Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter #1
This problem began a month or two ago when my wife (who uses the machine mostly) said that the machine would not start up but kept rebooting. I was able to fix that (I cannot remember how in detail - using safemode etc). I think the main step that restored function was to uninstall IE7. The machine then ran acceptably reverting to IE6. However, as time has gone on I have been unable to rid the machine of the IE6 popup, furthermore my attempts to reinstall IE7 and get it working again have been unsuccessful. I need help now.

I have tried several times to reinstall IE7, however, not only will it not start but XL and Outlook also refuse to start, although Word does (I have not tried every programme on my PC). I then remove IE7, the system reverts to IE6. IE6 runs and so do XL and Outlook etc, however, IE6 is plagued by the persistent popup - which seems to get past the popup blocker. The popup is full screen but pops up in the background. It usually contains an ad for a free mobile phone or some other (tacky) luxury good. From time to time it has an ad for what I assume is bogus security software. An example is, "http://fp.pc-on-internet.com - Spyware Secure your number one spyware and adware software". At other times I am presented with a (I think - assume) bogus screenshot from XP's security centre and a dialogue telling me that my machine is infected. Well they're right there.

I have AVG Internet Security 7.5 installed, I recently installed the most recent build (Ocotber 2007). AVG generally find some spyware when it scans and removes/disinfects it. It seems to be the same stuff everytime (I have logs here if they would be of any help), but doesn't seem to solve this problem. From time to time AVG Firewall hits a problem and will not start. On these occassions I have to deactivate AVG Firewall, and then startup the XP firewall. I then have to completely re-install AVG Internet Security 7.5 and run the Firewall wizard again - after which it is OK again. I have no idea whether or not this is related to my popup or IE7 problem.

Yesterday, Whilst diconnected from the internet, I noticed that the popup appeared - although without content. So it would appear that something is on the machine, although it needs a connection to internet to provide advertising content.

I have recently added Ad-Aware 2007 to my system and I am running the inline product, Ad-Watch 2007. Ad-Aware 2007 also found various items when I ran a scan with it, but again it does not seem to have had an impact on my problem, either with running IE7 at all or with the IE6 popup.

Lastly, I have had IE7 running on this machine in the past and when it was running I was very happy with it. I have two other machines and IE7 seems to run fine and without problems (or popups) on them. I should mention that this machine did have a problem with a ZLOB virus home page hi-jacker which was solved on this forum about a year ago. I think I still have a copy of the text from that thread somewhere if it has been purged from the forum.

Well that's about it. My Deckard log follows and after that is my Panda Scan (which took absolutely forever and found a lot more files on the machine than the 170K or so that AVG finds - why is that?). I attach the scan reqested in Step 5 which I understand includes the Hijackthis scan.

The machine has XP Media Centre with SP2. I have added SpywareBlaster and the Zone thing with Spyad info as suggested.

That's about it.

I hope you are able to help me.

Thanks in advance

Andrew

Deckard's System Scanner v20071014.68
Run by Andrew on 2007-11-14 02:55:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
101: 2007-11-14 02:55:51 UTC - RP338 - Deckard's System Scanner Restore Point
100: 2007-11-13 14:47:13 UTC - RP337 - System Checkpoint
99: 2007-11-12 14:29:01 UTC - RP336 - System Checkpoint
98: 2007-11-11 12:52:03 UTC - RP335 - System Checkpoint
97: 2007-11-09 18:17:24 UTC - RP334 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-08-17 22:06:27 UTC - RP238 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Andrew.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-14 02:58:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\Program Files\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Toshiba\ConfigFree\CFXFER.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Documents and Settings\Andrew\Desktop\downloads\Deckards System Scanner\dss.exe
C:\Program Files\hijackthis\Andrew.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [uifybksd] c:\windows\system32\uifybksd.exe uifybksd
O4 - HKLM\..\Run: [nywisrbus] c:\windows\system32\nywisrbus.exe nywisrbus
O4 - HKLM\..\Run: [ddcgmn] c:\windows\system32\ddcgmn.exe ddcgmn
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital Music Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164836257062
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe


--
End of file - 11463 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20061218-220301-219 O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
backup-20061218-220301-314 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061218-220301-824 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20061218-220301-856 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
backup-20061218-220441-584 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061218-220441-783 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20061219-195013-125 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061219-195013-354 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
R3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
R3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>

S2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 DCamUSBEMPIA (USB 2820 Video) - c:\windows\system32\drivers\emdevice.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>
S3 FiltUSBEMPIA (USB Device Lower Filter) - c:\windows\system32\drivers\emfilter.sys <Not Verified; Windows (R) Server 2003 DDK provider; Windows (R) Server 2003 DDK driver>
S3 humaxfl (HUMAX - Filter Driver) - c:\windows\system32\drivers\humaxfl.sys <Not Verified; HUMAX Co., Ltd.; Humax STB Library>
S3 humaxst (HUMAX - Stub Driver) - c:\windows\system32\drivers\humaxst.sys <Not Verified; HUMAX Co., Ltd.; Humax STB Library>
S3 ScanUSBEMPIA (USB Still Image Capture Device) - c:\windows\system32\drivers\emscan.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-10-14 and 2007-11-14 -----------------------------

2007-11-14 01:42:30 0 d-------- C:\Program Files\Zoned Out and Spyad
2007-11-14 01:29:04 0 d-------- C:\Program Files\SpywareBlaster
2007-11-13 23:37:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-13 23:37:49 0 d-------- C:\WINDOWS\LastGood
2007-11-10 13:01:38 0 d-------- C:\Documents and Settings\Ione\Application Data\AVG7
2007-11-09 17:57:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-09 17:53:43 0 d-------- C:\Documents and Settings\Andrew\Application Data\AVG7
2007-11-09 17:53:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-09 17:35:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-26 08:42:12 294 --a------ C:\WINDOWS\system32\nywisrbus_navps.dat
2007-10-25 20:10:56 4650 --a------ C:\WINDOWS\system32\nywisrbus.dat
2007-10-25 20:10:04 393 --a------ C:\WINDOWS\system32\ddcgmn_navps.dat
2007-10-25 20:10:04 317394 --a------ C:\WINDOWS\system32\ddcgmn_nav.dat
2007-10-25 20:10:04 4698 --a------ C:\WINDOWS\system32\ddcgmn.dat
2007-10-25 20:10:00 292864 --a------ C:\WINDOWS\system32\ddcgmn.exe
2007-10-24 11:26:33 324 --a------ C:\WINDOWS\system32\uifybksd_navps.dat
2007-10-24 11:26:33 317394 --a------ C:\WINDOWS\system32\uifybksd_nav.dat
2007-10-24 11:26:33 6565 --a------ C:\WINDOWS\system32\uifybksd.dat
2007-10-24 11:26:31 287744 --a------ C:\WINDOWS\system32\uifybksd.exe
2007-10-22 23:22:24 0 d-------- C:\Documents and Settings\Andrew\Application Data\VideoReDo-TVSuite
2007-10-22 23:22:21 0 d-------- C:\Program Files\VideoReDoTVSuite
2007-10-18 22:41:10 0 d-------- C:\Program Files\Lavasoft
2007-10-18 22:41:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-17 17:35:56 0 d---s---- C:\Documents and Settings\Ione\UserData
2007-10-14 09:39:46 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-14 09:38:33 0 d-------- C:\WINDOWS\ShellNew


-- Find3M Report ---------------------------------------------------------------

2007-11-14 00:54:07 0 d-------- C:\Program Files\QuickTime
2007-11-14 00:53:46 0 d-------- C:\Program Files\Picasa2
2007-11-14 00:53:05 0 d-------- C:\Program Files\Messenger
2007-11-14 00:53:05 0 d-------- C:\Program Files\Lexmark X1100 Series
2007-11-09 16:39:36 0 d-------- C:\Program Files\Online Services
2007-10-18 22:39:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-14 09:39:35 0 d-------- C:\Program Files\Common Files
2007-10-05 22:51:05 0 d-------- C:\Documents and Settings\Andrew\Application Data\VideoReDoPlus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 13:56]
"nwiz"="nwiz.exe" [16/02/2006 14:34 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16/02/2006 14:34]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [29/12/2005 21:21 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 23:02]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [12/05/2005 10:31]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/10/2005 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 11:41]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 14:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [15/08/2005 23:12]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [15/06/2007 23:15]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 14:53]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [28/08/2007 07:09]
"uifybksd"="c:\windows\system32\uifybksd.exe" [24/10/2007 11:26]
"qckcuvsxm"="c:\windows\system32\qckcuvsxm.exe" [24/10/2007 12:02]
"nywisrbus"="c:\windows\system32\nywisrbus.exe" [09/07/2007 21:16]
"ddcgmn"="c:\windows\system32\ddcgmn.exe" [25/10/2007 20:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/11/2007 17:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [11/04/2005 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 00:01:04]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [03/10/2007 13:56:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"=C:\Program Files\Video ActiveX Object\isamonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 09/11/2007 17:53 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en




-- End of Deckard's System Scanner: finished at 2007-11-14 03:00:42 ------------

Pandascan Result:


Incident Status Location

Adware:Adware/NaviPromo Not disinfected c:\windows\system32\ddcgmn.exe
Adware:Adware/NaviPromo Not disinfected c:\windows\system32\nywisrbus.exe
Adware:Adware/NaviPromo Not disinfected c:\windows\system32\uifybksd.exe
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Andrew\Desktop\Unused Desktop Shortcuts\Zlob Incident Dec 06\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Andrew\Desktop\Unused Desktop Shortcuts\Zlob Incident Dec 06\SmitfraudFix\SmitfraudFix\restart.exe
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ione\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\Program Files\InternetGameBox\InternetGameBox.exe
Adware:Adware/NaviPromo Not disinfected C:\Program Files\InternetGameBox\uninst.exe[²ÜÇ\NSUtils.dll]
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\system32\qckcuvsxm.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\Temp\NSIS_Install_IGB.exe[²ÜÇ\NSUtils.dll]
Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\WINDOWS\Temp\NSIS_Install_IGB.exe[InternetGameBox.exe]
 

Attachments

·
Security Team (ret.)
Joined
·
7,403 Posts
You have a few unwelcome visitors in the log....


This will remove some of the malware if present and help to identify any others .
Please download Combofix from HERE or HERE


Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
 

·
Registered
Joined
·
4 Posts
Discussion Starter #3
Hi Pancake,

Here's my combofix log, below it is a new hijackthis log.

Thanks


ComboFix 07-11-08.3 - Andrew 2007-11-17 16:14:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495 [GMT 0:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Max\Desktop\internetgamebox.lnk
C:\Documents and Settings\Max\Start Menu\Programs\InternetGameBox
C:\Documents and Settings\Max\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Max\Start Menu\Programs\InternetGameBox\Uninstall.lnk
C:\Documents and Settings\Max\Start Menu\Programs\InternetGameBox\Website.lnk
C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\InternetGameBox.exe
C:\Program Files\internetgamebox\InternetGameBox.url
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
C:\Program Files\internetgamebox\ressources\NoS2F.bin
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\uninst.exe
C:\WINDOWS\pack.epk
c:\WINDOWS\system32\ddcgmn.dat
c:\windows\system32\ddcgmn.exe
c:\WINDOWS\system32\ddcgmn_nav.dat
C:\WINDOWS\system32\ddcgmn_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\nywisrbus.dat
C:\WINDOWS\system32\nywisrbus.exe
C:\WINDOWS\system32\nywisrbus_navps.dat
C:\WINDOWS\system32\qckcuvsxm.dat
C:\WINDOWS\system32\qckcuvsxm.exe
c:\WINDOWS\system32\qckcuvsxm_nav.dat
C:\WINDOWS\system32\qckcuvsxm_navps.dat
C:\WINDOWS\system32\uifybksd.dat
C:\WINDOWS\system32\uifybksd.exe
c:\WINDOWS\system32\uifybksd_nav.dat
C:\WINDOWS\system32\uifybksd_navps.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 22:28 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-16 22:28 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-11-16 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 17:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 02:55 <DIR> d-------- C:\Deckard
2007-11-14 01:42 <DIR> d-------- C:\Program Files\Zoned Out and Spyad
2007-11-14 01:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-13 23:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-10 13:01 <DIR> d-------- C:\Documents and Settings\Ione\Application Data\AVG7
2007-11-09 17:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-09 17:53 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\AVG7
2007-11-09 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-22 23:22 <DIR> d-------- C:\Program Files\VideoReDoTVSuite
2007-10-22 23:22 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\VideoReDo-TVSuite
2007-10-18 22:41 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-18 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-17 17:35 <DIR> d---s---- C:\Documents and Settings\Ione\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 14:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 00:54 --------- d-----w C:\Program Files\QuickTime
2007-11-14 00:53 --------- d-----w C:\Program Files\Picasa2
2007-11-14 00:53 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-10-18 22:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-15 15:33 62,896 ----a-w C:\Documents and Settings\Ione\Application Data\GDIPFONTCACHEV1.DAT
2007-10-14 09:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-05 22:51 --------- d-----w C:\Documents and Settings\Andrew\Application Data\VideoReDoPlus
2007-09-28 17:29 --------- d-----w C:\Documents and Settings\Max\Application Data\Ulead Systems
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-17 17:49 52,432 ----a-w C:\Documents and Settings\Andrew\Application Data\GDIPFONTCACHEV1.DAT
2007-06-24 09:53 52,432 ----a-w C:\Documents and Settings\Max\Application Data\GDIPFONTCACHEV1.DAT
2006-11-27 21:04 0 ----a-w C:\Documents and Settings\Max\Application Data\wklnhst.dat
2006-11-27 00:34 160 ----a-w C:\Documents and Settings\Ione\Application Data\wklnhst.dat
2006-11-26 13:15 0 ----a-w C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"nwiz"="nwiz.exe" [2006-02-16 14:34 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 14:34]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 21:21 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 23:02]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 10:31]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 23:12]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 23:15]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-28 07:09]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-16 22:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 13:56:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-11-16 22:28 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

R0 iviVD;iviVD;C:\WINDOWS\system32\DRIVERS\iviVD.sys
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 humaxfl;HUMAX - Filter Driver;C:\WINDOWS\system32\DRIVERS\humaxfl.sys
S3 humaxst;HUMAX - Stub Driver;C:\WINDOWS\system32\DRIVERS\humaxst.sys
S3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 16:17:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 16:17:41
.
--- E O F ---

and the Hijackthis log,

Logfile of HijackThis v1.99.1
Scan saved at 16:56:25, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\HIJACK~1\Andrew.exe
C:\WINDOWS\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goibuy.com/product_info.php?products_id=1083
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital Music Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164836257062
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

·
Registered
Joined
·
4 Posts
Discussion Starter #5
Yes, thanks. :smile: The popup seems to have gone (What was it? Is there a line somewhere in those reports I ran that is/was it?). I haven't reinstalled IE7 yet as I was waiting for your all clear before doing that (I gather you've had server problems these last few days).
Will now re-install IE7 and report back to you.

I have another problem that seems to be a conflict between AVG Firewall and the software that my UK ISP has provided (its called Assist and Go from TalkTalk) to help resolve network and connection problems - but I guess that's another subject......:sigh:

Will confirm if all OK with IE7 or not.

Thanks again.
 

·
Registered
Joined
·
4 Posts
Discussion Starter #6
Hi again Pancake,

Have now attempted to reinstall IE7. Unfortunately it still won't start when installed and also seems to cause XL, Outlook and also Access (though maybe not Word - which at least started, but Access did too - it then fell over when asked to do anything). I uninstalled Office and then uninstalled and reinstalled IE7. Made no difference still won't start.

As the popup problem seems to be solved do I need to pursue the IE7 issue elsewhere now? Where?

Thanks
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Yes it would be best if you to one of the other forums as the are better at that kind of stuff than me..:smile:
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top