|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
06-17-2008, 02:32 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 13
OS: Windows XP
|
I need some help please.
Hi there, as the title says, I need some help, I originally posted this on Monday 16th June but didn't realise about the first steps. I have now done the steps except the panda scan as my pc kept freezing. My PC was running fine until about a month ago when I managed to get some viruses/trojans. I ran various scans which told me the viruses were deleted. But they somehow kept coming back. After reading through a couple of posts, I realised that I should have disabled the restore point which I did. And after running Adaware, Spybot S&D, Spyware Dr, Adware Alert and finally a full Norton Internet security scan, the virus seemed to have been cleaned. (I think one of the viruses was something called Vuntu or something like that). The problem I have now is that my PC is running so slowly it's virtually at a standstill. I think that the viruses I had have done something to my registry or my registry still has traces of them which is causing my PC to go really slow . Just for information, my PC is running Windows XP and I use IE for browsing. I am not very computer savvy so please reply in easy to understand terms.
Please find below the log of the DSS scan along with the extra.txt file. I look forward to your help in sorting out my pc. Deckard's System Scanner v20071014.68 Run by Fancis Escalante on 2008-06-17 22:03:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-06-17 21:03:36 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2008-06-17 19:55:03 UTC - RP3 - System Checkpoint 2: 2008-06-15 20:57:17 UTC - RP2 - firefox download 1: 2008-06-14 18:55:04 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 480 MiB (512 MiB recommended). -- HijackThis (run as Fancis Escalante.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:07, on 17/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe C:\Documents and Settings\Fancis Escalante\My Documents\My Music\Samsung Media Studio\$temp2\SMSTray.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\blueyonder IST\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Fancis Escalante\Desktop\dss.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Fancis Escalante.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file) O2 - BHO: (no name) - {A0B4FFEA-D466-49A8-9BB0-B7BBD2FCB449} - (no file) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe O4 - HKLM\..\Run: [SMSTray] "C:\Documents and Settings\Fancis Escalante\My Documents\My Music\Samsung Media Studio\$temp2\SMSTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe" O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [BMe39b682d] Rundll32.exe "C:\WINDOWS\system32\djfxnjce.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6uk.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fccyaYPj - fccyaYPj.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 13278 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080608-174344-375 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll backup-20080608-174344-471 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll backup-20080608-174344-719 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll backup-20080608-174344-822 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL backup-20080608-174345-181 O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll backup-20080608-174345-213 O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll backup-20080608-174345-370 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll backup-20080608-174345-510 O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll backup-20080608-174345-570 O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCool.dll backup-20080608-174345-624 O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll backup-20080608-174345-987 O2 - BHO: (no name) - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 CuteCam - c:\windows\system32\drivers\cutecam.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-17 22:04:34 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-06-17 20:07:50 706 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job 2008-06-07 22:05:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-05-30 21:43:55 570 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Fancis Escalante.job -- Files created between 2008-05-17 and 2008-06-17 ----------------------------- 2008-06-17 21:52:34 0 d-------- C:\ie-spyad_zo 2008-06-17 21:41:34 0 d-------- C:\Program Files\SpywareBlaster 2008-06-15 22:05:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-14 17:23:04 0 d-------- C:\Program Files\NoAdware5.0 2008-06-12 20:00:56 91136 --a------ C:\WINDOWS\system32\djfxnjce.dll 2008-06-10 21:54:20 38 --a------ C:\WINDOWS\system32\a.bat 2008-06-10 21:53:33 145 --a------ C:\WINDOWS\system32\winver.bat 2008-06-10 21:20:38 627674 --ahs---- C:\WINDOWS\system32\nXxFNqru.ini2 2008-06-06 19:42:20 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\AdwareAlert 2008-06-05 22:16:15 4 --a------ C:\results.bin 2008-06-05 19:55:26 0 d-------- C:\Program Files\Trend Micro 2008-06-04 20:24:50 40960 --a------ C:\FirePassword.exe 2008-06-04 19:21:45 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\WinRAR 2008-06-03 22:10:01 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\PC Tools 2008-05-29 19:35:10 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Thinstall 2008-05-28 20:42:42 164 --a------ C:\install.dat 2008-05-27 19:08:26 0 d-------- C:\Program Files\Windows Live Safety Center 2008-05-26 17:32:05 1085330 --a------ C:\WINDOWS\XSitePro2 Uninstaller.exe 2008-05-25 19:26:30 0 d-------- C:\Program Files\Seagate 2008-05-25 19:26:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate 2008-05-25 19:24:45 0 d-------- C:\Program Files\MSXML 6.0 2008-05-24 16:43:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-24 16:40:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-22 20:55:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-05-22 20:55:17 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-05-22 19:59:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-05-18 20:38:06 674816 --a------ C:\WINDOWS\is-K9I61.exe <Not Verified; ; Inno Setup> 2008-05-18 20:37:42 0 d-------- C:\Program Files\Cat Computer 2008-05-18 12:29:13 0 d--hs---- C:\WINDOWS\ftpcache 2008-05-18 12:28:55 0 d-------- C:\Program Files\ICQToolbar 2008-05-18 12:28:55 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Shareaza 2008-05-18 11:37:26 0 d-------- C:\Program Files\a-squared Free -- Find3M Report --------------------------------------------------------------- 2008-06-17 22:05:12 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-17 18:54:07 0 d-------- C:\Program Files\Common Files 2008-06-15 22:04:36 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Mozilla 2008-06-05 20:58:25 0 d-------- C:\Program Files\HyperVRE 2008-05-31 10:37:39 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Skype 2008-05-29 19  24 0 d--h----- C:\Program Files\InstallShield Installation Information2008-05-29 19:04:47 0 d-------- C:\Program Files\Maxis 2008-05-29 19:01:09 0 d-------- C:\Program Files\Pinnacle 2008-05-29 18:55:22 0 d-------- C:\Program Files\Google 2008-05-28 19:37:48 0 d-------- C:\Program Files\Mediacenter 2008-05-24 16:45:08 0 d-------- C:\Program Files\Lavasoft 2008-05-24 16:45:06 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Lavasoft 2008-05-23 21:46:29 0 d-------- C:\Program Files\ICQ 2008-05-20 18:57:02 0 --a------ C:\AUTOEXEC.BAT 2008-05-18 20:20:14 45 --a------ C:\Program Files\InstErr.log 2008-05-13 20:20:41 0 d-------- C:\Program Files\XSite Pro 2008-05-13 19:02:19 236568 --a------ C:\WINDOWS\XSite Pro Uninstaller.exe 2008-05-13 19:01:15 0 d-------- C:\Program Files\Common Files\Thraex Software 2008-05-10 15:35:31 0 d-------- C:\Program Files\Your Syndicate Manager 2008-05-10 12:07:28 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Ewen Chia's My Free Website Builder 2008-05-05 20:14:09 310 --a------ C:\Documents and Settings\Fancis Escalante\Application Data\APUSet.xml 2008-05-05 20:13:35 6143 --a------ C:\Documents and Settings\Fancis Escalante\Application Data\PrimoPDFSet.xml 2008-05-05 19:10:34 0 d-------- C:\Program Files\activePDF 2008-04-21 22:18:53 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\SmartFTP -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B4FFEA-D466-49A8-9BB0-B7BBD2FCB449}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00] "Ptipbmf"="rundll32.exe" [04/08/2004 08:56 C:\WINDOWS\system32\rundll32.exe] "CARPService"="carpserv.exe" [24/12/2001 03:02 C:\WINDOWS\system32\carpserv.exe] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [28/08/2003 12:47] "NvCplDaemon"="RUNDLL32.exe" [04/08/2004 08:56 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [17/11/2003 11:33 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 12:47] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" [04/11/2003 12:36] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [11/12/2003 20:35] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [07/07/2005 21:15] "EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [07/03/2005 20:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50] "Motive SmartBridge"="C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe" [22/09/2005 09:05] "SMSTray"="C:\Documents and Settings\Fancis Escalante\My Documents\My Music\Samsung Media Studio\$temp2\SMSTray.exe" [23/02/2007 17:32] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [24/09/2006 03:24] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [23/11/2006 02:45] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [25/09/2006 14:54] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [25/07/2005 13:01] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21] "BMe39b682d"="C:\WINDOWS\system32\djfxnjce.dll" [12/06/2008 20:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56] "NvMediaCenter"="RUNDLL32.exe" [04/08/2004 08:56 C:\WINDOWS\system32\rundll32.exe] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [06/08/2004 15:33] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Symantec Network Driver Update Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 17:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaYPj] fccyaYPj.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqNFxXn [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-06-17 22:08:12 ------------ |
|
     |
|
06-20-2008, 11:13 AM
|
#2 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,628
OS: XP
|
Re: I need some help please.
Hi, welcome to tsf!
If you still need assistance, please post a fresh main.txt log
__________________
Proud member of UNITE and ASAP since 2006  If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-21-2008, 07:06 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 13
OS: Windows XP
|
Re: I need some help please.
Hi Angelfire
Thanks for your reply, Please find below a copy of the new DSS log. Many thanks Francis Deckard's System Scanner v20071014.68 Run by Fancis Escalante on 2008-06-21 15:02:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 480 MiB (512 MiB recommended). -- HijackThis (run as Fancis Escalante.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:02:43, on 21/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe C:\Documents and Settings\Fancis Escalante\My Documents\My Music\Samsung Media Studio\$temp2\SMSTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\blueyonder IST\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Fancis Escalante\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\FANCIS~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file) O2 - BHO: (no name) - {A0B4FFEA-D466-49A8-9BB0-B7BBD2FCB449} - (no file) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe O4 - HKLM\..\Run: [SMSTray] "C:\Documents and Settings\Fancis Escalante\My Documents\My Music\Samsung Media Studio\$temp2\SMSTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe" O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [BMe39b682d] Rundll32.exe "C:\WINDOWS\system32\djfxnjce.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6uk.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fccyaYPj - fccyaYPj.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 13166 bytes -- Files created between 2008-05-21 and 2008-06-21 ----------------------------- 2008-06-21 14:56:06 0 d-------- C:\Program Files\7-Zip 2008-06-17 21:52:34 0 d-------- C:\ie-spyad_zo 2008-06-17 21:41:34 0 d-------- C:\Program Files\SpywareBlaster 2008-06-15 22:05:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-14 17:23:04 0 d-------- C:\Program Files\NoAdware5.0 2008-06-12 20:00:56 91136 --a------ C:\WINDOWS\system32\djfxnjce.dll 2008-06-10 21:54:20 38 --a------ C:\WINDOWS\system32\a.bat 2008-06-10 21:53:33 145 --a------ C:\WINDOWS\system32\winver.bat 2008-06-10 21:20:38 627674 --ahs---- C:\WINDOWS\system32\nXxFNqru.ini2 2008-06-06 19:42:20 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\AdwareAlert 2008-06-05 22:16:15 4 --a------ C:\results.bin 2008-06-05 19:55:26 0 d-------- C:\Program Files\Trend Micro 2008-06-04 20:24:50 40960 --a------ C:\FirePassword.exe 2008-06-04 19:21:45 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\WinRAR 2008-06-03 22:10:01 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\PC Tools 2008-05-29 19:35:10 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Thinstall 2008-05-28 20:42:42 164 --a------ C:\install.dat 2008-05-27 19:08:26 0 d-------- C:\Program Files\Windows Live Safety Center 2008-05-26 17:32:05 1085330 --a------ C:\WINDOWS\XSitePro2 Uninstaller.exe 2008-05-25 19:26:30 0 d-------- C:\Program Files\Seagate 2008-05-25 19:26:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate 2008-05-25 19:24:45 0 d-------- C:\Program Files\MSXML 6.0 2008-05-24 16:43:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-24 16:40:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-22 20:55:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-05-22 20:55:17 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-05-22 19:59:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8 -- Find3M Report --------------------------------------------------------------- 2008-06-21 14:26:37 0 d-------- C:\Program Files\Common Files 2008-06-18 21:11:22 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-15 22:04:36 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Mozilla 2008-06-05 20:58:25 0 d-------- C:\Program Files\HyperVRE 2008-05-31 10:37:39 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Skype 2008-05-29 19 24 0 d--h----- C:\Program Files\InstallShield Installation Information2008-05-29 19:04:47 0 d-------- C:\Program Files\Maxis 2008-05-29 19:01:09 0 d-------- C:\Program Files\Pinnacle 2008-05-29 18:55:22 0 d-------- C:\Program Files\Google 2008-05-28 19:37:48 0 d-------- C:\Program Files\Mediacenter 2008-05-24 16:45:08 0 d-------- C:\Program Files\Lavasoft 2008-05-24 16:45:06 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Lavasoft 2008-05-23 21:46:29 0 d-------- C:\Program Files\ICQ 2008-05-20 18:57:02 0 --a------ C:\AUTOEXEC.BAT 2008-05-18 20:38:07 674816 --a------ C:\WINDOWS\is-K9I61.exe <Not Verified; ; Inno Setup> 2008-05-18 20:37:42 0 d-------- C:\Program Files\Cat Computer 2008-05-18 20:20:14 45 --a------ C:\Program Files\InstErr.log 2008-05-18 12:28:56 0 d-------- C:\Program Files\a-squared Free 2008-05-18 12:28:55 0 d-------- C:\Program Files\ICQToolbar 2008-05-18 12:28:55 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Shareaza 2008-05-13 20:20:41 0 d-------- C:\Program Files\XSite Pro 2008-05-13 19:02:19 236568 --a------ C:\WINDOWS\XSite Pro Uninstaller.exe 2008-05-13 19:01:15 0 d-------- C:\Program Files\Common Files\Thraex Software 2008-05-10 15:35:31 0 d-------- C:\Program Files\Your Syndicate Manager 2008-05-10 12:07:28 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\Ewen Chia's My Free Website Builder 2008-05-05 20:14:09 310 --a------ C:\Documents and Settings\Fancis Escalante\Application Data\APUSet.xml 2008-05-05 20:13:35 6143 --a------ C:\Documents and Settings\Fancis Escalante\Application Data\PrimoPDFSet.xml 2008-05-05 19:10:34 0 d-------- C:\Program Files\activePDF 2008-04-21 22:18:53 0 d-------- C:\Documents and Settings\Fancis Escalante\Application Data\SmartFTP -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B4FFEA-D466-49A8-9BB0-B7BBD2FCB449}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00] "Ptipbmf"="rundll32.exe" [04/08/2004 08:56 C:\WINDOWS\system32\rundll32.exe] "CARPService"="carpserv.exe" [24/12/2001 03:02 C:\WINDOWS\system32\carpserv.exe] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [28/08/2003 12:47] "NvCplDaemon"="RUNDLL32.exe" [04/08/2004 08:56 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [17/11/2003 11:33 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 12:47] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" [04/11/2003 12:36] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [11/12/2003 20:35] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [07/07/2005 21:15] "EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [07/03/2005 20:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50] "Motive SmartBridge"="C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe" [22/09/2005 09:05] "SMSTray"="C:\Documents and Settings\Fancis Escalante\My Documents\My Music\Samsung Media Studio\$temp2\SMSTray.exe" [23/02/2007 17:32] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [24/09/2006 03:24] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [23/11/2006 02:45] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [25/09/2006 14:54] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [25/07/2005 13:01] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21] "BMe39b682d"="C:\WINDOWS\system32\djfxnjce.dll" [12/06/2008 20:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56] "NvMediaCenter"="RUNDLL32.exe" [04/08/2004 08:56 C:\WINDOWS\system32\rundll32.exe] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [06/08/2004 15:33] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Symantec Network Driver Update Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 17:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaYPj] fccyaYPj.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqNFxXn [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-06-21 15:03:11 ------------ |
|
|
|
|
06-21-2008, 10:19 PM
|
#4 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,628
OS: XP
|
Re: I need some help please.
Hi,
Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log.
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
