lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Iexplore.exe and norton problem

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Iexplore.exe and norton problem




Reply
Page 1 of 4 1 234
 
Thread Tools
  #1  
Old 21st Dec 2008, 13:34
New Member Group
  
Default Iexplore.exe and norton problem

I browse the Internet with Firefox and never with IE. Recently however, IE pop-ups have been coming up when I type or click anything in Firefox. In addition, the Norton Security Scan shortcut will appear on my desktop although I removed the Norton anti-virus software a long time ago.

Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2008 at 03:25 AM

Application Version : 4.23.1006

Core Rules Database Version : 3680
Trace Rules Database Version: 1659

Scan type : Complete Scan
Total Scan Time : 00:36:34

Memory items scanned : 466
Memory threats detected : 1
Registry items scanned : 6021
Registry threats detected : 35
File items scanned : 82757
File threats detected : 132

Adware.Gudmun/Resident
C:\WINDOWS\SYSTEM32\GIGIJOMO.DLL
C:\WINDOWS\SYSTEM32\GIGIJOMO.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\CBXNGWXO.DLL
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JOPOKANO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKU\S-1-5-21-2025429265-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad#SSODL
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IIOVVU.DLL .VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KIORFPSB.D LL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074547.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074548.DLL

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{63ebda50-477b-4c8d-a3e9-d8d0b3842888}
HKCR\CLSID\{63EBDA50-477B-4C8D-A3E9-D8D0B3842888}
HKCR\CLSID\{63EBDA50-477B-4C8D-A3E9-D8D0B3842888}\InprocServer32
HKCR\CLSID\{63EBDA50-477B-4C8D-A3E9-D8D0B3842888}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SOWAWIBI.DLL

Browser Hijacker.MJCore
HKU\S-1-5-21-2025429265-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D88E1558-7C2D-407A-953A-C044F5607CEA}
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MJCORE\MJCORE.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074528.DLL

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP782\A0073756.EXE

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKLM\Software\Microsoft\A0FEB74D
HKLM\Software\Microsoft\A0FEB74D#a0feb74d
HKLM\Software\Microsoft\A0FEB74D#Version
HKLM\Software\Microsoft\A0FEB74D#a0fe1acd
HKLM\Software\Microsoft\A0FEB74D#a0fe7328
HKU\S-1-5-21-2025429265-1957994488-725345543-1004\Software\Microsoft\CS41275
HKU\S-1-5-21-2025429265-1957994488-725345543-1004\Software\Microsoft\FIAS4018

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-2025429265-1957994488-725345543-1004\SOFTWARE\Microsoft\fias4013

Adware.Tracking Cookie
.doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.mediaplex.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.overture.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adtech.de [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adtech.de [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
ads.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.apmebf.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.fastclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.fastclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.statcounter.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]
.goal.adbureau.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\rb6b4ewo.default\coo kies.txt ]

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CBXNGWXO.D LL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VYNBCDRK.D LL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XMLSOYVV.D LL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XSOBJD.DLL .VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074545.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074550.DLL

Adware.Vundo/Variant-Greek
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP774\A0072216.EXE

Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP774\A0072347.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP774\A0072349.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP774\A0072350.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074546.DLL

Trojan.Unclassified
C:\SYSTEM VOLUME INFORMATION\_RESTORE{88A6FFAE-FFED-4C1E-A6FA-A2871855DB4F}\RP796\A0074532.EXE

Trojan.Dropper/Win-NV
C:\WINDOWS\SYSTEM32\NVAUX32.DLL

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\VTULLBUO.DLL

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2

2008-12-21 11:20:09 AM
mbam-log-2008-12-21 (11-20-09).txt

Scan type: Quick Scan
Objects scanned: 54098
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\zuyunado.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wetudave.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gedogeye.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4eb9a2b7-848b-40a8-9dd2-e940d47548c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4eb9a2b7-848b-40a8-9dd2-e940d47548c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{63ebda50-477b-4c8d-a3e9-d8d0b3842888} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63ebda50-477b-4c8d-a3e9-d8d0b3842888} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\a0fea5c3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\wutujezeho (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpma3cd965f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iiovvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuyunado.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\odanuyuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wetudave.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gedogeye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aston.mt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vizisida.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:45 PM, on 2008-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

O2 - BHO: (no name) - {04F1B11C-3CFF-4F56-AEBE-FB848B71FAE9} - C:\WINDOWS\system32\ddccCrrO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll
O2 - BHO: (no name) - {BFDC21F1-4922-48CD-A8D2-CB0A3376B059} - C:\WINDOWS\system32\rqRJaBSj.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P26 "EPSON Stylus CX4800 Series" /O15 "IP_192.168.1.10" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series (Network) on STUDY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P50 "Auto EPSON Stylus CX4800 Series (Network) on STUDY" /O16 "\\STUDY\EPSONNET" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on STUDY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P40 "Auto EPSON Stylus CX4800 Series on STUDY" /O16 "\\STUDY\EPSONSty" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on STUDY (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P49 "Auto EPSON Stylus CX4800 Series on STUDY (Copy 1)" /O34 "\\STUDY\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\Tsugomaru\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU)
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6531 bytes
  #2  
Old 21st Dec 2008, 13:42
New Member Group
  
Default Iexplore.exe and norton problem

I ran Combofix before I found this site.
  #3  
Old 21st Dec 2008, 16:25
Moderator Group
  
Default Iexplore.exe and norton problem

Welcome to CJ.

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.
  • Go to your desktop and double click on the removal tool and then click Setup.
  • Once open Click Next
  • Accept the license agreement and click Next
  • Type in the letters/numbers that you see into the text box then click Next.
  • Then click Next and the tool will start running.
  • Once finished restart the PC and run the tool again to ensure everything has been removed.
  • Delete Nortonremoval tool from your Desktop.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {04F1B11C-3CFF-4F56-AEBE-FB848B71FAE9} - C:\WINDOWS\system32\ddccCrrO.dll (file missing)
- O2 - BHO: (no name) - {BFDC21F1-4922-48CD-A8D2-CB0A3376B059} - C:\WINDOWS\system32\rqRJaBSj.dll (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Delete your current version of ComboFix and download it again!

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
  #4  
Old 21st Dec 2008, 19:44
New Member Group
  
Default Iexplore.exe and norton problem

ComboFix 08-12-21.03 - Tsugomaru 2008-12-21 18:29:12.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1615 [GMT -8:00]
Running from: c:\documents and settings\Tsugomaru\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\uniyaluv.ini
.
---- Previous Run -------
.
C:\1aq1obb.bat
C:\Autorun.inf
c:\docume~1\TSUGOM~1\LOCALS~1\Temp\2.dll
c:\docume~1\TSUGOM~1\LOCALS~1\Temp\tru1.tmp
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\Tsugomaru\Application Data\gadcom
c:\documents and settings\Tsugomaru\Application Data\gadcom\gadcom.exe
c:\documents and settings\Tsugomaru\Local Settings\Temporary Internet Files\fbk.sts
C:\g2p3s.exe
C:\ipy.cmd
C:\lgrncie.bat
C:\p0sc9t.cmd
C:\pkxfkrki.bat
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
C:\vmhr.bat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\~.exe
c:\windows\system32\cbXNGwXo.dll
c:\windows\system32\ddccCrrO.dll
c:\windows\system32\gpcimqps.ini
c:\windows\system32\iiovvu.dll
c:\windows\system32\jkkJyYsS.dll
c:\windows\system32\jSBaJRqr.ini
c:\windows\system32\jSBaJRqr.ini2
c:\windows\system32\kavo.exe
c:\windows\system32\kavo0.dll
c:\windows\system32\kavo1.dll
c:\windows\system32\kavo2.dll
c:\windows\system32\khfFVlJY.dll
c:\windows\system32\kiorfpsb.dll
c:\windows\system32\krdcbnyv.ini
c:\windows\system32\Memman.vxd
c:\windows\system32\OrrCccdd.ini
c:\windows\system32\OrrCccdd.ini2
c:\windows\system32\paso.el
c:\windows\system32\prunnet.exe
c:\windows\system32\rqRJaBSj.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\spqmicpg.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twext.exe
c:\windows\system32\vynbcdrk.dll
c:\windows\system32\xmlsoyvv.dll
c:\windows\system32\xsobjd.dll
c:\windows\wiaserviv.log
D:\1aq1obb.bat
D:\Autorun.inf
D:\ipy.cmd
D:\pkxfkrki.bat
D:\vmhr.bat
E:\1aq1obb.bat
E:\Autorun.inf
E:\ipy.cmd
E:\pkxfkrki.bat
E:\vmhr.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-21 18:23 . 2008-12-21 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-21 12:25 . 2008-12-21 12:25 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 12:21 . 2008-12-21 12:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:21 . 2008-12-21 12:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-21 11:14 . 2008-12-21 11:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 11:14 . 2008-12-21 11:14 <DIR> d-------- c:\documents and settings\Tsugomaru\Application Data\Malwarebytes
2008-12-21 11:14 . 2008-12-21 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 11:14 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 11:14 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 02:46 . 2008-12-21 02:46 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-21 02:46 . 2008-12-21 02:46 <DIR> d-------- c:\documents and settings\Tsugomaru\Application Data\SUPERAntiSpyware.com
2008-12-21 02:46 . 2008-12-21 02:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-21 02:40 . 2008-12-21 02:40 <DIR> d-------- c:\program files\CCleaner
2008-12-20 23:24 . 2008-12-20 23:24 <DIR> d-------- c:\program files\Alwil Software
2008-12-15 00:02 . 2008-12-15 00:02 <DIR> d-------- C:\CrashReport
2008-12-14 11:14 . 2008-12-19 12:57 <DIR> d-------- c:\program files\Runes of Magic
2008-12-12 21:39 . 2008-12-12 21:39 <DIR> d-------- c:\program files\Hamachi
2008-11-30 20:30 . 2007-03-08 07:36 577,536 --a------ c:\windows\system32\hbdv
2008-11-30 20:30 . 2008-11-30 20:30 0 --a------ c:\windows\ynh.dx
2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\windows\system32\Lang
2008-11-30 15:42 . 2008-11-30 15:42 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-11-30 15:42 . 2008-11-30 15:42 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-11-28 13:47 . 2008-11-28 13:47 <DIR> d-------- c:\documents and settings\Tsugomaru\Application Data\gtk-2.0
2008-11-28 13:26 . 2008-11-28 14:44 <DIR> d-------- c:\documents and settings\Tsugomaru\.gimp-2.6
2008-11-28 13:26 . 2008-11-28 13:26 <DIR> d-------- c:\documents and settings\Tsugomaru\.gegl-0.0
2008-11-28 13:25 . 2008-11-28 13:25 <DIR> d-------- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-22 02:24 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-21 20:21 --------- d-----w c:\program files\Java
2008-12-21 10:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-21 04:36 --------- d-----w c:\documents and settings\Tsugomaru\Application Data\foobar2000
2008-12-21 02:46 --------- d-----w c:\documents and settings\Tsugomaru\Application Data\Azureus
2008-12-19 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-15 02:05 --------- d-----w c:\documents and settings\Tsugomaru\Application Data\Hamachi
2008-12-13 05:39 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-30 23:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 06:12 --------- d-----w c:\program files\Ahead
2008-10-24 00:16 --------- d-----w c:\program files\Google
2007-02-07 04:46 8 ----a-w c:\documents and settings\Tsugomaru\Application Data\usb.dat.bin
.

((((((((((((((((((((((((((((( snapshot@2008-11-30_15.44.18.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-21 10:46:32 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-12-21 10:46:32 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-11-24 22:35:00 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-24 22:43:36 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-24 22:35:38 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-24 22:16:06 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-24 22:35:40 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-24 22:07:38 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-24 22:07:38 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-24 22:07:38 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-24 22:12:14 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-24 22:34:18 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-24 22:36:12 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-24 22:43:16 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103471.exe
+ 2008-11-24 22:34:04 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-24 22:34:02 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-24 22:07:38 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 18:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2006-08-04 00:26:50 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-12-21 18:05:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2006-08-04 00:26:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-21 07:03:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-04 00:26:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 18:05:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2006-07-26 08:25:56 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-21 20:21:35 144,792 ----a-w c:\windows\system32\java.exe
- 2006-07-26 08:26:06 53,346 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-21 20:21:35 144,792 ----a-w c:\windows\system32\javaw.exe
- 2006-07-26 10:03:16 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-21 20:21:35 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-30 23:42:25 11,622 ----a-w c:\windows\system32\Lang\Arabic.bin
+ 2008-11-30 23:42:24 13,611 ----a-w c:\windows\system32\Lang\Danish.bin
+ 2008-11-30 23:42:24 14,250 ----a-w c:\windows\system32\Lang\Dutch.bin
+ 2008-11-30 23:42:25 11,812 ----a-w c:\windows\system32\Lang\English.bin
+ 2008-11-30 23:42:25 15,106 ----a-w c:\windows\system32\Lang\French.bin
+ 2008-11-30 23:42:25 14,653 ----a-w c:\windows\system32\Lang\German.bin
+ 2008-11-30 23:42:25 13,746 ----a-w c:\windows\system32\Lang\Greek.bin
+ 2008-11-30 23:42:25 15,498 ----a-w c:\windows\system32\Lang\Italian.bin
+ 2008-11-30 23:42:24 13,125 ----a-w c:\windows\system32\Lang\Japanese.bin
+ 2008-11-30 23:42:24 11,279 ----a-w c:\windows\system32\Lang\Korean.bin
+ 2008-11-30 23:42:25 13,211 ----a-w c:\windows\system32\Lang\Polish.bin
+ 2008-11-30 23:42:25 13,526 ----a-w c:\windows\system32\Lang\Portuguese_Brazilian.bin
+ 2008-11-30 23:42:25 14,414 ----a-w c:\windows\system32\Lang\Portuguese_Default.bin
+ 2008-11-30 23:42:25 14,831 ----a-w c:\windows\system32\Lang\Russian.bin
+ 2008-11-30 23:42:25 9,265 ----a-w c:\windows\system32\Lang\SimChin.bin
+ 2008-11-30 23:42:25 15,189 ----a-w c:\windows\system32\Lang\Spanish.bin
+ 2008-11-30 23:42:25 13,340 ----a-w c:\windows\system32\Lang\SWEDISH.bin
+ 2008-11-30 23:42:25 12,027 ----a-w c:\windows\system32\Lang\Thai.bin
+ 2008-11-30 23:42:24 9,956 ----a-w c:\windows\system32\Lang\TradChin.bin
- 2007-08-07 21:35:56 585,728 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2008-12-04 08:59:26 581,632 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2008-12-04 08:59:30 1,490,944 ----a-w c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
- 2007-08-07 21:36:32 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-12-04 08:59:26 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-12-04 08:59:30 606,208 ----a-w c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
- 2007-08-07 21:35:22 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-12-04 08:59:26 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-08-07 21:35:32 483,328 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-12-04 08:59:26 475,136 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-08-07 21:28:38 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-12-04 08:59:26 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll
- 2007-08-07 21:37:56 77,824 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-12-04 08:59:26 77,824 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-12-04 08:59:26 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2007-08-07 21:37:58 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-12-04 08:59:26 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-12-22 02:32:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_12c.dat
+ 2008-12-22 02:32:09 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5b4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-19 679424]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-02-13 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIADA.EXE" [2005-02-02 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"Auto EPSON Stylus CX4800 Series (Network) on STUDY"="c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIADA.EXE" [2005-02-02 98304]
"Auto EPSON Stylus CX4800 Series on STUDY"="c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIADA.EXE" [2005-02-02 98304]
"Auto EPSON Stylus CX4800 Series on STUDY (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_ FATIADA.EXE" [2005-02-02 98304]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 158208]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-07 c:\windows\soundman.exe]

c:\documents and settings\Tsugomaru\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xsobjd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 01:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"Game.exe"= Game.exe:*:Ena
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\soundman.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-20 111184]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2006-08-11 13696]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.ex e" -k runservice [2008-06-14 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2008-12-20 20560]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-11-06 34064]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sy s []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0c48a5c1-2313-11db-b68a-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{15e6ebcd-4953-11dd-84d3-00e04cf4b49c}]
\Shell\AutoRun\command - I:\ipy.cmd
\Shell\explore\Command - I:\ipy.cmd
\Shell\open\Command - I:\ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3d4edec6-43c0-11dd-84d1-00e04cf4b49c}]
\Shell\AutoRun\command - H:\ipy.cmd
\Shell\explore\Command - H:\ipy.cmd
\Shell\open\Command - H:\ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{42e131c5-61a8-11dd-84d5-00e04cf4b49c}]
\Shell\AutoRun\command - H:\ipy.cmd
\Shell\explore\Command - H:\ipy.cmd
\Shell\open\Command - H:\ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d4e246c-2a1f-11db-8481-00e04cf4b49c}]
\Shell\AutoRun\command - 8ot8y86.exe
\Shell\explore\Command - 8ot8y86.exe
\Shell\open\Command - 8ot8y86.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{853ac8d9-dab0-11dc-84c9-00e04cf4b49c}]
\Shell\AutoRun\command - G:\ka1nk.bat
\Shell\explore\Command - G:\ka1nk.bat
\Shell\open\Command - G:\ka1nk.bat
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\wyjwtggf.job
- c:\windows\system32\rundll32.exe [2004-08-04 04:00]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\TricksterActiveX.lic
c:\windows\Downloaded Program Files\TricksterActiveX.ocx
O16 -: {CEA3052D-65B9-44E2-A501-5E14024BC66F}
hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
c:\windows\Downloaded Program Files\TricksterActiveX.inf

c:\windows\system32\mfc42.dll - O16 -: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D}
hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
c:\windows\Downloaded Program Files\KALogoutComponent.inf
FF - ProfilePath - c:\documents and settings\Tsugomaru\Application Data\Mozilla\Firefox\Profiles\9b18pp3b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 18:32:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\taskmgr.exe
.
************************************************** ************************
.
Completion time: 2008-12-21 18:37:27 - machine was rebooted [Tsugomaru]
ComboFix-quarantined-files.txt 2008-12-22 02:37:25

Pre-Run: 58,244,718,592 bytes free
Post-Run: 58,258,518,016 bytes free

348 --- E O F --- 2008-02-13 11:00:30
  #5  
Old 21st Dec 2008, 20:11
Moderator Group
  
Default Iexplore.exe and norton problem

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

File::
c:\windows\ynh.dx
c:\windows\Tasks\wyjwtggf.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c48a5c1-2313-11db-b68a-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15e6ebcd-4953-11dd-84d3-00e04cf4b49c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d4edec6-43c0-11dd-84d1-00e04cf4b49c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42e131c5-61a8-11dd-84d5-00e04cf4b49c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d4e246c-2a1f-11db-8481-00e04cf4b49c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853ac8d9-dab0-11dc-84c9-00e04cf4b49c}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #6  
Old 21st Dec 2008, 20:27
New Member Group
  
Default Iexplore.exe and norton problem

ComboFix 08-12-21.03 - Tsugomaru 2008-12-21 19:17:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1595 [GMT -8:00]
Running from: c:\documents and settings\Tsugomaru\Desktop\Virus Stuff\ComboFix.exe
Command switches used :: c:\documents and settings\Tsugomaru\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\Tasks\wyjwtggf.job
c:\windows\ynh.dx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\wyjwtggf.job
c:\windows\ynh.dx

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-21 18:23 . 2008-12-21 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-21 12:25 . 2008-12-21 12:25 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 12:21 . 2008-12-21 12:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:21 . 2008-12-21 12:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-21 11:14 . 2008-12-21 11:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 11:14 . 2008-12-21 11:14 <DIR> d-------- c:\documents and settings\Tsugomaru\Application Data\Malwarebytes
2008-12-21 11:14 . 2008-12-21 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 11:14 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 11:14 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 02:46 . 2008-12-21 02:46 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-21 02:46 . 2008-12-21 02:46 <DIR> d-------- c:\documents and settings\Tsugomaru\Application Data\SUPERAntiSpyware.com
2008-12-21 02:46 . 2008-12-21 02:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-21 02:40 . 2008-12-21 02:40 <DIR> d-------- c:\program files\CCleaner
2008-12-20 23:24 . 2008-12-20 23:24 <DIR> d-------- c:\program files\Alwil Software
2008-12-15 00:02 . 2008-12-15 00:02 <DIR> d-------- C:\CrashReport
2008-12-14 11:14 . 2008-12-19 12:57 <DIR> d-------- c:\program files\Runes of Magic
2008-12-12 21:39 . 2008-12-12 21:39 <DIR> d-------- c:\program files\Hamachi
2008-11-30 20:30 . 2007-03-08 07:36 577,536 --a------ c:\windows\system32\hbdv
2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\windows\system32\Lang
2008-11-30 15:42 . 2008-11-30 15:42 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-11-30 15:42 . 2008-11-30 15:42 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-11-28 13:47 . 2008-11-28 13:47 <DIR> d-------- c:\documents and settings\Tsugomaru\Application Data\gtk-2.0
2008-11-28 13:26 . 2008-11-28 14:44 <DIR> d-------- c:\documents and settings\Tsugomaru\.gimp-2.6
2008-11-28 13:26 . 2008-11-28 13:26 <DIR> d-------- c:\documents and settings\Tsugomaru\.gegl-0.0
2008-11-28 13:25 . 2008-11-28 13:25 <DIR> d-------- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-22 02:24 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-21 20:21 --------- d-----w c:\program files\Java
2008-12-21 10:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-21 04:36 --------- d-----w c:\documents and settings\Tsugomaru\Application Data\foobar2000
2008-12-21 02:46 --------- d-----w c:\documents and settings\Tsugomaru\Application Data\Azureus
2008-12-19 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-15 02:05 --------- d-----w c:\documents and settings\Tsugomaru\Application Data\Hamachi
2008-12-13 05:39 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-30 23:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 06:12 --------- d-----w c:\program files\Ahead
2008-10-24 00:16 --------- d-----w c:\program files\Google
2007-02-07 04:46 8 ----a-w c:\documents and settings\Tsugomaru\Application Data\usb.dat.bin
.

((((((((((((((((((((((((((((( snapshot_2008-12-21_18.37.09.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-22 03:20:02 16,384 ----atw c:\windows\temp\Perflib_Perfdata_52c.dat
- 2008-12-22 02:32:09 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5b4.dat
+ 2008-12-22 03:19:35 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-19 679424]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-02-13 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIADA.EXE" [2005-02-02 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"Auto EPSON Stylus CX4800 Series (Network) on STUDY"="c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIADA.EXE" [2005-02-02 98304]
"Auto EPSON Stylus CX4800 Series on STUDY"="c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIADA.EXE" [2005-02-02 98304]
"Auto EPSON Stylus CX4800 Series on STUDY (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_ FATIADA.EXE" [2005-02-02 98304]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 158208]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-07 c:\windows\soundman.exe]

c:\documents and settings\Tsugomaru\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 01:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"Game.exe"= Game.exe:*:Ena
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\soundman.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-20 111184]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2006-08-11 13696]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.ex e" -k runservice [2008-06-14 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2008-12-20 20560]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-11-06 34064]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sy s []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\TricksterActiveX.lic
c:\windows\Downloaded Program Files\TricksterActiveX.ocx
O16 -: {CEA3052D-65B9-44E2-A501-5E14024BC66F}
hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
c:\windows\Downloaded Program Files\TricksterActiveX.inf

c:\windows\system32\mfc42.dll - O16 -: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D}
hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
c:\windows\Downloaded Program Files\KALogoutComponent.inf
FF - ProfilePath - c:\documents and settings\Tsugomaru\Application Data\Mozilla\Firefox\Profiles\9b18pp3b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 19:19:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-12-21 19:25:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 03:25:03
ComboFix2.txt 2008-12-22 02:37:28

Pre-Run: 58,226,425,856 bytes free
Post-Run: 58,215,378,944 bytes free

181 --- E O F --- 2008-02-13 11:00:30
  #7  
Old 21st Dec 2008, 23:03
Moderator Group
  
Default Iexplore.exe and norton problem

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

----------

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save


Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________
  #8  
Old 21st Dec 2008, 23:10
New Member Group
  
Default Iexplore.exe and norton problem

I'm running Windowns XP and using Firefox 3.0. Although I have enabled both JavaScript and Java in my options, Kaspersky Online Scanner still shows it as false.

I can't hit accept.
  #9  
Old 21st Dec 2008, 23:11
Moderator Group
  
Default Iexplore.exe and norton problem

Try running it in Internet Explorer.
__________________
  #10  
Old 22nd Dec 2008, 02:18
New Member Group
  
Default Iexplore.exe and norton problem

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 04:34:37
Records in database: 1498594
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 78146
Threat name: 11
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 01:08:42


File name / Threat name / Threats count
C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX/C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe//PE_Patch.UPX//UPX Infected: Trojan.Win32.Agent.axoc 1
C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe/C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe Infected: Trojan.Win32.Agent.aycx 1
C:\Documents and Settings\Tsugomaru\Application Data\gadcom\gadcom.exe Infected: Trojan.Win32.Agent.axoc 1
C:\Documents and Settings\Tsugomaru\Application Data\SpeedRunner\SRUninstall.exe Infected: Trojan-Downloader.Win32.Agent.aldb 1
C:\Documents and Settings\Tsugomaru\Application Data\Twain\Twain.exe Infected: Trojan.Win32.Agent.aycx 1
C:\Documents and Settings\Tsugomaru\Desktop\Unknown\k-f_sysreset\k-f_sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe Infected: not-a-virus:AdWare.Win32.CommAd.a 2
C:\Documents and Settings\Tsugomaru\Local Settings\temp\cmdinst.exe Infected: not-a-virus:Monitor.Win32.NetMon.a 1
C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2D.tmp Infected: Trojan-Downloader.Win32.Agent.aogd 1
C:\Documents and Settings\Tsugomaru\Local Settings\temp\__2F.tmp Infected: Trojan-Downloader.Win32.Agent.nfz 1
C:\Documents and Settings\Tsugomaru\Local Settings\temp\__40.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qyk 1
C:\Program Files\Mozilla Firefox\chrome\chrome\content\browser.js Infected: Trojan.JS.Agent.dx 1
C:\Program Files\Network Monitor\netmon.exe Infected: not-a-virus:Monitor.Win32.NetMon.a 1
C:\WINDOWS\system32\geBtSLCt.dll Infected: Trojan.Win32.Monder.aehd 1
C:\WINDOWS\VHN1Z29tYXJ1\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a 1

The selected area was scanned.
Reply
Page 1 of 4 1 234

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
Another IEXPLORE.EXE problem.. nandryshak Virus, Spyware & Security 1 3rd Oct 2008 07:39
Norton 360 - Vista Home Premium - Wireless Problem prawleprovi Virus, Spyware & Security 2 6th May 2008 09:48
Iexplore.exe problem arko Virus, Spyware & Security 10 16th Mar 2008 13:34
Norton Antivirus problem. KingOmega Virus, Spyware & Security 8 27th Feb 2008 11:32
IEXPLORE.EXE virus problem sungod000 Virus, Spyware & Security 12 21st Jan 2008 11:28
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.