1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random IE windows keep popping up

Discussion in 'Virus & Other Malware Removal' started by farlad, Jul 14, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. farlad

    farlad Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    6
    I'm pretty sure my computer is infected with something because whenever I open IE, new windows open up like winantivirus and sometimes put icons on my desktop. please help.
    Here's my Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 1:02:00 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINDOWS\TEMP\win372.tmp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Documents and Settings\Natlad\My Documents\Downloads\HiJackThis_v2.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskmgr.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {849B210E-C4D2-420C-85C3-73A91B40A73E} - C:\WINDOWS\system32\ssqpn.dll
    O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\efccbbx.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\uwahojxr.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec

    Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec

    Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

    Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win372.tmp.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxed.dll,startup
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xfftoatr.dll",forkonce
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\WNSXS~1\chkntfs.exe" -vt yazb
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

    http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
    O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll
    O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

    C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

    C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccSetMgr.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\snvnffkn.exe (file missing)
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet

    Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\SNDSrvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 10043 bytes
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download Combofix and save it to your desktop.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Note: It is important that it is saved directly to your desktop

    Close any open browsers.

    Double click on combofix.exe & follow the prompts.
    When finished, it shall produce a log for you.

    Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. farlad

    farlad Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    6
    Here's the combofix log:

    "Natlad" - 2007-07-14 14:24:22 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


    2007-07-14 14:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-07-14 13:47 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 14:46 <DIR> d--h----- C:\WINDOWS\system32\WLANProfiles
    2007-07-13 14:46 <DIR> d--h----- C:\Settings
    2007-07-12 14:08 93,696 --a------ C:\WINDOWS\system32\drvxed.dll
    2007-07-07 23:21 27,565 --a------ C:\WINDOWS\system32\dcivwhkg.dll
    2007-07-05 15:41 4,876 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-07-04 22:02 <DIR> d-------- C:\!KillBox
    2007-07-04 17:55 <DIR> d-------- C:\Program Files\Nsasoft
    2007-07-04 17:06 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-07-04 17:06 <DIR> d-------- C:\DOCUME~1\Natlad\APPLIC~1\PC Tools
    2007-07-04 16:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-07-04 13:01 <DIR> d-------- C:\Program Files\Movie Splitter
    2007-07-04 12:16 <DIR> d-------- C:\Program Files\DiskInternals
    2007-07-04 12:05 <DIR> d-------- C:\ConverterOutput
    2007-07-04 12:03 <DIR> d-------- C:\DOCUME~1\Natlad\APPLIC~1\Reno 911 Paintball
    2007-07-04 12:02 <DIR> d-------- C:\Program Files\Kontiki
    2007-07-04 12:00 <DIR> d-------- C:\WINDOWS\A5W_DATA
    2007-07-04 12:00 <DIR> d-------- C:\Program Files\APCD Calculus Demo
    2007-07-03 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
    2007-07-03 21:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-07-03 21:26 87,608 --a------ C:\DOCUME~1\Natlad\APPLIC~1\inst.exe
    2007-07-03 21:26 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-07-03 21:26 47,360 --a------ C:\DOCUME~1\Natlad\APPLIC~1\pcouffin.sys
    2007-07-03 21:26 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2007-07-03 21:26 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2007-07-03 21:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2007-07-03 21:26 <DIR> d-------- C:\Program Files\VSO
    2007-07-03 21:26 <DIR> d-------- C:\DOCUME~1\Natlad\APPLIC~1\Vso
    2007-07-03 21:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
    2007-07-03 21:16 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
    2007-07-03 21:16 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
    2007-07-03 21:16 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
    2007-07-03 21:16 <DIR> d-------- C:\Program Files\Cucusoft
    2007-06-23 14:13 <DIR> d-------- C:\Program Files\GameSpy Arcade
    2007-06-23 14:11 <DIR> d-------- C:\Program Files\Microsoft Games


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-14 19:26:18 -------- d-----w C:\DOCUME~1\Natlad\APPLIC~1\uTorrent
    2007-07-05 03:13:19 -------- d-----w C:\Program Files\Windows NT
    2007-07-04 22:34:41 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-04 22:34:39 -------- d-----w C:\Program Files\Norton Internet Security
    2007-07-04 22:32:59 -------- d-----w C:\Program Files\QuickTime
    2007-07-04 22:32:59 -------- d-----w C:\Program Files\DIGStream
    2007-07-04 22:32:36 -------- d-----w C:\Program Files\Messenger
    2007-07-04 19:11:02 -------- d-----w C:\Program Files\DivX
    2007-07-04 17:05:18 -------- d-----w C:\Program Files\utorrent
    2007-07-04 17:05:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-04 17:02:56 -------- d-----w C:\DOCUME~1\Natlad\APPLIC~1\DivX
    2007-07-04 17:01:45 -------- d-----w C:\Program Files\GemMaster
    2007-07-04 17:01:43 -------- d-----w C:\Program Files\EA SPORTS
    2007-07-04 16:49:31 -------- d-----w C:\DOCUME~1\Natlad\APPLIC~1\AdobeUM
    2007-07-04 16:47:38 -------- d-----w C:\Program Files\Innomage
    2007-07-04 16:46:43 -------- d--h--w C:\DOCUME~1\Natlad\APPLIC~1\Move Networks
    2007-05-21 23:33:19 27,328 ----a-w C:\DOCUME~1\Natlad\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2006-06-07 11:09 399352 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-11-09 16:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{849B210E-C4D2-420C-85C3-73A91B40A73E}]
    C:\WINDOWS\system32\ssqpn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
    2003-10-22 10:38 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    2003-12-04 19:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 15:37]
    "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 20:35]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 23:46]
    "@"="" []
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 23:47]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-22 15:18]
    "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 15:49]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-25 23:16]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-03 19:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
    "@"="" []
    "Uaol"="C:\PROGRA~1\WNSXS~1\chkntfs.exe" []
    "µTorrent"="C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe" [2007-07-04 16:38]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbbx]
    efccbbx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll --a------ 2005-07-22 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn]
    C:\WINDOWS\system32\ssqpn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
    winmqx32.dll


    Contents of the 'Scheduled Tasks' folder
    2007-05-12 01:00:12 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    2007-07-14 19:23:38 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-14 14:26:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-14 14:26:48
    C:\ComboFix-quarantined-files.txt ... 2007-07-14 14:26

    --- E O F ---

    Here's the new Hijack This:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 2:31:01 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Natlad\My Documents\Downloads\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {849B210E-C4D2-420C-85C3-73A91B40A73E} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\WNSXS~1\chkntfs.exe" -vt yazb
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe"
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O20 - Winlogon Notify: efccbbx - efccbbx.dll (file missing)
    O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 8660 bytes
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    O2 - BHO: (no name) - {849B210E-C4D2-420C-85C3-73A91B40A73E} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\WNSXS~1\chkntfs.exe" -vt yazb
    O20 - Winlogon Notify: efccbbx - efccbbx.dll (file missing)
    O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
    O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


    ====================================

    Panda Activescan
    http://www.pandasoftware.com/products/activescan.htm
    1. Once you are on the Panda site click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it
    9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    10. When download is complete, click on Local Disks to start the scan
    11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


    In your next reply, please include a fresh Hijackthsi log and Panda Activescan log. Thanks
     
  5. farlad

    farlad Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    6
    Here's the panda scan log:

    Incident Status Location

    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\!KillBox\winantiviruspro2006freeinstall[1].exe
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.com.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.systemdoctor.com/]
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[www.systemdoctor.com/]
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[stats1.reliablestats.com/]
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[systemdoctor.com/]
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[www.winantiviruspro.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[server.iad.liveperson.net/hc/54509612]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
    Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    Virus:Trj/Downloader.NUS Disinfected C:\QooBox\Quarantine\C\d.exe.vir
    Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
    Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\Program Files\WNSXS~1\chkntfs.exe~.vir
    Adware:Adware/DriveCleaner Not disinfected C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir
    Adware:Adware/Antivirus-gold Not disinfected C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
    Adware:Adware/DriveCleaner Not disinfected C:\QooBox\Quarantine\C\WINDOWS\smgr.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\achevjec.exe.vir
    Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\awtttus.dll.vir
    Virus:Trj/Downloader.PJT Disinfected
     
  6. farlad

    farlad Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    6
    C:\QooBox\Quarantine\C\WINDOWS\system32\bkyenbpw.exe.vir
    Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\byxwtsp.dll.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cpbprcxm.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ctwgehjk.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\driuovpv.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dtoptkwm.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\duchrocn.exe.vir
    Virus:Trj/ConHook.CY Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\efccbbx.dll.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\enheauld.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\faeoetqj.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gdombbrs.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gkgvjriv.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hecodosi.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hujocmnv.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ifellocb.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\irmeyoug.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iyojuysw.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jfecmujl.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jhevaruq.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jiwqypui.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jwqycuxf.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jwtuaejg.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jxoehjmi.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kauhlhwk.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kbdpptke.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kmgnasfs.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lbghelct.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lhktaqiy.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mddlqmpx.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mmfrwfdx.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mqwvjdxi.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mtxedxjl.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\niuderer.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\okaptolh.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oywcdxdh.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pwifppdb.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qlqoydop.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rebvpiwm.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rjtlpqcv.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rokcrmkv.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rpmrnvwe.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\srfopcst.exe.vir
    Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpn.dll.vir
    Adware:Adware/UltimateCleaner Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\syswin.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tcbiffoj.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tifxaifi.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ugvnxdpe.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\usevuabr.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vcfsjkrc.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vuggaswt.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vvllrmxv.exe.vir
    Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\winmqx32.dll.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wqpymate.exe.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wqufxapv.exe.vir
    Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wvuutqo.dll.vir
    Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xkotopai.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xxelrqfh.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xygahdgo.exe.vir
    Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yoxovwyv.exe.vir
    Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\drvxed.dll
     
  7. farlad

    farlad Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    6
    Here's the Hijack this:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:14:58 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Natlad\My Documents\Downloads\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe"
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 8354 bytes
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please DELETE the following folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

    Folders:

    C:\Killbox <-- this folder
    C:\QooBox <-- this folder
    C:\ComboFix <-- this folder


    Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

    Files:

    C:\WINDOWS\system32\drvxed.dll <-- this file
    C:\ComboFix.txt <-- this file
    C:\combofix-quarantine-files.txt <-- this file


    You can delete ComboFix.exe from your Desktop.

    How is everything running???
     
  9. farlad

    farlad Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    6
    Now its working great, thank you so much!!!
     
  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Good!!!! (y)

    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. If you don't have a Firewall installed, please choose from the following:
    3. If you don't have a Anti-Virus installed, please download the following free program:
    4. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    5. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    6. Anti-Spyware Programs I Recommend:
    7. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595712

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice