2 replies to this topic

[covlass]

My sister is having mega problems with her PC she is with Talk talk who have said there is nothing wrong with her broadband. She can log on but is unable to view any web pages it just says please wait whilst we redirect you, then a blank page appears. She has done the log files as requested as adviced but is unable to do one step as it requires her to go online which she is unable to do

Version
information:




BUILD.DAT : 268AVSCAN.EXE : 7.0.6.1AVSCAN.DLL : 7.0.6.0LUKE.DLL : 7.0.5.3LUKERES.DLL : 7.0.6.1ANTIVIRO.VDF :
6.35.0.1ANTIVIR1.VDF : 6.39.0.129ANTIVIR2.VDF : 6.39.1.43ANTIVIR3.VDF : 6.39.1.51AVEWIN32.DLL : 7.6.0.5AVWINLL.DLL :
1.0.0.7AVPREF.DLL : 7.0.2.2AVREP.DLL : 7.0.0.1AVPACK32.DLL : 7.3.0.15AVREG.DLL : 7.0.1.6AVARKT.DLL : 1.0.0.20AVEVTLOG.DLL :
7.0.0.20NETNT.DLL : 7.0.0.0RCIMAGE.DLL : 7.0.1.30

15604
290856
49192
147496
10280
7371264
7251968
1542656
29696
2789888
14376
25640
155688
360488
30760
278568
86056
7720
2342952
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
31/08/2007
23/08/2007
16/08/2007
14/08/2007
21/08/2007
31/05/2006
10/07/2007
25/08/2007
28/08/2007
29/08/2007
26/02/2007
18/07/2007
16/04/2007
03/08/2007
18/07/2007
28/08/2007
18/07/2007
08/03/2007
07/08/2007
13:04:00
13:16:29
12:23:51
15:32:47
12:35:20
12:32:40
12:32:46
17:21:02
07:22:36
17:09:10
10:36:26
07:39:17
13:16:24
08:46:00
07:17:06
12:26:33
07:10:18
11:09:42
12:38:13
RCTEXT.DLL : 7.0.62.0
SQLITE3.DLL : 3.3.17.1

86056
339968
Bytes
Bytes
21/08/2007
23/07/2007
12:50:37
09:37:21


the scan:



Hard Disks
fi 1 es\avi ra\anti vi r
: Local
Configuration file : c:\prograrn
personaledition classic\alldiscs.avp
Logging : low
Primary action : interactive
Secondary action : ignore
Scan master boot sector off
scan boot sector
Boot sectors
Scan memory
Process scan
Scan registry
Search for rootkits
Scan all files
Scan archives
Recursion depth
Smart extensions..
Macro heuristic
File heuristic
Start of the scan: 14 September 2007 18:26

The scan of running processes will be started
‘avscan.exe’ - ‘1’ Module(s) have been scanned
‘avcenter.exe’ - ‘1’ Module(s) have been scanned
‘FSLAUNCH.EXE’ - ‘1’ Module(s) have been scanned
‘wuauclt.exe’ - ‘1’ Module(s) have been scanned
‘alg.exe’ - ‘1’ Module(s) have been scanned
‘wscntfy.exe’ - ‘1’ Module(s) have been scanned
‘hprblog.exe’ - ‘1’ Module(s) have been scanned
Page 1
AntiVir log.

AntiVir PersonalEdition Classic
Report file date: 14 September 2007
18:26
Scanning for 1036370 virus strains and unwanted programs.

Licensed to:
serial number:
Platform:
windows version:
username:
Computer name:
Avi ra Anti Vi r Personal Edition Classic
0000149996-ADJ IE-0001
windows xP
(Service Pack 2) [5.1.2600]
User
USER-2A9BD9A062
configuration settings for
Jobname.
Scan
Scan
Scan
Scan
Scan
Scan
Scan
process
process
process
process
process
process
process
on
C:,
on
on
on
off
Intelligent file selection
on
20
on
on
medium



Antivir log.
scan process ‘hpqsteO8.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘nvsvc32.exe’ - ‘1’ Module(s) have been scanned
scan process ‘mdm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpqtraO8.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘SUPERAntiSpyware.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘msnmsgrexe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘jusched.exe’ - ‘1’ Module(s) have been scanned
scan process ‘dragdiag.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpwuSchd2.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘PDVDServ.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘soundman.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrssexe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector ‘C:\’
[NOTE] No virus was found!

Startin9 to scan the registry.
The registry was scanned ( ‘38’ files ).


Starting the file scan:

Begin scan in ‘C:\’
c:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: 14 September 2007 18:38
used time: 11:37 mm

The scan has been done completely.

2242 Scanning directories
104520 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
104520 Files not concerned
580 Archives were scanned
1 Warnings
0 Notes




Page 2


superanti spyware
SUPERAnt1 Spyware Scan Log
http : //www. superanti spyware. corn

Generated 09/14/2007 at 07:14 PM

Application Version : 3.9.1008
Core Rules Database Version 3259
Trace Rules Database Version: 1270
Scan type : Complete scan
Total Scan Time : 00:31:24

Memory items scanned : 392
Memory threats detected : 0
Registry items scanned : 5474
Registry threats detected : 0
File items scanned : 36442
File threats detected : 0

~Page 1


AVG.txt.

AVG Anti-Spyware - Scan Report


+ created at: 20:02:11 17/09/2007

+ Scan result:


c:\system volume
Informati on\_restore{1ADB793F-EBC6-4Bcl-97D2-21D9829BB744}\RP69\A0277404.exe ->
Adware.Gator : Ignored.
C:\System volume
Information\_restore{1ADB793F-EBC6-4BC1-97D2-21D9829BB744}\RP7\A00047l9. exe ->
Adware.Gator : Ignored.
c:\System Volume
Informati on\_restore{1ADB793F-EBC6-4BC1-97D2-21D9829BB744}\RP9\A0007377.eXe ->
Adware~Gator : Ignored.


::Report end



Page 1


I ~b~d
1- LuIJ~q)~s~LAN’ 11P A~J1~JAN\?~wa~sAs\sMoaNIM\ :j
3X3~~11~Nfl~J [Ja~u~D~ipofrJAN] :un~j\ \I.nNH - j70
U~Su!~/ aXaZLMU [ziMu] :un~J\ ~\I~n~H - j~o
dn~J~SAN’ L ~p Ld)AN\~w~sAs\sMoaNIM\ :
]X]~E11~JN1Th [uow~PciLd)AN] :un~i\ \l~nNH - j70
3X3Nv1IaNnOS [u~i,~jpunos] :un~i\ \~nNH -
~ eI~L1 sMopuLM\s~L~J w~J6oJd\
- {oaSSdJt~9S~i~-9-I)aV-LIVi7-9i76)-QVQtaVU9} - ~~q~ooi ~A!~1 SMO~U~M :J~q~oo1 -
11P ~A\uth\s i 1~suI\uo Lu~dwo)\ OOqEA\Sa ~ i~ ui~J6oJd\
- { JjiaILZO6oo-d~62-?aII-adTJ-?Ea~66fl} - ~~qiooi jOOI.~Li. :JPq Loo~I~ -
~ aALi sMopuLM\s~L~J w~JboJd\
- {oacc s~9-IDav-LIvi7-9i76D-avaIa~a~} - J~dLaH ~~q~ooi aAL1 SM0~U~M :oi-i~ -
LLpU~6O1~AHSMoPU~M\aA~1 sMopuLM\p~JPqs ~oso~nhI1\s~L ij uowwo)\sajid wPJ~oJd\
- {9D~92o9L~9Ts-DD -d~Vj~-?ODt~’-t’9t7aO~O6} - JadLaH ui-u6is aAL1 SMOPULM :OHH -
(~L~-~4 ou) - ~ - (~wPu ou) :oI-I~ -
~ [p. ASS\U ~q\or-o S ~L~J 1\EAPc\s~ I
w~J6oJd\ - {~az6aIJvajia-a~9a-D?9j7-Od9a-98L6i7I9L} - SS~[) Jad[aHASS :oH~I -
~ w~J6oJd\
- ~ - J~d[aH ~q~ooi IOOqEA :oH~ -
[[pA\udD\s[[PI.suI\u0~uPw0D\i00qPA\s~L!d wPJboJd\
- {8 j.a~L~O6oo-d~68-ZaII-aIID-ZEQ966J3} - JPq[OO1 jOOL~A :)jOOHLpJ~aS1~Ifl -
L5T69Pfl1U H~./)Iu ~ [M4/w0D LJ.OSOJJ iw ob// : d~q
= ~6Pd 1.J s’u!~fr1\JaJo[dx3 ~ - O~J
968t7SPI)IU !~1~./)Ju ~ [M4/w0D I4OSOJD iw o6//: d~L1
= a6~d ip~ s’u \~~Jo~dx~ ~ - I~J

968i7SPflJU !-i~./)IU ~ LMI/W0) UOSOJ) LW 06// : d~q
= 1~flqD~~S~ Ln~J.~a’ ‘~ ~ LdX3 ~uJ~uI\I.J~osoJD ~ J~MLJ~OS\vfl)IH -
LS169Pfl1U L1~/)~u !- LMJ/w0D 140S0JD iW o6// : d~4
= 1~fl~6~d~ 1n~J~a’ ‘~ ~I~\J~0 LdX3 uJuJ\~joso..D Li~1\aJPM~.4os\L~nIH - fli
~
= ~bPd i.j s’uI~1\J~JoLdx~ ~ - O~J

~x~s ~q1~D~ ~ PUaJ1\S~L~J w~J~oJd\
~- LJnEnM\ZEw~SAS\SMOaNIM\ :j
AJ~UDSM\Z~W~SAS\SMOGNIM\ :
~x6o[qJdq\uLq\~u~s~ssv 1.)flpOJd\6U~b~WI I ~ wPJñoJd\:3
~ [P 6~a\dH\s~i~d wEJ6oJd\
ax~ ~soqDAs\7~w~sIcs\sMoaNIM\ : D
~xa wpw\6nqacILsn\p~JPqs ~4OSOJD ii~\s~ [ Lzi uowwo3\s~ I. ~J WP.J6OJd\ :3
~ L ~j~p~Ads-i~.uv ~ wPJ6o.Jd\
~x~paqDs\DLssP[D U0~14P~1PU0SJ~d i ~n~uv\PJ ~Av\saL~J WPJ6OJd\)
~ I LbLa\dH\saLLJ wPJboJd\
~jpiv~Ad~ Li.uv~ndns\~JEMAds Uuv~fldns\sa L i~ WPJ 6oJd\ :j
~x3 ~ NsI~l\s~L~l wPJ6oJd\
ax~ uowfID\Z~w~sAs\sMoaNIM\ :
~ sP6AP\c L ~JpMAds-L1uv ~Av\ijosLJ~\s~[LJ WPJ60Jd\
axa~Iu6AE\DLssPLD UOULp] LPU0SJ~d J LAL~uv\PJ LAV\SaLLZI wEJboJd\
~xp~q3sn~\u~q\ofiy S IeJc\pAPc\s~L~J wPJboJd\:3
15p ip6~ia\ssn qno1p~ds\u0Sw0L~1\s~ i i~ w~~6oj~j\ :j
~X3 ZpL1DSflMdH\~Ppdfl ~JPM140S dH\dH\S~ I Lz~ WPJ6OJd\ :j
AJasaAad\c1naJ~Mod\)Iu L1J~qic)\sa i ~ wPJf5oad\
NVI’JGNflOS\SMOQNIM\ :j
axp.iPn6AP\D~ssP[3 uOL ~~jPU0SJ~d .i LA~3uv\PJ ~nv\s~[~J WPJ6OJd\D
-i~.io [dx~\sMoaNIM\ :3
As Loods\ZEw~sAs\SMoaNIM\ :3
~soqDAs\~w~sAs\sMoaNIM\ :
~soqDAs\~wa~sAs\sMoaNIM\ :~
• ss~s L\z~wa1sAs\sMoaNIM\ :j
~xa sa LAJas\~w~sAs\sMoaNIM\ :j
~ uoño ~u LM\zEw~sAs\sMoaNIM\ :j
• ssws\zEw~s/cs\sMoaNIM\ :3
:sassao~d 6uiuun~

[PWJON :~p0w ~009
(TIooO~LSOOL) OO~LA J~J0[dX3 ~au~~ui ~
(oo9~IOS INU!-M) ZdS dX SMOpULM :wJOJ4PId
LOO~I6OILT uo ‘s~:Lo:oz ~ P~AES up~s
r0z” s~qDpP~~H OJD!W pUaJI ~J0 a[L4501
~ s i~C iq


sa~Aq OLS9 - ~L!-J- J0 ~


~x~TwdLzdH\?~w~sIcs\sMoaNrM\ - dH - ZIZdH J~ALJa LWd :~DLAJa~ -
~ Z~DAsAu\~w~sAs\sMoGNIM\ :
- uoi~~od~oj VIOIAN - (DAsAN) ~DLAJ~S JaA~Ja ‘~Lds~a vialAN :~JLnJas - E?O
~X~pJ~flb’~S1L ~JEMAdS-L~.UV ~AV\40S!.J~\S~[!.d w~Jboad\
- se ~u~wdoI~n~cj aJ~MLPI~-L~UV - ~JPflD aJ~MAds-uuv DAV :aDLAJ~s -
~X~p~fl6AE\JLSSE1D UO~I4P~LEUOSJ~d J ~A~4uV\~J LAV\Sa[L1 wEJ6oJd\ - Hqw~
~JLAV - (~DLAJaSJLAUUV) pJpfl~ DLSSP~) UOuLP3L~UOSJad J~A~.UV :~DLAJ~5 -
~xp~Lps\Lss~LD UO!.4~P3L~UOSJ~d J ~-A!-1-UV\PJ ~AV\s~L ~d wPJ6OJd\ - H~WD PJ ~AV

- (J~LnP DsJ~A!~~uv) ~IY~P~PS ~ssPLD UOL~.LP~LPUOSJ~d JLAUUV :~~iu~s -
LIP O1NIMSVS\~J~MAdS I4UV~JJdflS\S~ I ~-I
wEJ~oJd\ - UO6O1ULMSVSI :AJ.L~.oN U060[ULM - ozo
~
- (1001 p~o[dn O~O~d NSI~) {LES6S6~)SO0?ZES8V)Z O8VZ-VT~S3Tdi7} :dda - 910
q~-siooidni.as
~
- { LO3t789IT-L8a~-EvLi7-6DJ9-?aL~aI7aT} :ddci - 910
axs6swsw\J~bu~ss~J\s~[Ld w~J6oJd\ - {~9s6LoDoo-~6~-?pTT-oul-oI6Td~aJ}
- J~6U~SS~ SMOPULM :waiinu~w 1S10011 ~ - 60
~ sbswsw\~ u~ss~\s~ I !-1 w~J~oad\
- { 9S6L1t7000-3609-ZPTI-oIId-oI6liSff1} - J~6U~SS~IJ :uo~nq ~ - 60
LIP Ass\u ~q\oI—o S ia~~ C\PA~c\s~ I ~d
wPJ6oJd\ - {tos~o9D1o~oo-svvv-dD1T-~-os~o88o}
- ~~0SU0) ~AP[ UflS :w~inu~w 1S[0011 PJ~X3 - 60
~[pAss\u~q\o1os T~J1\~APc\s~I~d w~J6oJd\
- ~ - (~urnu ou) :u0~nq ~J~X3 - 60
qj’pq951L9IsE)pgILpoLp6E6~o~z/ ~flW LIP - s~Jq uSw\q6-u~\S~u~uodwoD\J~q 1001
~AL1 SMOPULM\SaLLJ
w~J6oJd\//:s~J - q~ pun0J6~J0J. M~U u~ u~do :uia~ nu~w i.x~uoD ~J~X3 -
~ !~flW LLP sa~q usw\qb-u~\si.u~uodwoD\~~q Loo~L
~AL1 SM0pULM\Sa[L~
w~J6oJd\:J//:seJ - q~ puno~6p~q M~U UL u~do :w~i nu~w ~x~uo~ ~ -
000E/3XJ 1J)X~\OI~D ~ : D//: sa~
- L~DX3 ~josojii~ o~. ~.Jodx~’3 :w~i flu~W ~.X~U0D PJ~X3 -
~ aA~1 sMopuLM\s~ILd
wEJboJd\//:saJ - LpJEas ~AL1 SM0~U~M~ :w~i flU~W ~X~U0D ~ -
3X3 vs0t~D ~jo\3D !-J40
~JosoJDLN\saLLI w~JboJd\ = )IUVaDLZJ~ZJ~0 ~osoji~j :Dn~.J~s I~~01~ - j70
~~~~ibdq\u Lq\bu ~6~wi L~~Lb ~a\dH\sa I s--’
w~J6oJd\ = ~ULJ0~j-U0I~J 6U!-6~WI LP~!-6~a dH :Dn~~~s L~~0LD - j7O
ajp,~Ads L~uv~J3dn5\~JEMAds LI.UV~Hdfls\SB I !-~I
w~J6oJd\ [~JPMi~dsUuy~IJdfls] :un~J\ \nDNH - t7o
punoJ bp~q/
~ NsI~J\s~I!.d wPJ6oJd\~, [J6SIf~IUSfrJ] :un~j\ ~\nNH - j7O
axuow4~\~w~sAs\sMoaNIM\ [~x~uow4~] :un~J\ \n~H - j70
PaZ ~W ~u ~w/ 1~aXa S~bA~\5 L
a~~ds-i~uv ~ w~J6oJd\:D11 [aJPMAdS-uuv DAVI] :un~\ \I~nNH - jo
u LW/ ~aXa - ~U6AP\D LSSE U
U0L~.LP~LPU0SJ3d J!-A!-~UV\PJ!~AV\SaL!~J w~a5oJd\~ [~ubAP] :un~j\ \InIH - j7O
xpa4)snç\u~q\o1cys -IaJc\PAPc\SaI~J
wPJboJd\~, [p Dsa~.Ppdn~AEcuns] :un~J\ \LnIH - j~0
UOD ~/ ~axa 6~ !-p6~Ja\~sn ipnoipaads\uosuioqi\sa I ~
wPJ6oJd\:,, [sJL~sou6~La ~sn ipnoipaads] :un~J\ \i,nNH -
aX~ ~pqDSflMdH\a~Epdfl
aJEM4OS dH\dH\saU~d wPJ6oJd\ [a~pdn ~J~M~JOS dH] :un~I\ \I.nNH - j7O
,,axa IuasaAad\aAaJaMod\)Iu ~i~aqAj\sa I ~--‘
wPJ6oad\~, [UoJ~uoDa~owa~J] :un~J\ \I’nNH - to
axa)paLpoJaN\?EwaI.sAs\sMoaNIM\ [~DaqDJa1~~IoJaN] :un~J\ \I~nNH - j70
~xv S it~p~1 iq

[covlass]

Just making sure it woked where did the faces come from?????????????????????

[AndyManchesta]

Hi covlass

Unfortunately there is no logs there that gives us any useful information, Im not sure what the scrambled text is from but she will have to repeat the steps to try at least get a HijackThis log so we can see whats running. If she is able to download from links then download HijackThis if she doesnt already have it and post back the log, if she is unable to download from links then you will have to save it to a USB drive or disk and transfer it that way

CLICK HERE to download the HijackThis Installer:

• Save HJTInstall.exe to your desktop.
  
• Double-click on HJTInstall.exe to run the program.
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis.
  
• Accept the license agreement by clicking the "I Accept" button.
  
• Click on the "Do a system scan and save a log file" button. It will scan and once its finished it will open the results in notepad
  
• Come back here to this thread and paste the full log in your next reply.
  
• Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even essential for your system.

Cheers

Andy