Jump to content

Change Mode


  • Content Count

  • Joined

  • Last visited

About BearFinger

  • Rank
  • Birthday 02/06/1984

Contact Methods

  • Website URL

Previous Fields

  • System Specifications:
    Windows XP CDRW 120 MB RAM Pentuim III
  • Teams:
    Nothing Selected
  1. sorry, still having trouble with my phone line. I will get a friend to download it for me. will post tomorrow.
  2. Please find attached combofix log, ComboFix 07-10-22.1 - Brian 2007-10-22 18:13:17.4 - NTFSx86 Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Brian\My Documents\software\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))) . 2007-10-22 16:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-22 16:25 <DIR> d-------- C:\Documents and Settin
  3. Please standby, I am having trouble with my phone line connection. Should be fixed by next week. I am using my work computer at the moment. I tried running those two logs and saving it on disk, but combo-fix stated there was a new version available and un-installed itself. I cant download any programmes on my work computer or alarm bells go off. So I will have to wait untill my phone line is fixed. Anyway, I have ran around 5 different scans and for the first time in months nothing is coming up.. I will send those two logs ASAP. Thankyou for your patients.
  4. Ok... so in my log, it states under running programs: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe So these aren’t considered AV programs? Also I have installed the windows updates (all of them). So you have me a bit confused. I will post a new log when I get home from work. (Maybe I accidentally posted an old log or something) but I thought I sent the log after I installed the windows updates. Thou i will defiantly take your advice on that drink.
  5. yeah! it looks good to me. check it out.... ===================== "C:\WINDOWS\System32\ntoskrnl.exe" .... is present 0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\System32\ntoskrnl.exe "C:\WINDOWS\System32\ntoskrnl.exe" ... is authentic ===================== "C:\WINDOWS\System32\ntkrnlpa.exe" .... is present 0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\System32\ntkrnlpa.exe "C:\WINDOWS\System32\ntkrnlpa.exe" ... is authentic Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:50 PM, on 17/10/2007 Platform: Windows XP
  6. ComboFix 07-10-10.1 - Brian 2007-10-17 8:28:35.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.23 [GMT 10:00] Running from: C:\Documents and Settings\Brian\My Documents\software\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))) . 2007-10-17 00:41 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-16 23:55 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-10-16 23:55 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-10-16 23:55 16,896 -----c--- C:\WINDOWS\system
  7. ok, been on the net for a few minutes now and no AVG pop-ups regarding totour.. so far so good. attached is the log from super anti spyware and a new hijack this log. How do i assure this never happens again? your a legend Aaflac!! AAFLAC FOR PRESIDENT!! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/16/2007 at 09:02 PM Application Version : 3.9.1008 Core Rules Database Version : 3325 Trace Rules Database Version: 1326 Scan type : Complete Scan Total Scan Time : 01:05:11 Memory items scanned : 288 Memory threats detected : 0
  8. Ok, i tried finding c:\windows\system32\sno.dll and it has gone. I done a new hijack log and it was not there. I have attached it below. Volume in drive C has no label. Volume Serial Number is 2C54-6EBF Directory of C:\WINDOWS\system32 23/08/2001 10:00 PM 1,135,616 ntbackup.exe 02/05/2003 11:03 AM 651,264 ntdll.dll 23/08/2001 10:00 PM 27,866 ntdos.sys 23/08/2001 10:00 PM 29,146 ntdos404.sys 23/08/2001 10:00 PM 29,370 ntdos411.sys 23/08/2001 10:00 PM 29,274 ntdos412.sys 23/08/2001 10:00 PM 2
  9. please find the combo fix log below: ComboFix 07-10-10.1 - Brian 2007-10-15 8:18:22.2 - NTFSx86 Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Brian\My Documents\software\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\irt.dll C:\WINDOWS\system32\kjbodsd.dll C:\WINDOWS\system32\njxofxccwxf.dll C:\WINDOWS\system32\qogsu.dll . ((((((((((((((((((((((((( Files Created from 2007-
  10. sorry for the delay. my account was suspended for an apparent controversial post i made regarding hackers. Hoever the bearfinger is back. please find the new log below. Peace out Diagnostic Report (1.7.0062.0): ----------------------------------------- WGA Data--> Validation Status: Genuine Validation Code: 0 Online Validation Code: N/A Cached Validation Code: N/A Windows Product Key: *****-*****-6JRYC-X66GX-JVY2D Windows Product Key Hash: QlMc4eVzNRH58UjkaRc+5fkLfC8= Windows Product ID: 55274-640-1479176-23233 Windows Product ID Type: 1 Windows License Ty
  11. I tried to download service pack two last week but when it came to the installation part, there was some kind of error with Ntoskrnl. The installation could not be completed untill the file was shut dow. I couldnt figure out how to shut it down. So can you see anything in my logs? Is it bad.... tell me the truth doc.....
  12. if i ever find the pr**k who designed this malware i will beat the snot out of him. Please find the log below. Thanks again.... ===================== "C:\WINDOWS\System32\ntoskrnl.exe" .... is present "C:\WINDOWS\System32\ntoskrnl.exe" ... is patched Files found .... 27/09/2007 01:29 PM=1972986=C:\WINDOWS\system32\ntoskrnl.exe 25/02/2002 03:33 PM=1875584=C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe 24/04/2003 08:57 AM=1925760=C:\WINDOWS\$xpsp1hfm$\Q811493\ntoskrnl.exe 23/08/2001 10:00 PM=1982208=C:\WINDOWS\$NtUninstallQ317277$\ntoskrnl.exe 17/08/2001 10:24 PM=19
  13. Thanks for the reply. I must be brief as my computer is due to freeze up any minute. Please find the 2 logs below. ComboFix 07-10-10.1 - Brian 2007-10-10 17:41:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.15 [GMT 10:00] Running from: C:\Documents and Settings\Brian\My Documents\software\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\afbausz.dll C:\WINDOWS\system32\aimsmx.dll C:\WINDOWS\system32\aosmx.dll C:\WINDOW
  14. hope I am doing this correctly; I would like some assistance with a problem. I am having major problems with my computer when on the internet. I think it has something to do with a virus called totour.exe. I have tried deleting it manually and with AVG but it keep coming back. When it is removed it gets replaced by other viruses and malware and eventually loops back around to totour. The synonyms are that when I log on to the internet everything runs fine. I have an ADSL connection, but after around 5 minutes everything starts to slow down. Pages take very long to load, downloads decre
  • Create New...