Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Is Opening Url.cpvfeed.com


  • This topic is locked This topic is locked
2 replies to this topic

#1 klinger

klinger

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 25 May 2007 - 10:49 PM

I've run Adaware, Spybot, combofix, multiple fixes suggested but I still can't fix this. I've blocked the connection using a HOSTS entry but its still opening IE. Here's my log:

EDIT:: Added combofix log below.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:05 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\iraeqnnA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trillian\trillian.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvguide.com/News-Views/Default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7999;https=127.0.0.1:7997
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iraeqnnA] C:\WINDOWS\iraeqnnA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: deskview.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: *.adxgate.net
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.snipenet.net
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adxgate.net (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)


------------

COMBOFIX LOG:


"Owner" - 2007-05-25 20:50:15 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tokqsyvf.dll
C:\WINDOWS\system32\fvysqkot.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\ljjgfff.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\retadpu1000106.exe"
"C:\Program Files\Windows NT\rtenenu.html"
"C:\Program Files\Windows NT\qufazy.dll"
"C:\WINDOWS\rau001978.exe"
"C:\WINDOWS\dls0523pmw.exe"
"C:\WINDOWS\cs_cache.ini"
"C:\Temp\tn3"
"C:\WINDOWS\system32\drivers\core.sys"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NET_AGENT
-------\core
-------\Net Agent


((((((((((((((((((((((((((((((( Files Created from 2007-04-25 to 2007-05-25 ))))))))))))))))))))))))))))))))))


2007-05-25 20:53 555 ---hs---- C:\WINDOWS\system32\sttss.ini2
2007-05-25 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-25 19:00 50,745 --a------ C:\WINDOWS\system32\lxlqmlhb.dll
2007-05-25 19:00 263,220 ---hs---- C:\WINDOWS\system32\sstts.dll
2007-05-25 18:55 46,592 --a------ C:\WINDOWS\iraeqnn.exe
2007-05-25 18:55 291,920 -r-hs---- C:\WINDOWS\iraeqnnA.exe
2007-05-25 18:55 <DIR> d-------- C:\WINDOWS\system32\TQ0
2007-05-25 18:55 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-25 18:55 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-25 18:55 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-25 18:55 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-25 18:55 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-25 18:55 <DIR> d-------- C:\temp\0b9
2007-05-25 18:55 <DIR> d-------- C:\Program Files\myCleanerPC
2007-05-25 18:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC
2007-05-05 18:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-05-05 18:21 <DIR> d-------- C:\Program Files\Bonjour
2007-05-05 18:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-01 18:57 <DIR> d-------- C:\Program Files\AutoHotkey


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 03:53:58 1,543,908 --sh--w C:\WINDOWS\system32\sttss.bak1
2007-05-26 03:51:44 -------- d-----w C:\Program Files\Windows NT
2007-05-25 03:23:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-05-22 04:11:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\dvdcss
2007-05-11 05:36:55 -------- d-----w C:\Program Files\GrabIt
2007-05-05 21:38:44 -------- d-----w C:\Program Files\IrfanView
2007-04-22 18:47:12 -------- d-----w C:\Program Files\?ppPatch
2007-04-22 18:40:54 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-22 18:40:46 -------- d-----w C:\Program Files\Lavasoft
2007-04-22 18:40:33 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 06:16:19 3,367 ----a-w C:\WINDOWS\mozver.dat
2007-04-16 06:16:17 -------- d-----w C:\Program Files\Common Files\ParallelGraphics
2007-04-15 04:54:00 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Real
2007-04-08 01:48:31 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-08 01:44:31 -------- d-----w C:\Program Files\Electronic Arts
2007-04-07 03:57:26 73 ----a-w C:\WINDOWS\system32\ssprs.dll
2007-04-07 03:57:26 205 ----a-w C:\WINDOWS\system32\lsprst7.dll
2007-03-25 08:15:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Creative
2007-03-22 03:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 03:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 03:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-03 20:38:50 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll
2007-03-03 20:38:50 225,280 ----a-w C:\WINDOWS\system32\ReWire.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32\lxlqmlhb.dll [2007-05-25 19:00]
{A5B43154-D10E-422B-B373-6F2FEB47237E}=C:\WINDOWS\system32\sstts.dll [2007-05-25 19:00]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 02:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 16:17]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 13:09]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"@"="" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExSearchOptions"=104569 (0x19879)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Windows NT\rtenenu.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgfff]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts]
C:\WINDOWS\system32\sstts.dll


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 20:53:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-25 20:54:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 20:54
C:\ComboFix2.txt ... 2007-05-25 19:15
C:\ComboFix3.txt ... 2007-04-22 12:07

--- E O F ---

1989-12-12 10:10	  20480	--a------	C:\Qoobox\Quarantine\C\WINDOWS\offun.exe.vir
2007-04-30 08:06	  142	--a------	C:\Qoobox\Quarantine\C\Program Files\Windows NT\rtenenu.html.vir
2007-05-25 18:55	  1044480	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cfg32.exe.vir
2007-05-25 18:55	  162348	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
2007-05-25 18:55	  29206	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ljjgfff.dll.vir
2007-05-25 18:55	  34816	--a------	C:\Qoobox\Quarantine\C\WINDOWS\rau001978.exe.vir
2007-05-25 18:55	  40960	--a------	C:\Qoobox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir
2007-05-25 18:55	  4364	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cs_cache.ini.vir
2007-05-25 18:55	  65536	--a------	C:\Qoobox\Quarantine\C\WINDOWS\dls0523pmw.exe.vir
2007-05-25 18:55	  696320	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cfg32a.exe.vir
2007-05-25 18:55	  70144	--a------	C:\Qoobox\Quarantine\C\Program Files\Windows NT\qufazy.dll.vir
2007-05-25 18:55	  72320	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
2007-05-25 19:00	  1571916	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\sttss.bak1.vir
2007-05-25 19:03	  132660	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tokqsyvf.dll.vir
2007-05-25 19:03	  76412	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\sogcuhlo.dll.vir
2007-05-25 19:13	  2176	--a------	C:\Qoobox\Quarantine\Registry_backups\services_Windows Overlay Components.reg.cf
2007-05-25 20:06	  1083900	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fvysqkot.ini.vir
2007-05-25 20:51	  1052	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-05-25 20:51	  2526	--a------	C:\Qoobox\Quarantine\Registry_backups\services_Net Agent.reg.cf
2007-05-25 20:51	  814	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NET_AGENT.reg.cf
2007-05-25 20:51	  994	--a------	C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf


Folder PATH listing
Volume serial number is 08EE-77B6
C:\QOOBOX
+---purity
|   \---C
|	   \---WINDOWS
|		   +---RACLE~1
|		   \---system32
|			   \---SMANTE~1
\---Quarantine
	+---C
	|   +---Program Files
	|   |   \---Windows NT
	|   |		   qufazy.dll.vir
	|   |		   rtenenu.html.vir
	|   |		   
	|   \---WINDOWS
	|	   |   cfg32.exe.vir
	|	   |   cfg32a.exe.vir
	|	   |   cs_cache.ini.vir
	|	   |   dls0523pmw.exe.vir
	|	   |   offun.exe.vir
	|	   |   rau001978.exe.vir
	|	   |   retadpu1000106.exe.vir
	|	   |   
	|	   \---system32
	|		   |   fvysqkot.ini.vir
	|		   |   ljjgfff.dll.vir
	|		   |   sogcuhlo.dll.vir
	|		   |   sttss.bak1.vir
	|		   |   tokqsyvf.dll.vir
	|		   |   
	|		   \---drivers
	|				   core.cache.dsk.vir
	|				   core.sys.vir
	|				   
	\---Registry_backups
			LEGACY_CORE.reg.cf
			LEGACY_NET_AGENT.reg.cf
			services_core.reg.cf
			services_Net Agent.reg.cf
			services_Windows Overlay Components.reg.cf

Edited by klinger, 25 May 2007 - 11:03 PM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:08 AM

Posted 26 May 2007 - 01:05 AM

Hello,

First of all, I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Any reason why you do not seem to be running Antivirus software and a Firewall? This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select everything you find in there (except for "My current home page") and press the delete button on the right.
Hit ok below > apply in previous window.

Then, Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\lxlqmlhb.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\iraeqnn.exe
C:\WINDOWS\iraeqnnA.exe
C:\WINDOWS\system32\sttss.bak1

Folder::
C:\WINDOWS\system32\TQ0
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T1QaSQ
C:\WINDOWS\system32\pog
C:\temp\0b9
C:\Program Files\myCleanerPC
C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgfff]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B646AFB-9341-4330-8FD1-C32485AEE619}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5B43154-D10E-422B-B373-6F2FEB47237E}]


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Edited by miekiemoes, 26 May 2007 - 01:06 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:08 AM

Posted 06 June 2007 - 05:21 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users