapi.dll
2010-04-16 02:54:06 . 2010-04-16 02:54:06 33792 ----a-w- C:\Windows\system32\wuapp.exe
2010-04-16 02:54:06 . 2010-04-16 02:54:06 171608 ----a-w- C:\Windows\system32\wuwebv.dll
2010-04-15 08:57:32 . 2010-01-18 03:21:00 9216 ----a-w- C:\Windows\system32\drivers\massfilter.sys
2010-04-15 08:57:32 . 2010-01-18 03:21:00 105088 ----a-w- C:\Windows\system32\drivers\ZTEusbnmea.sys
2010-04-15 08:57:32 . 2010-01-18 03:21:00 105088 ----a-w- C:\Windows\system32\drivers\ZTEusbmdm6k.sys
2010-04-15 08:57:32 . 2010-01-18 03:20:58 105088 ----a-w- C:\Windows\system32\drivers\ZTEusbser6k.sys
2010-04-15 08:57:04 . 2010-04-15 08:57:21 -------- d-----w- C:\Windows\system32\SupportAppCB
2010-04-15 08:57:03 . 2010-04-15 08:59:48 -------- d-----w- C:\Program Files\Join Air

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 04:49:13 . 2009-07-29 13:40:19 -------- d-----w- C:\Program Files\Common Files\Java
2010-04-19 05:56:12 . 2008-03-05 07:48:28 -------- d-----w- C:\ProgramData\Avira
2010-04-15 08:57:02 . 2008-03-05 11:16:53 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-03-30 07:17:02 . 2009-01-07 12:09:34 720896 ----a-w- C:\Windows\iun6002ev.exe
2010-03-02 02:41:34 . 2010-03-02 02:41:33 -------- d-----w- C:\Program Files\Declan's Korean Dictionary
2010-03-01 15:32:02 . 2009-10-30 08:15:20 -------- d-----w- C:\Program Files\Opera 10.10 Beta
2010-02-24 02:16:06 . 2009-10-06 06:08:51 181632 ------w- C:\Windows\system32\MpSigStub.exe
.
Posted 4/21/2010 8:48 AM
#85198
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
[code]
and 1 more thing... i can log in to my facebook after that...
does i need to run combofix again???

[/code]
No need to run combofix again, as combofix have cleaned/restored your hostsfile.




Seems you are good to go. However I would like to see a new hijackthis log file, just to be sure ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/21/2010 8:57 AM
#85199
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
this is my hijackthis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:50 PM, on 21/4/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\compaq\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Join Air\UIMain.exe
C:\Program Files\Join Air\CMUpdater.exe
D:\New Folder (3)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Join Air\UIExec.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Google Update] "C:\Users\compaq\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E645F73D-6BA2-4491-8841-5BBED39491B6}: NameServer = 203.82.64.41 203.82.64.67
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6138 bytes

but in the middle of the process, it say it cannot access hosts file... it is denied...
it have another problem or what???
thanks for helping... :)
Posted 4/21/2010 11:54 AM
#85206
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks clean to me.

Rightclick on hijackthis icon - run as admin, and you´ll probably don´t get - cannot access hosts file - message.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/21/2010 12:03 PM
#85207
User avatar

christopher_ukz Valued member

Date Joined Nov 2016
Total Posts: 20
ok... thanks again...
one more thing i want to ask...
what about files hosts in local disk c...
before i run the combo fix, it totally different after i run combofix...
it only left 127.0.0.1 localhost...
before this its different...
how about this...
it have problem again or what???
tq for helping...
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, August 10, 2022, 12:45 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
36 Guest(s), 0 Registered Member(s) are currently online.