Random IE windows keep popping up

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

farlad

Thread Starter
Joined
Jul 14, 2007
Messages
6
I'm pretty sure my computer is infected with something because whenever I open IE, new windows open up like winantivirus and sometimes put icons on my desktop. please help.
Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:02:00 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\TEMP\win372.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Natlad\My Documents\Downloads\HiJackThis_v2.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {849B210E-C4D2-420C-85C3-73A91B40A73E} - C:\WINDOWS\system32\ssqpn.dll
O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\efccbbx.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\uwahojxr.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win372.tmp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxed.dll,startup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xfftoatr.dll",forkonce
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\WNSXS~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll
O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\snvnffkn.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 10043 bytes
 
Joined
Sep 8, 2005
Messages
9,113
Welcome to TSG :)

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 

farlad

Thread Starter
Joined
Jul 14, 2007
Messages
6
Here's the combofix log:

"Natlad" - 2007-07-14 14:24:22 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-14 14:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-14 13:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 14:46 <DIR> d--h----- C:\WINDOWS\system32\WLANProfiles
2007-07-13 14:46 <DIR> d--h----- C:\Settings
2007-07-12 14:08 93,696 --a------ C:\WINDOWS\system32\drvxed.dll
2007-07-07 23:21 27,565 --a------ C:\WINDOWS\system32\dcivwhkg.dll
2007-07-05 15:41 4,876 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-04 22:02 <DIR> d-------- C:\!KillBox
2007-07-04 17:55 <DIR> d-------- C:\Program Files\Nsasoft
2007-07-04 17:06 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-04 17:06 <DIR> d-------- C:\DOCUME~1\Natlad\APPLIC~1\PC Tools
2007-07-04 16:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-04 13:01 <DIR> d-------- C:\Program Files\Movie Splitter
2007-07-04 12:16 <DIR> d-------- C:\Program Files\DiskInternals
2007-07-04 12:05 <DIR> d-------- C:\ConverterOutput
2007-07-04 12:03 <DIR> d-------- C:\DOCUME~1\Natlad\APPLIC~1\Reno 911 Paintball
2007-07-04 12:02 <DIR> d-------- C:\Program Files\Kontiki
2007-07-04 12:00 <DIR> d-------- C:\WINDOWS\A5W_DATA
2007-07-04 12:00 <DIR> d-------- C:\Program Files\APCD Calculus Demo
2007-07-03 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-07-03 21:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-07-03 21:26 87,608 --a------ C:\DOCUME~1\Natlad\APPLIC~1\inst.exe
2007-07-03 21:26 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-03 21:26 47,360 --a------ C:\DOCUME~1\Natlad\APPLIC~1\pcouffin.sys
2007-07-03 21:26 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-07-03 21:26 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-07-03 21:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-07-03 21:26 <DIR> d-------- C:\Program Files\VSO
2007-07-03 21:26 <DIR> d-------- C:\DOCUME~1\Natlad\APPLIC~1\Vso
2007-07-03 21:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-07-03 21:16 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-07-03 21:16 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-07-03 21:16 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-07-03 21:16 <DIR> d-------- C:\Program Files\Cucusoft
2007-06-23 14:13 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-06-23 14:11 <DIR> d-------- C:\Program Files\Microsoft Games


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 19:26:18 -------- d-----w C:\DOCUME~1\Natlad\APPLIC~1\uTorrent
2007-07-05 03:13:19 -------- d-----w C:\Program Files\Windows NT
2007-07-04 22:34:41 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-04 22:34:39 -------- d-----w C:\Program Files\Norton Internet Security
2007-07-04 22:32:59 -------- d-----w C:\Program Files\QuickTime
2007-07-04 22:32:59 -------- d-----w C:\Program Files\DIGStream
2007-07-04 22:32:36 -------- d-----w C:\Program Files\Messenger
2007-07-04 19:11:02 -------- d-----w C:\Program Files\DivX
2007-07-04 17:05:18 -------- d-----w C:\Program Files\utorrent
2007-07-04 17:05:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-04 17:02:56 -------- d-----w C:\DOCUME~1\Natlad\APPLIC~1\DivX
2007-07-04 17:01:45 -------- d-----w C:\Program Files\GemMaster
2007-07-04 17:01:43 -------- d-----w C:\Program Files\EA SPORTS
2007-07-04 16:49:31 -------- d-----w C:\DOCUME~1\Natlad\APPLIC~1\AdobeUM
2007-07-04 16:47:38 -------- d-----w C:\Program Files\Innomage
2007-07-04 16:46:43 -------- d--h--w C:\DOCUME~1\Natlad\APPLIC~1\Move Networks
2007-05-21 23:33:19 27,328 ----a-w C:\DOCUME~1\Natlad\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-06-07 11:09 399352 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 16:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{849B210E-C4D2-420C-85C3-73A91B40A73E}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2003-10-22 10:38 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2003-12-04 19:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 15:37]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 20:35]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 23:46]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 23:47]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-22 15:18]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 15:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-25 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-03 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"@"="" []
"Uaol"="C:\PROGRA~1\WNSXS~1\chkntfs.exe" []
"µTorrent"="C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe" [2007-07-04 16:38]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbbx]
efccbbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll --a------ 2005-07-22 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
winmqx32.dll


Contents of the 'Scheduled Tasks' folder
2007-05-12 01:00:12 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-07-14 19:23:38 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 14:26:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 14:26:48
C:\ComboFix-quarantined-files.txt ... 2007-07-14 14:26

--- E O F ---

Here's the new Hijack This:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:31:01 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Natlad\My Documents\Downloads\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {849B210E-C4D2-420C-85C3-73A91B40A73E} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\WNSXS~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: efccbbx - efccbbx.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8660 bytes
 
Joined
Sep 8, 2005
Messages
9,113
Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O2 - BHO: (no name) - {849B210E-C4D2-420C-85C3-73A91B40A73E} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\WNSXS~1\chkntfs.exe" -vt yazb
O20 - Winlogon Notify: efccbbx - efccbbx.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


====================================

Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  1. Once you are on the Panda site click the Scan your PC button
  2. A new window will open...click the Check Now button
  3. Enter your Country
  4. Enter your State/Province
  5. Enter your e-mail address and click send
  6. Select either Home User or Company
  7. Click the big Scan Now button
  8. If it wants to install an ActiveX component allow it
  9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  10. When download is complete, click on Local Disks to start the scan
  11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


In your next reply, please include a fresh Hijackthsi log and Panda Activescan log. Thanks
 

farlad

Thread Starter
Joined
Jul 14, 2007
Messages
6
Here's the panda scan log:

Incident Status Location

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\!KillBox\winantiviruspro2006freeinstall[1].exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[systemdoctor.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[server.iad.liveperson.net/hc/54509612]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Natlad\Application Data\Mozilla\Firefox\Profiles\0wcedt84.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Natlad\Cookies\[email protected][1].txt
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Virus:Trj/Downloader.NUS Disinfected C:\QooBox\Quarantine\C\d.exe.vir
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\Program Files\WNSXS~1\chkntfs.exe~.vir
Adware:Adware/DriveCleaner Not disinfected C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir
Adware:Adware/Antivirus-gold Not disinfected C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
Adware:Adware/DriveCleaner Not disinfected C:\QooBox\Quarantine\C\WINDOWS\smgr.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\achevjec.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\awtttus.dll.vir
Virus:Trj/Downloader.PJT Disinfected
 

farlad

Thread Starter
Joined
Jul 14, 2007
Messages
6
C:\QooBox\Quarantine\C\WINDOWS\system32\bkyenbpw.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\byxwtsp.dll.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cpbprcxm.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ctwgehjk.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\driuovpv.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dtoptkwm.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\duchrocn.exe.vir
Virus:Trj/ConHook.CY Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\efccbbx.dll.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\enheauld.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\faeoetqj.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gdombbrs.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gkgvjriv.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hecodosi.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hujocmnv.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ifellocb.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\irmeyoug.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iyojuysw.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jfecmujl.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jhevaruq.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jiwqypui.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jwqycuxf.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jwtuaejg.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jxoehjmi.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kauhlhwk.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kbdpptke.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kmgnasfs.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lbghelct.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lhktaqiy.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mddlqmpx.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mmfrwfdx.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mqwvjdxi.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mtxedxjl.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\niuderer.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\okaptolh.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oywcdxdh.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pwifppdb.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qlqoydop.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rebvpiwm.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rjtlpqcv.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rokcrmkv.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rpmrnvwe.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\srfopcst.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpn.dll.vir
Adware:Adware/UltimateCleaner Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\syswin.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tcbiffoj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tifxaifi.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ugvnxdpe.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\usevuabr.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vcfsjkrc.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vuggaswt.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vvllrmxv.exe.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\winmqx32.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wqpymate.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wqufxapv.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wvuutqo.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xkotopai.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xxelrqfh.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xygahdgo.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yoxovwyv.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\drvxed.dll
 

farlad

Thread Starter
Joined
Jul 14, 2007
Messages
6
Here's the Hijack this:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:14:58 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Natlad\My Documents\Downloads\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Natlad\My Documents\Downloads\utorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8354 bytes
 
Joined
Sep 8, 2005
Messages
9,113
Please DELETE the following folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Folders:

C:\Killbox <-- this folder
C:\QooBox <-- this folder
C:\ComboFix <-- this folder


Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Files:

C:\WINDOWS\system32\drvxed.dll <-- this file
C:\ComboFix.txt <-- this file
C:\combofix-quarantine-files.txt <-- this file


You can delete ComboFix.exe from your Desktop.

How is everything running???
 
Joined
Sep 8, 2005
Messages
9,113
Good!!!! (y)

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. If you don't have a Firewall installed, please choose from the following:
  3. If you don't have a Anti-Virus installed, please download the following free program:
  4. Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  5. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown

    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  6. Anti-Spyware Programs I Recommend:
  7. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top