Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Ie Windows Popping Up


  • This topic is locked This topic is locked
4 replies to this topic

#1 Running Wolf

Running Wolf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 16 July 2006 - 08:37 PM

OK I went to try to find a song for a friend of mine and the grandkid clicked yes before I came back from taking a pee... it virused up my system good.... also gave me the surf side kick 3 POS.

I have a bunch of the registry entries deleted but I still have random windows popping up and am also worried about my security now... Figures, every time I try to help someone out I get boned for it *lol*.

Anyway following is my hijackthis log... Could someone please help me out?


Logfile of HijackThis v1.99.1
Scan saved at 21:29:38, on 7/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beenet.net/runningwolf/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\ppfnr.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,bklrdcb.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINNT\cfg32s.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0629edab9d5221...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123756001500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124979844746
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINNT\system32\lvps0977e.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\UnVubmluZyBXb2xm\command.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:26 PM

Posted 17 July 2006 - 02:38 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Running Wolf

Running Wolf
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 17 July 2006 - 07:37 AM

Both theprogs seemeed to have done something... Shows me about RTFM re-ran the first prog you said (and made sure to save the log the second time).

after rebooting from the combo fix I had a NAV pop up warning about 2 mal. scripts running. I allowed them a run once option... was not sure if it was a real mal. script or was just combo fix working (you know how some times a fire wall or av will think an injection or other cleaner program is being evil).

Thanks for your help so far...

BFU
BFU v1.00.9
Windows 2000 SP4 (WinNT 5.00.2195 SP4)
Script started at 08:18:50, on 7/17/2006

Failed: DllUnregister C:\WINNT\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2p networking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF50FA.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFBED5.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFC9C0.tmp (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PQRS56V (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TUV8LMN (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6W1X7VNJ (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CZY14H4Y (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QZ6N2HIZ (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZPF7UGXK (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINNT\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINNT\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINNT\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.



Combo FIx
Start Time= Mon 07/17/2006 8:21:12.22
Running from: C:\Documents and Settings\Administrator\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

8:24:03.46

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *




* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-24 18:43:56 536,576 "C:\WINNT\system32\DivXsm.exe"
2006-05-31 13:16:36 16,384 "C:\WINNT\system32\ustart.exe"
2006-05-23 23:36:24 16,896 "C:\WINNT\system32\ccapp.exe"
2006-05-19 05:18:24 136,976 "C:\WINNT\system32\dnsapi.dll"
2006-05-24 18:46:44 90,112 "C:\WINNT\system32\dpl100.dll"
2006-05-24 18:46:44 344,064 "C:\WINNT\system32\dpus11.dll"
2006-05-24 18:46:44 200,704 "C:\WINNT\system32\dtu100.dll"
2006-04-23 04:01:02 52,496 "C:\WINNT\system32\mtxclu.dll"
2006-04-23 04:01:02 123,152 "C:\WINNT\system32\mtxoci.dll"
2006-05-24 18:48:04 339,968 "C:\WINNT\system32\pxwave.dll"
2006-05-03 02:57:40 6,401,024 "C:\WINNT\system32\sp3res.dll"
2006-05-24 18:43:44 1,044,480 "C:\WINNT\system32\libdivx.dll"
2006-04-23 04:01:02 1,202,448 "C:\WINNT\system32\msdtctm.dll"
2006-04-23 04:01:02 153,872 "C:\WINNT\system32\msdtcui.dll"
2006-06-21 08:17:18 161,040 "C:\WINNT\system32\rasmans.dll"
2006-05-24 18:43:44 200,704 "C:\WINNT\system32\ssldivx.dll"
2006-05-24 18:48:04 28,672 "C:\WINNT\system32\vxblock.dll"
2006-04-23 04:01:02 19,216 "C:\WINNT\system32\xolehlp.dll"
2006-05-24 18:46:44 294,912 "C:\WINNT\system32\dpu10.dll"
2006-05-24 18:46:44 294,912 "C:\WINNT\system32\dpu11.dll"
2006-05-24 18:46:44 57,344 "C:\WINNT\system32\dpv11.dll"
2006-05-24 18:48:04 421,888 "C:\WINNT\system32\pxdrv.dll"
2006-05-24 18:48:04 172,032 "C:\WINNT\system32\pxmas.dll"
2006-04-21 00:07:30 13,536 "C:\WINNT\system32\spmsg.dll"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *




DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-24 18:43:56 536,576 "C:\WINNT\system32\DivXsm.exe"
2006-05-31 13:16:36 16,384 "C:\WINNT\system32\ustart.exe"
2006-05-23 23:36:24 16,896 "C:\WINNT\system32\ccapp.exe"
2006-05-24 18:43:44 1,044,480 "C:\WINNT\system32\libdivx.dll"
2006-04-23 04:01:02 1,202,448 "C:\WINNT\system32\msdtctm.dll"
2006-04-23 04:01:02 153,872 "C:\WINNT\system32\msdtcui.dll"
2006-06-21 08:17:18 161,040 "C:\WINNT\system32\rasmans.dll"
2006-05-24 18:43:44 200,704 "C:\WINNT\system32\ssldivx.dll"
2006-05-24 18:48:04 28,672 "C:\WINNT\system32\vxblock.dll"
2006-04-23 04:01:02 19,216 "C:\WINNT\system32\xolehlp.dll"
2006-05-19 05:18:24 136,976 "C:\WINNT\system32\dnsapi.dll"
2006-05-24 18:46:44 90,112 "C:\WINNT\system32\dpl100.dll"
2006-05-24 18:46:44 344,064 "C:\WINNT\system32\dpus11.dll"
2006-05-24 18:46:44 200,704 "C:\WINNT\system32\dtu100.dll"
2006-04-23 04:01:02 52,496 "C:\WINNT\system32\mtxclu.dll"
2006-04-23 04:01:02 123,152 "C:\WINNT\system32\mtxoci.dll"
2006-05-24 18:48:04 339,968 "C:\WINNT\system32\pxwave.dll"
2006-05-03 02:57:40 6,401,024 "C:\WINNT\system32\sp3res.dll"
2006-05-24 18:46:44 294,912 "C:\WINNT\system32\dpu10.dll"
2006-05-24 18:46:44 294,912 "C:\WINNT\system32\dpu11.dll"
2006-05-24 18:46:44 57,344 "C:\WINNT\system32\dpv11.dll"
2006-05-24 18:48:04 421,888 "C:\WINNT\system32\pxdrv.dll"
2006-05-24 18:48:04 172,032 "C:\WINNT\system32\pxmas.dll"
2006-04-21 00:07:30 13,536 "C:\WINNT\system32\spmsg.dll"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Default User\Application Data\NetMon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-16 22:55:24 ( .D... ) "C:\Program Files\iTunes"
2006-07-16 22:26:04 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-16 21:06:18 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-16 19:56:34 78336 ( A.... ) "C:\WINNT\wnu_166.exe"
2006-07-16 17:47:46 ( .D... ) "C:\Program Files\Security Stronghold"
2006-07-16 17:20:44 ( AD... ) "C:\Program Files\ICQ"
2006-07-16 17:20:24 102400 ( A.... ) "C:\WINNT\cfg32r.dll"
2006-07-16 17:20:14 110592 ( A.... ) "C:\WINNT\cfg32o.dll"
2006-07-16 17:20:04 45056 ( A.... ) "C:\WINNT\cfg32s.dll"
2006-07-16 17:19:52 397312 ( A.... ) "C:\WINNT\cfg32p.dll"
2006-07-11 12:26:30 356352 ( A.... ) "C:\WINNT\eSellerateEngine.dll"
2006-07-11 12:25:56 ( .D... ) "C:\Program Files\Deskshare"
2006-07-06 11:57:22 ( .D... ) "C:\Program Files\ProFantasy Software Ltd"
2006-07-06 11:41:18 19728 ( A.... ) "C:\WINNT\system32\pgdfgsvc.exe"
2006-07-02 20:12:02 ( .D... ) "C:\Program Files\RPA706"
2006-07-02 15:47:54 ( .D... ) "C:\Program Files\TableSmith"
2006-06-26 12:14:58 ( .D... ) "C:\Program Files\Common Files\VFP"
2006-06-26 12:14:04 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2006-06-26 11:51:40 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-06-23 19:43:12 ( .D... ) "C:\Program Files\WinRAR"
2006-06-21 09:49:24 ( .D... ) "C:\Program Files\GameSpy Arcade"
2006-06-17 16:14:20 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Microsoft Games"
2006-06-11 11:06:56 ( .D... ) "C:\Program Files\Winamp"
2006-06-07 21:59:08 ( .D... ) "C:\Program Files\SecondLife"
2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-06-07 09:27:14 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Opera"
2006-06-06 13:04:04 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2006-06-01 01:15:12 ( .D... ) "C:\Program Files\DivX"
2006-05-31 15:50:36 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mozilla"
2006-05-31 13:16:36 16384 ( A.... ) "C:\WINNT\system32\ustart.exe"
2006-05-26 07:53:22 ( .D... ) "C:\Program Files\Curious Labs"
2006-05-24 18:48:04 109568 ( ..... ) "C:\WINNT\system32\pxinsi64.exe"
2006-05-24 18:48:04 108544 ( ..... ) "C:\WINNT\system32\pxcpyi64.exe"
2006-05-24 18:47:12 3596288 ( A.... ) "C:\WINNT\system32\qt-dx331.dll"
2006-05-24 18:46:52 53248 ( A.... ) "C:\WINNT\system32\dpuGUI10.dll"
2006-05-24 18:46:44 593920 ( A.... ) "C:\WINNT\system32\dpuGUI11.dll"
2006-05-24 18:46:44 344064 ( A.... ) "C:\WINNT\system32\dpus11.dll"
2006-05-24 18:46:44 294912 ( A.... ) "C:\WINNT\system32\dpu11.dll"
2006-05-24 18:46:44 294912 ( A.... ) "C:\WINNT\system32\dpu10.dll"
2006-05-24 18:46:44 200704 ( A.... ) "C:\WINNT\system32\dtu100.dll"
2006-05-24 18:46:44 90112 ( A.... ) "C:\WINNT\system32\dpl100.dll"
2006-05-24 18:46:44 57344 ( A.... ) "C:\WINNT\system32\dpv11.dll"
2006-05-24 18:43:56 536576 ( A.... ) "C:\WINNT\system32\DivXsm.exe"
2006-05-24 18:43:44 1044480 ( A.... ) "C:\WINNT\system32\libdivx.dll"
2006-05-24 18:43:44 200704 ( A.... ) "C:\WINNT\system32\ssldivx.dll"
2006-05-24 18:42:26 778240 ( A.... ) "C:\WINNT\system32\divx_xx0c.dll"
2006-05-24 18:42:26 778240 ( A.... ) "C:\WINNT\system32\divx_xx07.dll"
2006-05-24 18:42:26 761856 ( A.... ) "C:\WINNT\system32\divx_xx11.dll"
2006-05-24 18:42:26 619156 ( A.... ) "C:\WINNT\system32\DivX.dll"
2006-05-23 23:36:24 16896 ( A.... ) "C:\WINNT\system32\ccapp.exe"
2006-05-23 16:48:56 ( .D... ) "C:\Program Files\Encounter2000"
2006-05-21 17:31:42 ( .D... ) "C:\Program Files\Symantec"
2006-05-21 17:29:26 ( .D... ) "C:\Program Files\Norton SystemWorks"
2006-05-21 16:59:12 ( .D... ) "C:\Program Files\Norton Personal Firewall"
2006-05-21 15:42:18 51 ( A.... ) "C:\WINNT\WFXDEL.BAT"
2006-05-21 14:18:08 ( .D... ) "C:\Program Files\Common Files\Symantec Shared"
2006-05-21 14:16:02 ( .D... ) "C:\Program Files\SymNetDrv"
2006-05-21 13:20:56 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Symantec"
2006-05-21 12:51:50 ( .D... ) "C:\Program Files\SETI@home"
2006-05-21 12:44:08 ( .D... ) "C:\Program Files\Ahead"
2006-05-19 05:18:24 136976 ( A.... ) "C:\WINNT\system32\dnsapi.dll"
2006-05-19 05:18:24 89872 ( A.... ) "C:\WINNT\system32\DHCPCSVC.DLL"
2006-05-19 05:18:24 68368 ( A.... ) "C:\WINNT\system32\IPHLPAPI.DLL"
2006-05-03 02:57:40 6401024 ( A.... ) "C:\WINNT\system32\sp3res.dll"
2006-04-23 04:01:02 1202448 ( A.... ) "C:\WINNT\system32\msdtctm.dll"
2006-04-23 04:01:02 726800 ( A.... ) "C:\WINNT\system32\msdtcprx.dll"
2006-04-23 04:01:02 153872 ( A.... ) "C:\WINNT\system32\msdtcui.dll"
2006-04-23 04:01:02 123152 ( A.... ) "C:\WINNT\system32\mtxoci.dll"
2006-04-23 04:01:02 96016 ( A.... ) "C:\WINNT\system32\msdtclog.dll"
2006-04-23 04:01:02 52496 ( A.... ) "C:\WINNT\system32\mtxclu.dll"
2006-04-23 04:01:02 19216 ( A.... ) "C:\WINNT\system32\xolehlp.dll"
2006-04-20 11:43:56 249856 ( ..... ) "C:\WINNT\Setup1.exe"
2006-04-20 11:43:54 73216 ( A.... ) "C:\WINNT\ST6UNST.EXE"
2006-04-18 20:04:54 118784 ( A.... ) "C:\WINNT\system32\DivXCodecUpdateChecker.exe"
2006-04-18 20:04:54 12288 ( A.... ) "C:\WINNT\system32\DivXWMPExtType.dll"
2005-04-02 01:03:08 438 ( A.... ) "C:\Program Files\INSTALL.LOG"
2005-04-01 19:51:34 21952 ( ...H. ) "C:\Program Files\folder.htt"
2005-04-01 19:51:34 271 ( ...H. ) "C:\Program Files\desktop.ini"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-16 19:56 78,336 C:\WINNT\wnu_166.exe
2006-07-16 17:20 45,056 C:\WINNT\cfg32s.dll
2006-07-16 17:20 110,592 C:\WINNT\cfg32o.dll
2006-07-16 17:20 102,400 C:\WINNT\cfg32r.dll
2006-07-16 17:19 397,312 C:\WINNT\cfg32p.dll
2006-07-11 12:26 356,352 C:\WINNT\eSellerateEngine.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"NAV Agent"="C:\\PROGRA~1\\NORTON~3\\NORTON~1\\navapw32.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"QD FastAndSafe"="C:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\QDCSFS.exe /startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"ntdll.dll"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\Symtrdr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flags"=dword:00000008
"Title"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000020

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
C:\WINNT\tasks\Symantec NetDetect.job

Completion time: Mon 07/17/2006 8:28:30.53
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:26 PM

Posted 17 July 2006 - 07:39 AM

Hello,

Can you also post a new hijackthislog please?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:26 PM

Posted 23 July 2006 - 05:49 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users