Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Issues


  • This topic is locked This topic is locked
3 replies to this topic

#1 kevlar061481

kevlar061481

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 02 October 2007 - 09:54 AM

good morning bleepingcomputer

let me start by thanking you for your help
i can usually fix issues i have with the computer but this 1 is getting a little tricky for me
i have an issue with a pop up that is very dertimined to download winantivirus, and redirects you to its site.
also IE is slow, it can have several IE running in processes but nothing will be up on the desktop
also i found a file called ssqpm.dll that is running as a IE add-on, which i disabled with add-on manager.
SD and Adware dont seem to find anything and i cant seem to find anything super unusual with hijack log
panda scan did find a few things which i know are issues but i thought i would leave it to you guys to help out
so i will post pandas log and a hijack log
thanks
kevin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:25 AM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesCommon FilesSymantec SharedccProxy.exe
c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
c:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesHPHP Software UpdateHPwuSchd2.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSALCXMNTR.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
c:windowssystemhpsysdrv.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsTechsDesktopfileHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.fmcdealer.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [URLLSTCK.exe] c:Program FilesNorton Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [SSC_UserPrompt] c:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [PCDrProfiler] "C:Program FilesPC-Doctor 5 for WindowsRunProfiler.exe" -r
O4 - HKLM..Run: [IS CfgWiz] c:Program FilesNorton Internet Securitycfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM..Run: [IcoSet] c:hpbincloaker.exe c:hpbinIcoSetadjust.bat seticon
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPwuSchd2.exe
O4 - HKLM..Run: [ccApp] "c:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE"
O4 - HKCU..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User 'Default user')
O4 - Global Startup: PFMAuto.Exe.lnk = C:Program FilesFord Motor CompanyPFMFordPDSUtilspfmauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - http://www.nsapp.fordtechservice.dealercon...er-50/setup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C7DC40E0-6601-4530-9AFB-68506CAE2628} (InstallShield Setup Player 2K2) - http://qa.nsapp.fordtechservice.dealerconn...IDS44/setup.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:Program FilesNorton Internet SecurityISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

--
End of file - 7985 bytes

Attached Files


Edited by Animal, 06 October 2007 - 04:57 PM.


BC AdBot (Login to Remove)

 


#2 kevlar061481

kevlar061481
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 02 October 2007 - 10:11 AM

Incident Status Location

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Techs\Cookies\techs@drivecleaner[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Techs\Cookies\techs@enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Techs\Cookies\techs@goclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Techs\Cookies\techs@mediaplex[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Techs\Cookies\techs@stats1.reliablestats[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Techs\Cookies\techs@systemdoctor[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Techs\Cookies\techs@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Techs\Cookies\techs@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Techs\Cookies\techs@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Techs\Cookies\techs@winantivirus[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Techs\Cookies\techs@www.winantiviruspro[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Techs\Desktop\file\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Techs\Desktop\file\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Techs\Desktop\file\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hulaemwi.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jbqawreo.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mvmdhkkr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqqqro.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\urqpmll.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xjywrpwb.dll.bad
Virus:W32/Gaobot.OXI.worm Disinfected C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\gtsfruwq.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\stwtskqi.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\xwtudjec.exe

#3 kevlar061481

kevlar061481
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 02 October 2007 - 12:57 PM

well inmy searches on this site i found a post with the same winantivirus pop up
they said to download combofix
so i tried that and now everything is back to normal
so thanks agian
kevin

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 09 October 2007 - 08:19 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users