lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Iexplore.exe issue

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Iexplore.exe issue




Reply
Page 2 of 2 1 2
 
Thread Tools
  #11  
Old 28th Sep 2008, 13:25
New Member Group
  
Default Iexplore.exe issue

<<edit>>
  #12  
Old 28th Sep 2008, 14:01
New Member Group
  
Default Iexplore.exe issue

ComboFix 08-09-27.05 - Administrator 2008-09-28 16:08:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.707 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\0vx55IOc.exe
C:\WINDOWS\system32\SJv56bM4.exe.a_a
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\ErrorSmart
C:\Documents and Settings\Administrator\Application Data\ErrorSmart\Log\2008 Sep 27 - 08_36_00 PM_875.log
C:\Documents and Settings\Administrator\Application Data\ErrorSmart\Log\2008 Sep 27 - 10_23_35 PM_715.log
C:\Documents and Settings\Administrator\Application Data\ErrorSmart\Log\2008 Sep 27 - 10_34_40 PM_903.log
C:\Documents and Settings\Administrator\Application Data\ErrorSmart\Log\2008 Sep 27 - 11_20_56 PM_579.log
C:\Documents and Settings\Administrator\Application Data\ErrorSmart\Registry Backups\2008-09-27_20-40-45.reg
C:\Documents and Settings\Administrator\Application Data\ErrorSmart\Registry Backups\2008-09-27_20-50-43.reg
C:\WINDOWS\system32\0vx55IOc.exe
C:\WINDOWS\system32\58VayB0u.dll
C:\WINDOWS\system32\SJv56bM4.exe.a_a

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 13:18 . 2008-09-28 13:18 3,072 --a------ C:\Documents and Settings\Administrator\~.exe
2008-09-28 12:44 . 2008-09-28 12:44 39,426 --a------ C:\WINDOWS\system32\SJv56bM4.exe_
2008-09-28 12:44 . 2008-09-28 15:33 39,426 --a------ C:\WINDOWS\system32\SJv56bM4.exe
2008-09-27 22:45 . 2008-09-27 22:45 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-27 22:20 . 2008-09-27 23:19 <DIR> d-------- C:\SDFix
2008-09-27 21:03 . 2008-09-27 21:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 20:48 . 2008-09-27 20:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2008-09-27 19:38 . 2008-09-27 19:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 19:38 . 2008-09-27 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 19:38 . 2008-09-27 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-27 19:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 19:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-27 15:13 . 2008-09-27 15:13 <DIR> d-------- C:\Program Files\CCleaner
2008-09-27 12:35 . 2008-09-27 12:35 <DIR> d-------- C:\Program Files\PrevxCSI
2008-09-27 12:35 . 2008-09-28 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-27 12:35 . 2008-09-27 12:35 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-09-27 00:48 . 2008-09-27 00:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-27 00:47 . 2008-09-27 00:48 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-23 19:04 . 2008-09-23 22:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-21 00:19 . 2008-09-21 00:19 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-12 13:32 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-09-11 12:41 . 2008-09-28 16:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-11 12:41 . 2008-09-11 12:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-09 15:33 . 2008-09-09 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-09-04 13:39 . 2008-09-04 13:39 <DIR> d-------- C:\Program Files\Atari
2008-09-03 23:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-01 20:34 . 2008-09-01 20:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Eyeblaster
2008-08-28 23:11 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-28 23:11 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-28 00:20 --------- d-----w C:\Program Files\RealArcade
2008-09-25 21:30 --------- d-----w C:\Program Files\FTP Commander
2008-09-21 04:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-11 16:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-09-04 17:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 03:06 --------- d-----w C:\Program Files\Java
2008-08-30 00:32 --------- d-----w C:\Program Files\dl_Cats
2008-08-24 21:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-08-24 21:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gamelab
2008-07-30 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreshGames
2007-10-02 01:01 60,968 ----a-w C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.ex e
2007-01-13 12:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-08-10 19:03 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-28_11.50.36.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 15:35:45 31,232 ----a-w C:\WINDOWS\system32\rpcnet.dll
+ 2008-09-28 20:14:19 31,232 ----a-w C:\WINDOWS\system32\rpcnet.dll
- 2008-09-28 15:35:47 17,408 ----a-w C:\WINDOWS\system32\Rpcnetp.exe
+ 2008-09-28 20:14:21 17,408 ----a-w C:\WINDOWS\system32\Rpcnetp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 8429568]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb03.exe" [2001-06-12 200704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 2056266]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoAutoTrayNotify"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-08-20 20:24 151552 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1155864818\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-07-14 18:04 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-07-14 18:08 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-07-14 18:07 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 01:32 696320 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 01:38 802816 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ah----- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-28 19:05 8429568 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-17 21:34 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RssBandit\\RSSBandit.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155864818\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\FTP Commander\\ftpcomm.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155864818\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"50001:TCP"= 50001:TCP:webroots
"50002:TCP"= 50002:TCP:webroots2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a320raid;a320raid;C:\WINDOWS\system32\DRIVERS\a320 raid.sys [2006-04-04 251578]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-09-27 17408]
R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscon trol.sys [2006-04-14 80128]
R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilt er.sys [2006-04-14 24064]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-09-27 618040]
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxco ms.exe [2006-11-03 537480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sy s [2003-08-01 41600]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtip ci21.sys [2004-05-03 80384]
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.s ys [2005-12-09 67840]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-08-01 55552]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;C:\WINDOWS\system32\DRIVERS\whmice2k.sys [2004-04-25 6885]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{64d8acf2-5f84-11db-b756-00038a000015}]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7aebf132-2e3f-11db-b6e0-0015c547091a}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c4f3f4e1-2c11-11d9-8305-806d6172696f}]
\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe
.
Contents of the 'Scheduled Tasks' folder
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 16:14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\ComboFix\pv.cfexe
.
************************************************** ************************
.
Completion time: 2008-09-28 16:22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 20:22:41
ComboFix2.txt 2008-09-28 15:50:57

Pre-Run: 25,516,613,632 bytes free
Post-Run: 25,964,904,448 bytes free

263 --- E O F --- 2008-09-26 12:22:29
  #13  
Old 28th Sep 2008, 14:20
Moderator Group
  
Default Iexplore.exe issue

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
C:\Documents and Settings\Administrator\~.exe
C:\WINDOWS\system32\SJv56bM4.exe_  
C:\WINDOWS\system32\SJv56bM4.exe
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #14  
Old 28th Sep 2008, 14:50
New Member Group
  
Default Iexplore.exe issue

ComboFix 08-09-27.05 - Administrator 2008-09-28 17:42:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.621 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 13:18 . 2008-09-28 13:18 3,072 --a------ C:\Documents and Settings\Administrator\~.exe
2008-09-28 12:44 . 2008-09-28 15:33 39,426 --a------ C:\WINDOWS\system32\SJv56bM4.exe
2008-09-27 22:45 . 2008-09-27 22:45 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-27 22:20 . 2008-09-27 23:19 <DIR> d-------- C:\SDFix
2008-09-27 21:03 . 2008-09-27 21:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 20:48 . 2008-09-27 20:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2008-09-27 19:38 . 2008-09-27 19:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 19:38 . 2008-09-27 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 19:38 . 2008-09-27 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-27 19:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 19:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-27 15:20 . 2008-09-27 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-27 15:13 . 2008-09-27 15:13 <DIR> d-------- C:\Program Files\CCleaner
2008-09-27 12:35 . 2008-09-27 12:35 <DIR> d-------- C:\Program Files\PrevxCSI
2008-09-27 12:35 . 2008-09-28 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-27 12:35 . 2008-09-27 12:35 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-09-27 00:48 . 2008-09-27 00:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-27 00:47 . 2008-09-27 00:48 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-23 19:04 . 2008-09-23 22:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-21 00:19 . 2008-09-21 00:19 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-12 13:32 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-09-11 12:41 . 2008-09-28 16:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-11 12:41 . 2008-09-11 12:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-09 15:33 . 2008-09-09 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-09-04 13:39 . 2008-09-04 13:39 <DIR> d-------- C:\Program Files\Atari
2008-09-03 23:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-01 20:34 . 2008-09-01 20:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Eyeblaster
2008-08-28 23:11 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-28 23:11 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-28 20:14 31,232 ----a-w C:\WINDOWS\system32\rpcnet.dll
2008-09-28 20:14 17,408 ----a-w C:\WINDOWS\system32\Rpcnetp.exe
2008-09-28 03:10 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2008-09-28 00:20 --------- d-----w C:\Program Files\RealArcade
2008-09-25 21:30 --------- d-----w C:\Program Files\FTP Commander
2008-09-21 04:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-11 16:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-09-05 18:19 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-04 17:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 03:06 --------- d-----w C:\Program Files\Java
2008-08-30 00:32 --------- d-----w C:\Program Files\dl_Cats
2008-08-24 21:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-08-24 21:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gamelab
2008-07-30 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreshGames
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-10-02 01:01 60,968 ----a-w C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.ex e
2007-01-13 12:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-08-10 19:03 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 8429568]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb03.exe" [2001-06-12 200704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 2056266]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoAutoTrayNotify"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-08-20 20:24 151552 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1155864818\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-07-14 18:04 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-07-14 18:08 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-07-14 18:07 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 01:32 696320 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 01:38 802816 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ah----- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-28 19:05 8429568 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-17 21:34 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RssBandit\\RSSBandit.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155864818\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\FTP Commander\\ftpcomm.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155864818\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"50001:TCP"= 50001:TCP:webroots
"50002:TCP"= 50002:TCP:webroots2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a320raid;a320raid;C:\WINDOWS\system32\DRIVERS\a320 raid.sys [2006-04-04 251578]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-09-27 17408]
R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscon trol.sys [2006-04-14 80128]
R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilt er.sys [2006-04-14 24064]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-09-27 618040]
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxco ms.exe [2006-11-03 537480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sy s [2003-08-01 41600]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtip ci21.sys [2004-05-03 80384]
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.s ys [2005-12-09 67840]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-08-01 55552]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;C:\WINDOWS\system32\DRIVERS\whmice2k.sys [2004-04-25 6885]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{64d8acf2-5f84-11db-b756-00038a000015}]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7aebf132-2e3f-11db-b6e0-0015c547091a}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c4f3f4e1-2c11-11d9-8305-806d6172696f}]
\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe
.
Contents of the 'Scheduled Tasks' folder
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 17:45:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-09-28 17:49:04
ComboFix-quarantined-files.txt 2008-09-28 21:48:03
ComboFix2.txt 2008-09-28 20:22:44
ComboFix3.txt 2008-09-28 15:50:57

Pre-Run: 25,950,576,640 bytes free
Post-Run: 25,952,464,896 bytes free

230 --- E O F --- 2008-09-26 12:22:29
  #15  
Old 28th Sep 2008, 15:34
Moderator Group
  
Default Iexplore.exe issue

Stubborn files....

Download OTMoveIt2 by OldTimer and save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code:
[kill explorer]
C:\Documents and Settings\Administrator\~.exe
C:\WINDOWS\system32\SJv56bM4.exe
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Do you use any flash drives on this computer?
__________________
  #16  
Old 28th Sep 2008, 16:59
New Member Group
  
Default Iexplore.exe issue

Explorer killed successfully
C:\Documents and Settings\Administrator\~.exe moved successfully.
C:\WINDOWS\system32\SJv56bM4.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_CMe07nDn s2hE6O3ZEWV1 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD82.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000011DC9754D0F6952F70 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_194508

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_CMe07nDn s2hE6O3ZEWV1 not found!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD82.tmp moved successfully.
File C:\WINDOWS\temp\TMP00000011DC9754D0F6952F70 not found!
  #17  
Old 28th Sep 2008, 17:02
Moderator Group
  
Default Iexplore.exe issue

Finally.

Next:

Go to Start > Run and copy/paste this into the run box and then click OK.

combofix /u

----------

Run this online scan.

This scanner requires Internet Explorer or Firefox using the

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

How is everything now?
__________________
  #18  
Old 28th Sep 2008, 18:34
New Member Group
  
Default Iexplore.exe issue

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3478 (20080928)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=770e26feb08a3048887c6f82fa6eb5e4
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-29 01:27:58
# local_time=2008-09-28 09:27:58 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=549949
# found=0
# scan_time=3945


It's looking good! My computer's been on for over an hour and no sign of iexplore! Thank soooo much!
  #19  
Old 28th Sep 2008, 18:55
Moderator Group
  
Default Iexplore.exe issue

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
  • Go to Start > Programs > Accessories > System Tools and click System Restore
  • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Next go to Start > Run and type Cleanmgr
  • Click OK
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

I would suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
Reply
Page 2 of 2 1 2

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iexplore.exe electra369 Virus, Spyware & Security 1 12th Jan 2009 00:16
Winzix adware iexplore.exe issue. Please help!! winzix moron Virus, Spyware & Security 35 18th Dec 2008 16:47
Iexplore.exe #3 jman8700 Virus, Spyware & Security 8 29th May 2008 10:39
Another iexplore >.< sense Virus, Spyware & Security 20 18th Jan 2008 08:15
Iexplore.exe rsteenoven Virus, Spyware & Security 19 16th Jan 2008 14:02
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.