Home > General > Rond.starsdoor.com

Rond.starsdoor.com

C:\DOCUME~1\DOGLET\Cookies\DO7157~1.SH! Here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:24 PM, on 1/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Forum Archive Cyber Tech Help Forums RSS Help Forums | Tutorials | Downloads | News | Other Resources Home | Site Help | About Us | Subscriptions | Services | Contact After installation, double-click the icon on your Desktop to launch AVG.

crzeguy View Public Profile Find all posts by crzeguy #12 January 6th, 2008, 08:14 AM Morfeasss CTH Subscriber Join Date: Feb 2006 O/S: Windows XP Home Location: Greece You can not post a blank message. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Please type your message and try again. 1 Reply Latest reply on Jan 4, 2008 5:39 AM by Jubo Cannot stop rond.starsdoor.com khenson1 Jan 3, 2008 9:31 PM I have tried

C:\DOCUME~1\DOGLET\Cookies\DO3C88~1.SH! Password Register FAQ Calendar Today's Active Topics Search Notices Viewing on a mobile device? By continuing to browse our site you agree to our use of data and cookies.Tell me more | Cookie Preferences Partially Powered By Products Found At Lampwrights.com Jump to content

C:\DOCUME~1\DOGLET\Cookies\DO163A~1.SH! Click Complete System Scan to begin scanning. Here is the copy from the main txt. Thanks.JonLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:36:03 AM, on 1/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Common Files\AOL\1144527614\ee\AOLSoftware.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\HP Software

If you wish to continue post back the logs I requested please. Also a the second text file, extra.txt, will show as minimized in your Task Bar. If you have an icon near the PC clock like: , then launch the Security Center:Click on the "View Details" link and in the next window you see all the McAfee The first three are from Avira Antivirus.

scanning hidden autostart entries ... Now close AVG (don't scan just yet). ~~~~~~~~~~~~~~~~~~~~ Reboot into Safe Mode. Type the folder name: HJT5. What version of Windows is installed?

Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://crashtestdummy23.spaces.live....d/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo The time now is 01:47 AM. HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 -

Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads To start viewing messages, select the forum that you want to visit from the selection below. If we have ever helped you in the past, please consider helping us. what to do?

Copy the log from the Startup Programs file back here. Any particular web sites? C:\DOCUME~1\DOGLET\Cookies\DO7157~1.SH! The page will refresh.6.

tay10 New Member Messages: 2 Somehow the pop-up Http://rond.starsdoor.com/ac.php?bannerid= etc. C:\DOCUME~1\DOGLET\Cookies\DO894F~1.SH! Backed up registry hives.

Close any programs you may have running - especially your web browser.8.

Click Scanner, then click on the Scan tab. Click the Change/Remove button.11. Any help. AnnMarie View Public Profile Find all posts by AnnMarie #4 July 2nd, 2007, 02:59 AM zshan80 New Member Join Date: Jun 2007 Posts: 4 Please someone help with

All rights reserved. Also can you tell me what all those .bat files are in your C:\Documents and Settings\Shan folder? BLEEPINGCOMPUTER NEEDS YOUR HELP! Then click the "Scan!" button to start the scan.

Hi, AnneMarie ! Someone will post back with instructions. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your It's only been popping up for recently.

scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\A TWPKT2] "ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPK T2.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}] Completion time: 2007-07-01 19:15:08 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-01 19:14 --- E O QuickDraw 3D Rendering Acceleration Virtual Engine - RAVE> 2008-01-17 20:59:50 969216 --a------ C:\WINDOWS\system32\qd3d.dll

Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 -