1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Horse and Adware.Purityscan

Discussion in 'Virus & Other Malware Removal' started by priceofreality, Jul 1, 2007.

Thread Status:
Not open for further replies.
  1. priceofreality

    priceofreality Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    7
    Last night I downloaded a file - i scanned it with Norton, as I suspected it to be a virus, Norton detected nothing, so I (stupidly) opened the file.

    Within seconds Norton detects a Trojan Horse (C:\DOCUME~1\MARKFE~1\LOCALS~1\Temp\mst244.tmp
    ), and then moments later detects Adware.Purityscan in quite a few files. Whilst browsing the net (using firefox) I didn't get any unwanted pop-ups. BUT my computer had slowed way way down - CPU usage was at 100% (with only firefox loaded).

    Having found this site, I downloaded HijackThis - no problems. But I found it difficult to install it - the setup screen just spontaneously disappeared on many occassions. So, instead I did a VundoFix (v6.5.4) scan 3 infected files were found (which I can't remember the names of!). I also did a Norton scan - Adware.Purityscan showed it's ugly face:

    =============Norton Log=============
    Source: Manual Scanner
    Risk category: Adware
    Overall Risk Impact: Medium
    Performance: Low
    Privacy: Low
    Removal: High
    Stealth: Medium
    Click for more information about this risk : Adware.Purityscan
    Action taken: Detected
    Description: Possibly affected areas:
    6 Files:
    C:\Documents and Settings\Mark Fernando\Local Settings\Temp\!update.exe
    C:\Documents and Settings\Mark Fernando\Local Settings\Temp\NDr9730.tmp.html
    C:\Program Files\Common Files\Yazzle1119OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1264OinUninstaller.exe
    C:\Documents and Settings\Mark Fernando\Start Menu\Programs\Games\Cowabanga.lnk
    C:\Documents and Settings\Mark Fernando\Start Menu\Programs\Games\Snowball Wars.lnk

    1 Processes:
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    123 Registry keys:
    HKEY_USERS\S-1-5-19\Software\PurityScan
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\PurityScan
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\PurityScan
    HKEY_USERS\S-1-5-20\Software\PurityScan
    HKEY_USERS\.DEFAULT\Software\PurityScan
    HKEY_USERS\S-1-5-19\Software\Aeta
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Aeta
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Aeta
    HKEY_USERS\S-1-5-20\Software\Aeta
    HKEY_USERS\.DEFAULT\Software\Aeta
    HKEY_USERS\S-1-5-19\Software\Aesa
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Aesa
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Aesa
    HKEY_USERS\S-1-5-20\Software\Aesa
    HKEY_USERS\.DEFAULT\Software\Aesa
    HKEY_USERS\S-1-5-19\Software\Huus
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Huus
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Huus
    HKEY_USERS\S-1-5-20\Software\Huus
    HKEY_USERS\.DEFAULT\Software\Huus
    HKEY_USERS\S-1-5-19\Software\Oueo
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Oueo
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Oueo
    HKEY_USERS\S-1-5-20\Software\Oueo
    HKEY_USERS\.DEFAULT\Software\Oueo
    HKEY_USERS\S-1-5-19\Software\Oaco
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Oaco
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Oaco
    HKEY_USERS\S-1-5-20\Software\Oaco
    HKEY_USERS\.DEFAULT\Software\Oaco
    HKEY_USERS\S-1-5-19\Software\rsat
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\rsat
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\rsat
    HKEY_USERS\S-1-5-20\Software\rsat
    HKEY_USERS\.DEFAULT\Software\rsat
    HKEY_USERS\S-1-5-19\Software\Uott
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Uott
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Uott
    HKEY_USERS\S-1-5-20\Software\Uott
    HKEY_USERS\.DEFAULT\Software\Uott
    HKEY_USERS\S-1-5-19\Software\CWii
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\CWii
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\CWii
    HKEY_USERS\S-1-5-20\Software\CWii
    HKEY_USERS\.DEFAULT\Software\CWii
    HKEY_USERS\S-1-5-19\Software\Toos
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Toos
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Toos
    HKEY_USERS\S-1-5-20\Software\Toos
    HKEY_USERS\.DEFAULT\Software\Toos
    HKEY_USERS\S-1-5-19\Software\Utao
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Utao
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Utao
    HKEY_USERS\S-1-5-20\Software\Utao
    HKEY_USERS\.DEFAULT\Software\Utao
    HKEY_USERS\S-1-5-19\Software\Uupo
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Uupo
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Uupo
    HKEY_USERS\S-1-5-20\Software\Uupo
    HKEY_USERS\.DEFAULT\Software\Uupo
    HKEY_USERS\S-1-5-19\Software\Nrma
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Nrma
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Nrma
    HKEY_USERS\S-1-5-20\Software\Nrma
    HKEY_USERS\.DEFAULT\Software\Nrma
    HKEY_USERS\S-1-5-19\Software\Tcdw
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Tcdw
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Tcdw
    HKEY_USERS\S-1-5-20\Software\Tcdw
    HKEY_USERS\.DEFAULT\Software\Tcdw
    HKEY_LOCAL_MACHINE\SOFTWARE\Eata
    HKEY_LOCAL_MACHINE\SOFTWARE\Opus
    HKEY_LOCAL_MACHINE\SOFTWARE\Wpow
    HKEY_LOCAL_MACHINE\SOFTWARE\Bsbh
    HKEY_LOCAL_MACHINE\SOFTWARE\Thco
    HKEY_USERS\S-1-5-19\SOFTWARE\Eudo
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\SOFTWARE\Eudo
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\SOFTWARE\Eudo
    HKEY_USERS\S-1-5-20\SOFTWARE\Eudo
    HKEY_USERS\.DEFAULT\SOFTWARE\Eudo
    HKEY_LOCAL_MACHINE\SOFTWARE\Yazzle Snowball Wars
    HKEY_LOCAL_MACHINE\SOFTWARE\Yazzle Sudoku
    HKEY_LOCAL_MACHINE\SOFTWARE\Cowabanga
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PuritySCAN
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OIN
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1119Oin
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Y1123oin
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle Snowball Wars
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\Eech
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Windows\CurrentVersion\Run\Eech
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Windows\CurrentVersion\Run\Eech
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\Eech
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Eech
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
    HKEY_CLASSES_ROOT\CLSID\{FC6EE9E8-5B2A-2CD9-2C56-7FC2CD0347B5}
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickSpring
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdu
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YazzleSudokuGame
    HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKEY_LOCAL_MACHINE\SOFTWARE\Snowball Wars
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars
    HKEY_CLASSES_ROOT\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
    HKEY_CLASSES_ROOT\CLSID\{8B7CD17E-428B-4EE7-BBCD-21875FA05D7F}
    HKEY_CLASSES_ROOT\Interface\{665AC8E7-8B9B-40D9-A24D-C134052B6168}
    HKEY_CLASSES_ROOT\Interface\{907977FB-8835-483F-9979-AE3101DD3D17}
    HKEY_CLASSES_ROOT\TypeLib\{95C2547B-0785-4278-9AEA-CE65D78D853D}
    HKEY_CLASSES_ROOT\YAZZLEACTIVEX.YazzleActiveXCtrl.1

    1 Additional areas:
    Unknown
    ============================================
    I think I managed to get rid of the threat using norton - CPU levels seem to be normal - however the Hijackthis problem is still there.

    I have just installed Hijackthis (even though the same problem as described above is still manifestating.) Anyway, here's the log:

    ============Hijackthis Log=======================
    Logfile of HijackThis v1.99.1
    Scan saved at 09:54:27, on 01/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\avp.exe
    C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\mgrs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meded-fd1.lwms.le.ac.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/home.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0FA3FD39-5E42-4B26-A139-E756ACC4C02B} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {930D35D2-094D-41B9-8E89-D1B76F2C6E97} - C:\WINDOWS\system32\cbxyyay.dll (file missing)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [dyfmvipo.exe] C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/home.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    ======================================
     
  2. priceofreality

    priceofreality Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    7
    Here's the VundoFix log...........

    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 00:48:17 01/07/2007

    Listing files found while scanning....

    C:\windows\system32\cbxyyay.dll
    C:\WINDOWS\system32\ppqss.ini
    C:\WINDOWS\system32\ssqpp.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\cbxyyay.dll
    C:\windows\system32\cbxyyay.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ppqss.ini
    C:\WINDOWS\system32\ppqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\ssqpp.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\windows\system32\cbxyyay.dll
    C:\windows\system32\cbxyyay.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ppqss.ini
    C:\WINDOWS\system32\ppqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\ssqpp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  3. priceofreality

    priceofreality Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    7
    can someone please help? am i clean or not? Thanks! :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590491

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice