Trojan Horse and Adware.Purityscan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

priceofreality

Thread Starter
Joined
Jul 1, 2007
Messages
7
Last night I downloaded a file - i scanned it with Norton, as I suspected it to be a virus, Norton detected nothing, so I (stupidly) opened the file.

Within seconds Norton detects a Trojan Horse (C:\DOCUME~1\MARKFE~1\LOCALS~1\Temp\mst244.tmp
), and then moments later detects Adware.Purityscan in quite a few files. Whilst browsing the net (using firefox) I didn't get any unwanted pop-ups. BUT my computer had slowed way way down - CPU usage was at 100% (with only firefox loaded).

Having found this site, I downloaded HijackThis - no problems. But I found it difficult to install it - the setup screen just spontaneously disappeared on many occassions. So, instead I did a VundoFix (v6.5.4) scan 3 infected files were found (which I can't remember the names of!). I also did a Norton scan - Adware.Purityscan showed it's ugly face:

=============Norton Log=============
Source: Manual Scanner
Risk category: Adware
Overall Risk Impact: Medium
Performance: Low
Privacy: Low
Removal: High
Stealth: Medium
Click for more information about this risk : Adware.Purityscan
Action taken: Detected
Description: Possibly affected areas:
6 Files:
C:\Documents and Settings\Mark Fernando\Local Settings\Temp\!update.exe
C:\Documents and Settings\Mark Fernando\Local Settings\Temp\NDr9730.tmp.html
C:\Program Files\Common Files\Yazzle1119OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1264OinUninstaller.exe
C:\Documents and Settings\Mark Fernando\Start Menu\Programs\Games\Cowabanga.lnk
C:\Documents and Settings\Mark Fernando\Start Menu\Programs\Games\Snowball Wars.lnk

1 Processes:
C:\Program Files\Internet Explorer\IEXPLORE.EXE

123 Registry keys:
HKEY_USERS\S-1-5-19\Software\PurityScan
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\PurityScan
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\PurityScan
HKEY_USERS\S-1-5-20\Software\PurityScan
HKEY_USERS\.DEFAULT\Software\PurityScan
HKEY_USERS\S-1-5-19\Software\Aeta
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Aeta
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Aeta
HKEY_USERS\S-1-5-20\Software\Aeta
HKEY_USERS\.DEFAULT\Software\Aeta
HKEY_USERS\S-1-5-19\Software\Aesa
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Aesa
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Aesa
HKEY_USERS\S-1-5-20\Software\Aesa
HKEY_USERS\.DEFAULT\Software\Aesa
HKEY_USERS\S-1-5-19\Software\Huus
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Huus
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Huus
HKEY_USERS\S-1-5-20\Software\Huus
HKEY_USERS\.DEFAULT\Software\Huus
HKEY_USERS\S-1-5-19\Software\Oueo
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Oueo
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Oueo
HKEY_USERS\S-1-5-20\Software\Oueo
HKEY_USERS\.DEFAULT\Software\Oueo
HKEY_USERS\S-1-5-19\Software\Oaco
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Oaco
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Oaco
HKEY_USERS\S-1-5-20\Software\Oaco
HKEY_USERS\.DEFAULT\Software\Oaco
HKEY_USERS\S-1-5-19\Software\rsat
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\rsat
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\rsat
HKEY_USERS\S-1-5-20\Software\rsat
HKEY_USERS\.DEFAULT\Software\rsat
HKEY_USERS\S-1-5-19\Software\Uott
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Uott
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Uott
HKEY_USERS\S-1-5-20\Software\Uott
HKEY_USERS\.DEFAULT\Software\Uott
HKEY_USERS\S-1-5-19\Software\CWii
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\CWii
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\CWii
HKEY_USERS\S-1-5-20\Software\CWii
HKEY_USERS\.DEFAULT\Software\CWii
HKEY_USERS\S-1-5-19\Software\Toos
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Toos
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Toos
HKEY_USERS\S-1-5-20\Software\Toos
HKEY_USERS\.DEFAULT\Software\Toos
HKEY_USERS\S-1-5-19\Software\Utao
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Utao
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Utao
HKEY_USERS\S-1-5-20\Software\Utao
HKEY_USERS\.DEFAULT\Software\Utao
HKEY_USERS\S-1-5-19\Software\Uupo
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Uupo
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Uupo
HKEY_USERS\S-1-5-20\Software\Uupo
HKEY_USERS\.DEFAULT\Software\Uupo
HKEY_USERS\S-1-5-19\Software\Nrma
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Nrma
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Nrma
HKEY_USERS\S-1-5-20\Software\Nrma
HKEY_USERS\.DEFAULT\Software\Nrma
HKEY_USERS\S-1-5-19\Software\Tcdw
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Tcdw
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Tcdw
HKEY_USERS\S-1-5-20\Software\Tcdw
HKEY_USERS\.DEFAULT\Software\Tcdw
HKEY_LOCAL_MACHINE\SOFTWARE\Eata
HKEY_LOCAL_MACHINE\SOFTWARE\Opus
HKEY_LOCAL_MACHINE\SOFTWARE\Wpow
HKEY_LOCAL_MACHINE\SOFTWARE\Bsbh
HKEY_LOCAL_MACHINE\SOFTWARE\Thco
HKEY_USERS\S-1-5-19\SOFTWARE\Eudo
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\SOFTWARE\Eudo
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\SOFTWARE\Eudo
HKEY_USERS\S-1-5-20\SOFTWARE\Eudo
HKEY_USERS\.DEFAULT\SOFTWARE\Eudo
HKEY_LOCAL_MACHINE\SOFTWARE\Yazzle Snowball Wars
HKEY_LOCAL_MACHINE\SOFTWARE\Yazzle Sudoku
HKEY_LOCAL_MACHINE\SOFTWARE\Cowabanga
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PuritySCAN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OIN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1119Oin
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Y1123oin
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle Snowball Wars
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\Eech
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Windows\CurrentVersion\Run\Eech
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Windows\CurrentVersion\Run\Eech
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\Eech
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Eech
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Etbe
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Ueeu
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_CLASSES_ROOT\CLSID\{FC6EE9E8-5B2A-2CD9-2C56-7FC2CD0347B5}
HKEY_LOCAL_MACHINE\SOFTWARE\ClickSpring
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YazzleSudokuGame
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKEY_USERS\S-1-5-21-1676538831-1269137282-3752341553-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKEY_LOCAL_MACHINE\SOFTWARE\Snowball Wars
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars
HKEY_CLASSES_ROOT\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
HKEY_CLASSES_ROOT\CLSID\{8B7CD17E-428B-4EE7-BBCD-21875FA05D7F}
HKEY_CLASSES_ROOT\Interface\{665AC8E7-8B9B-40D9-A24D-C134052B6168}
HKEY_CLASSES_ROOT\Interface\{907977FB-8835-483F-9979-AE3101DD3D17}
HKEY_CLASSES_ROOT\TypeLib\{95C2547B-0785-4278-9AEA-CE65D78D853D}
HKEY_CLASSES_ROOT\YAZZLEACTIVEX.YazzleActiveXCtrl.1

1 Additional areas:
Unknown
============================================
I think I managed to get rid of the threat using norton - CPU levels seem to be normal - however the Hijackthis problem is still there.

I have just installed Hijackthis (even though the same problem as described above is still manifestating.) Anyway, here's the log:

============Hijackthis Log=======================
Logfile of HijackThis v1.99.1
Scan saved at 09:54:27, on 01/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\avp.exe
C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\mgrs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meded-fd1.lwms.le.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FA3FD39-5E42-4B26-A139-E756ACC4C02B} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {930D35D2-094D-41B9-8E89-D1B76F2C6E97} - C:\WINDOWS\system32\cbxyyay.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [dyfmvipo.exe] C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/home.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

======================================
 

priceofreality

Thread Starter
Joined
Jul 1, 2007
Messages
7
Here's the VundoFix log...........

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 00:48:17 01/07/2007

Listing files found while scanning....

C:\windows\system32\cbxyyay.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ssqpp.dll

Beginning removal...

Attempting to delete C:\windows\system32\cbxyyay.dll
C:\windows\system32\cbxyyay.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\cbxyyay.dll
C:\windows\system32\cbxyyay.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top