Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Problems


  • Please log in to reply
3 replies to this topic

#1 daveman32787

daveman32787

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 15 August 2006 - 09:08 PM

I have surf sidekick 3 and ive tried removing it with directions from this site but it keeps reappearing on the list.

Logfile of HijackThis v1.99.1
Scan saved at 9:05:15 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\dfndrff_8.exe
C:\kybrdff_8.exe
C:\WINDOWS\thiselt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\l3jdfs.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\sys101883281889.exe
C:\WINDOWS\system32\vp1i4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RACLE~1\javaw.exe
C:\DOCUME~1\COMPAQ~1\MYDOCU~1\RACLE~1\TI2EVX~1.EXE
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hcpxq.exe
F2 - REG:system.ini: UserInit=userinit.exe,rxvcbdn.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINDOWS\system32\vf1v62x.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [sys101883281889] C:\WINDOWS\sys101883281889.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\RACLE~1\javaw.exe" -vt yazr
O4 - HKCU\..\Run: [Fdmvn] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\RACLE~1\TI2EVX~1.EXE
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINDOWS\system32\vf1v62x.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

There you go.

BC AdBot (Login to Remove)

 


#2 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:06:42 PM

Posted 16 August 2006 - 12:20 AM

Hello. Please do the following:

1. Download this file - combofix
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#3 daveman32787

daveman32787
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 22 August 2006 - 09:53 AM

ok heres what it gave me


Compaq_Owner - 06-08-22 9:42:37.96
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Compaq_Owner\My Documents

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKEY_CURRENT_USER\...\Run C:\WINDOWS\system32\qsytqx.exe
O4 - HKEY_LOCAL_MACHINE\...\Run C:\WINDOWS\system32\qsytqx.exe
F2 -REG:system.ini: Shell C:\WINDOWS\system32\hcpxq.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\rxvcbdn.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-22 09:42 303 --a------ C:\WINDOWS\pnfbi.dll
2006-08-19 23:59 2 --a------ C:\WINDOWS\system32\wcpsu.exe
2006-08-11 15:43 28672 --a------ C:\WINDOWS\system32\whcixm7.exe
2006-08-06 04:44 36864 --a------ C:\WINDOWS\system32\uvzgi.exe
2006-08-06 04:43 380928 --a------ C:\WINDOWS\system32\WinNB58.dll
2006-08-06 04:43 28672 --a------ C:\WINDOWS\system32\cymmh.exe
2006-08-06 04:43 221184 --a------ C:\WINDOWS\system32\vf1v62x.dll
2006-08-04 01:15 51712 --a------ C:\WINDOWS\system32\waxtigy.dll
2006-08-04 01:15 28672 --a------ C:\WINDOWS\system32\hcpxq.exe
2006-08-04 01:15 127488 --a------ C:\WINDOWS\system32\qsytqx.exe
2006-08-02 22:54 53 --a------ C:\WINDOWS\vwwnbw.dat
2006-08-02 22:53 127488 --a------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iakux.exe
2006-07-24 15:31 36864 --a------ C:\WINDOWS\system32\vp1i4.exe
2006-07-24 15:31 1163264 --a------ C:\WINDOWS\system32\l3jdfs.exe
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


2006-08-04 01:15 127488 C:\WINDOWS\system32\qsytqx.exe
2006-08-04 01:15 51712 C:\WINDOWS\system32\waxtigy.dll
2006-08-04 01:15 23552 C:\WINDOWS\system32\rxvcbdn.exe
2006-08-02 22:53 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iakux.exe
2006-08-22 09:42 303 C:\WINDOWS\pnfbi.dll
20 C:\WINDOWS\system32\vqnwd.dat
2006-08-04 01:15 28672 C:\WINDOWS\system32\hcpxq.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-08-02 22:53 127488 iakux.exe.qoo
06-08-04 01:15 127488 qsytqx.exe.qoo
06-08-04 01:15 51712 waxtigy.dll.qoo
06-08-04 01:15 28672 hcpxq.exe.qoo
06-08-22 09:42 303 pnfbi.dll.qoo
06-08-02 22:54 53 vwwnbw.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Compaq_Owner\Application Data\Sskknwrd.dll
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll
C:\WINDOWS\kiuj0v.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\dfndrff_8.exe
C:\kybrdff_8.exe
C:\kybrdfg_8.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4HUTSLZ0\drsmartload180a[1].exe
C:\secure32.html
C:\WINDOWS\elpp100drop.exe
C:\WINDOWS\ssqbn.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\YOINSI.exe
C:\Documents and Settings\All Users\Documents\Settings
C:\Program Files\elticons
C:\Program Files\System Files
C:\Program Files\System Icons
C:\WINDOWS\thiselt.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Compaq_Owner\Application Data\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Compaq_Owner\Application Data\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Compaq_Owner\Application Data\MCROSO~1\n?lookup.exe
C:\QooBox\Purity\Documents and Settings\Compaq_Owner\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\Compaq_Owner\My Documents\RACLE~1\?ti2evxx.exe
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\WNSXS~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\RACLE~1\javaw.exe
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1


((((((((((((((((((((((((((((((( Files Created from 2006-07-22 to 2006-08-22 ))))))))))))))))))))))))))))))))))


2006-08-15 21:13 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-15 21:13 597,504 C:\WINDOWS\system32\aswBoot.exe
2006-08-15 21:13 499,712 C:\WINDOWS\system32\MSVCP71.dll
2006-08-15 21:13 348,160 C:\WINDOWS\system32\MSVCR71.dll
2006-08-15 21:13 1,060,864 C:\WINDOWS\system32\MFC71.dll
2006-08-12 14:19 2 C:\WINDOWS\system32\wcpsu.exe
2006-08-06 04:45 45,056 C:\WINDOWS\system32zkdmg.exe
2006-08-06 04:45 36,864 C:\WINDOWS\system32uvzgi.exe
2006-08-06 04:45 28,672 C:\WINDOWS\system32tpsd.exe
2006-08-06 04:44 36,864 C:\WINDOWS\system32\uvzgi.exe
2006-08-06 04:44 36,864 C:\WINDOWS\system32\hauc.exe
2006-08-06 04:44 28,672 C:\WINDOWS\system32\tpsd.exe
2006-08-06 04:44 143,360 C:\WINDOWS\sys101883281889.exe
2006-08-06 04:43 57,344 C:\WINDOWS\ddhb.exe
2006-08-06 04:43 57,344 C:\WINDOWS\cs2m6f.exe
2006-08-06 04:43 45,056 C:\WINDOWS\system32afdaqd3.exe
2006-08-06 04:43 380,928 C:\WINDOWS\system32\WinNB58.dll
2006-08-06 04:43 36,864 C:\WINDOWS\thiselt.exe
2006-08-06 04:43 36,864 C:\WINDOWS\system32y3aqsoepa.exe
2006-08-06 04:43 36,864 C:\WINDOWS\system32\y3aqsoepa.exe
2006-08-06 04:43 36,864 C:\WINDOWS\system32\vp1i4.exe
2006-08-06 04:43 28,672 C:\WINDOWS\system32cymmh.exe
2006-08-06 04:43 28,672 C:\WINDOWS\system32\whcixm7.exe
2006-08-06 04:43 28,672 C:\WINDOWS\system32\cymmh.exe
2006-08-06 04:43 221,184 C:\WINDOWS\system32\vf1v62x.dll
2006-08-06 04:43 1,163,264 C:\WINDOWS\system32\l3jdfs.exe
2006-08-05 15:40 81,920 C:\WINDOWS\system32\winspool.dll
2006-08-04 03:35 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-08-04 03:31 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-08-04 03:30 208,896 C:\WINDOWS\system32\NVUNINST.EXE
2006-08-04 03:04 4,096 C:\WINDOWS\system32\ksuser.dll
2006-08-04 01:15 23,552 C:\WINDOWS\system32\rxvcbdn.exe
2006-08-04 01:15 221,184 C:\WINDOWS\system32\wmpns.dll
2006-08-02 22:59 79,360 C:\4534234.cmd
2006-08-02 22:59 39,424 C:\WINDOWS\mtuninst.exe
2006-08-02 22:54 45,056 C:\WINDOWS\system32tfthot.exe
2006-08-02 22:54 143,360 C:\WINDOWS\ms0581889188322006.exe
2006-08-02 22:53 45,056 C:\WINDOWS\system32ghynf.exe
2006-08-02 22:53 139,264 C:\WINDOWS\MirarSetup_876075.exe
2006-08-02 10:59 40,448 C:\WINDOWS\OEM.exe
2006-07-28 01:47 54,816 C:\WINDOWS\sonvai.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-22 09:43 -------- d-------- C:\Program Files\Common Files
2006-08-22 09:33 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-20 16:22 -------- d-------- C:\Program Files\Trillian
2006-08-20 15:19 -------- d-------- C:\Program Files\City of Heroes
2006-08-19 23:59 2 --a------ C:\WINDOWS\system32\wcpsu.exe
2006-08-15 21:13 -------- d-------- C:\Program Files\Alwil Software
2006-08-11 15:43 28672 --a------ C:\WINDOWS\system32\whcixm7.exe
2006-08-11 15:42 -------- d-------- C:\Program Files\Online Services
2006-08-11 15:42 -------- d-------- C:\Program Files\MSN
2006-08-11 15:42 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-11 15:42 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-11 13:58 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-08-11 13:37 -------- d-------- C:\Program Files\Symantec
2006-08-08 18:36 -------- d-------- C:\Program Files\Yahoo!
2006-08-08 16:07 81920 --a------ C:\WINDOWS\system32\winspool.dll
2006-08-07 23:10 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft
2006-08-06 04:45 45056 --a------ C:\WINDOWS\system32zkdmg.exe
2006-08-06 04:45 36864 --a------ C:\WINDOWS\system32uvzgi.exe
2006-08-06 04:45 28672 --a------ C:\WINDOWS\system32tpsd.exe
2006-08-06 04:44 57344 --a------ C:\WINDOWS\cs2m6f.exe
2006-08-06 04:44 36864 --a------ C:\WINDOWS\system32\uvzgi.exe
2006-08-06 04:44 28672 --a------ C:\WINDOWS\system32\tpsd.exe
2006-08-06 04:44 143360 --a------ C:\WINDOWS\sys101883281889.exe
2006-08-06 04:43 57344 --a------ C:\WINDOWS\ddhb.exe
2006-08-06 04:43 45056 --a------ C:\WINDOWS\system32afdaqd3.exe
2006-08-06 04:43 380928 --a------ C:\WINDOWS\system32\WinNB58.dll
2006-08-06 04:43 36864 --a------ C:\WINDOWS\thiselt.exe
2006-08-06 04:43 36864 --a------ C:\WINDOWS\system32y3aqsoepa.exe
2006-08-06 04:43 36864 --a------ C:\WINDOWS\system32\y3aqsoepa.exe
2006-08-06 04:43 28672 --a------ C:\WINDOWS\system32cymmh.exe
2006-08-06 04:43 28672 --a------ C:\WINDOWS\system32\cymmh.exe
2006-08-06 04:43 221184 --a------ C:\WINDOWS\system32\vf1v62x.dll
2006-08-06 04:43 139264 --a------ C:\WINDOWS\MirarSetup_876075.exe
2006-08-04 02:55 -------- d-------- C:\Program Files\Windows NT
2006-08-04 02:55 -------- d-------- C:\Program Files\Windows Media Player
2006-08-04 02:54 -------- d-------- C:\Program Files\Outlook Express
2006-08-04 02:54 -------- d-------- C:\Program Files\NetMeeting
2006-08-04 02:54 -------- d-------- C:\Program Files\Movie Maker
2006-08-04 02:54 -------- d-------- C:\Program Files\Messenger
2006-08-04 02:54 -------- d-------- C:\Program Files\Internet Explorer
2006-08-04 02:54 -------- d-------- C:\Program Files\Common Files\System
2006-08-04 02:54 -------- d-------- C:\Program Files\Common Files\Services
2006-08-04 02:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-04 02:35 -------- d-------- C:\Program Files\iTunes
2006-08-04 02:35 -------- d-------- C:\Program Files\iPod
2006-08-04 01:17 3888 --a------ C:\WINDOWS\viassary-hp.reg
2006-08-04 01:17 -------- d-------- C:\Program Files\Easy Internet signup
2006-08-04 01:15 23552 --a------ C:\WINDOWS\system32\rxvcbdn.exe
2006-08-04 01:15 -------- d---s---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2006-08-04 01:15 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2006-08-04 01:15 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2006-08-02 22:59 79360 --a------ C:\4534234.cmd
2006-08-02 22:59 39424 --a------ C:\WINDOWS\mtuninst.exe
2006-08-02 22:54 45056 --a------ C:\WINDOWS\system32tfthot.exe
2006-08-02 22:54 143360 --a------ C:\WINDOWS\ms0581889188322006.exe
2006-08-02 22:53 45056 --a------ C:\WINDOWS\system32ghynf.exe
2006-08-02 11:40 -------- d-------- C:\Program Files\interMute
2006-08-02 11:06 40448 --a------ C:\WINDOWS\OEM.exe
2006-07-31 22:48 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2006-07-31 21:40 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2006-07-31 16:02 36864 --a------ C:\WINDOWS\system32\hauc.exe
2006-07-28 01:47 54816 --a------ C:\WINDOWS\sonvai.exe
2006-07-24 15:31 36864 --a------ C:\WINDOWS\system32\vp1i4.exe
2006-07-24 15:31 1163264 --a------ C:\WINDOWS\system32\l3jdfs.exe
2006-07-23 18:35 -------- d-------- C:\Program Files\Activision
2006-07-14 06:37 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
2006-06-23 10:22 9216 --a------ C:\WINDOWS\hfihhvvvwh.dll
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"xload"="\"C:\\WINDOWS\\xload.exe\""
"epy9J"="\"C:\\WINDOWS\\system32\\l3jdfs.exe\""
"sys101883281889"="C:\\WINDOWS\\sys101883281889.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Srro"="\"C:\\WINDOWS\\RACLE~1\\javaw.exe\" -vt yazr"
"Fdmvn"="C:\\DOCUME~1\\COMPAQ~1\\MYDOCU~1\\RACLE~1\\TI2EVX~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Tue 08/22/2006 9:47:40.98
ComboFix.txt

#4 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:06:42 PM

Posted 22 August 2006 - 09:59 AM

Good! It got rid of a bunch of stuff. Please restart your computer if you haven't done so after running combofix....

When your back to the desktop, please run combofix again and post the log.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users