• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Eliena

Symantec Email Proxy Popups is flooding my PC ~ HELP!!

18 posts in this topic

Norton anti-virus software does not detected anything.

 

Spybot detected several spywares including Torpig, Smitfraud, Locksky, and many others which I can't recall. Spybot indicated they were fixed, but when I run it again, the same spywares appear.....and I had ran Spybot for around 10 times.

 

AVG Anti-Spyware detected Trojan dialer and V...(cannot remember the spelling), it kept showing though I have clicked on clean up and restart my PC.

 

This is my hijack logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:35:17 PM, on 16/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\WinPop\winpop.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe

C:\Program Files\Norton AntiVirus\OPScan.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:/HP/REGION/start.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: WL630USB Wireless B+G Utility.lnk = C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.

Post the contents of this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Hi, thanks. This is my combofix.txt log report:

 

ComboFix 07-06-18.2 - D:\ComboFix.exe

"Owner" - 2007-06-22 4:39:01 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))

 

 

2007-06-22 04:04 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-20 13:16 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\TrojanHunter

2007-06-20 11:31 <DIR> d-------- C:\Program Files\TrojanHunter 4.5

2007-06-16 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-06-16 20:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-06-16 04:03 10,872 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys

2007-06-16 03:14 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-06-16 00:08 <DIR> d-------- C:\WINDOWS\pss

2007-06-14 04:05 <DIR> d-------- C:\Program Files\WinPop

2007-06-14 03:54 24,643 --------- C:\WINDOWS\SYSTEM32\vtuvsrp.dll

2007-06-13 19:11 <DIR> d-------- C:\Program Files\SymNetDrv

2007-06-13 18:45 91,904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL

2007-06-13 18:45 4,608 --a------ C:\WINDOWS\SYSTEM32\drivers\symlcbrd.sys

2007-06-13 18:45 124,016 --a------ C:\WINDOWS\SYSTEM32\drivers\SYMEVENT.SYS

2007-06-13 18:45 <DIR> d-------- C:\Program Files\Norton AntiVirus

2007-06-13 17:07 <DIR> d-------- C:\Program Files\Symantec

2007-06-13 02:18 <DIR> d-------- C:\Program Files\CDex_150

2007-06-13 02:05 <DIR> d-------- C:\Program Files\Audacity

2007-06-13 01:04 <DIR> d--h----- C:\~cevts_001_tmp.dir

2007-06-09 20:08 255,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll

2007-06-09 19:40 <DIR> d--hs---- C:\WINDOWS\ftpcache

2007-06-09 19:15 611,064 --a------ C:\WINDOWS\SYSTEM32\drivers\sptd.sys

2007-06-03 13:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\HP

2007-06-03 13:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

2007-06-03 13:30 <DIR> d-------- C:\bin

2007-06-03 13:27 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared

2007-06-03 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

2007-06-03 13:23 <DIR> d-------- C:\Program Files\Common Files\HP

2007-06-03 13:19 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-06-03 13:18 49,664 -ra------ C:\WINDOWS\SYSTEM32\drivers\HPZid412.sys

2007-06-03 13:18 16,496 -ra------ C:\WINDOWS\SYSTEM32\drivers\HPZipr12.sys

2007-06-03 13:17 77,824 -ra------ C:\WINDOWS\SYSTEM32\HPZIDS01.dll

2007-06-03 13:17 38,400 --a------ C:\WINDOWS\SYSTEM32\hpz3l054.dll

2007-06-03 13:13 94,208 --a------ C:\WINDOWS\SYSTEM32\HPZipt12.dll

2007-06-03 13:13 69,632 --a------ C:\WINDOWS\SYSTEM32\HPZipm12.exe

2007-06-03 13:13 65,536 --a------ C:\WINDOWS\SYSTEM32\HPZinw12.exe

2007-06-03 13:13 57,344 --a------ C:\WINDOWS\SYSTEM32\HPZisn12.dll

2007-06-03 13:13 282,680 --a------ C:\WINDOWS\SYSTEM32\HPZidr12.dll

2007-06-03 13:13 204,800 --a------ C:\WINDOWS\SYSTEM32\HPZipr12.dll

2007-06-03 13:11 <DIR> d-------- C:\Program Files\HP

2007-06-03 13:08 117,083 --a------ C:\WINDOWS\hpoins11.dat

2007-05-27 03:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Joost

2007-05-27 03:43 <DIR> d-------- C:\Program Files\Joost

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-21 20:30:58 -------- d-----w C:\Program Files\lg_fwupdate

2007-06-17 21:23:30 -------- d-----w C:\Program Files\NJStar Communicator

2007-06-16 01:23:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Registry Cleaner

2007-06-14 03:16:24 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-09 12:10:07 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-06-09 12:06:56 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-03 05:21:13 -------- d-----w C:\Program Files\Hewlett-Packard

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-03 06:51:12 -------- d-----w C:\Program Files\Alisoft

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-03-28 10:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 10:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll

2001-07-22 02:45:40 94,784 --sh--w C:\WINDOWS\twain.dll

2004-08-03 16:56:48 50,688 --sh--w C:\WINDOWS\twain_32.dll

2004-08-03 16:56:44 1,028,096 --sh--w C:\WINDOWS\SYSTEM32\mfc42.dll

2004-08-03 16:56:44 54,784 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll

2004-08-03 16:56:44 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll

2004-08-03 16:56:44 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll

2004-08-03 16:56:46 553,472 --sh--w C:\WINDOWS\SYSTEM32\oleaut32.dll

2004-08-03 16:56:46 83,456 --sh--w C:\WINDOWS\SYSTEM32\olepro32.dll

2004-08-03 16:56:56 11,776 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]

{43837588-4E6D-472D-9216-AC9D3052CC7B}=C:\WINDOWS\system32\mljjk.dll []

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\vtuvsrp.dll [2007-06-14 03:54]

{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-13 10:00]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-13 19:11]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\SYSTEM32\nwiz.exe]

"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 10:00]

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 10:00]

"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-10 16:52]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]

"THGuard"="C:\Program Files\TrojanHunter 4.5\THGuard.exe" [2006-05-31 19:52]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" []

"WinPop"="C:\Program Files\WinPop\winpop.exe" [2007-06-14 04:05]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 20:29]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\vtuvsrp.dll" [2007-06-14 03:54]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjk]

C:\WINDOWS\system32\mljjk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvsrp]

vtuvsrp.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]

winjvd32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\€(8]

€(8

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk

backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WangWang]

"C:\Program Files\Alisoft\WangWang\WangWang.EXE"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

NtmlSvc

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-13 11:04:04 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-22 04:50:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l?@?D..... (This portion is deleted by me because this error was prompted: You have posted a message with more emoticons that this board allows. Please reduce the number of emoticons you've added to the message)

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-22 4:55:49

C:\ComboFix-quarantined-files.txt ... 2007-06-22 04:54

 

--- E O F ---

 

and this is my new hijackthislog report:

 

Logfile of HijackThis v1.99.1

Scan saved at 5:04:00 AM, on 22/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\WinPop\winpop.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {43837588-4E6D-472D-9216-AC9D3052CC7B} - C:\WINDOWS\system32\mljjk.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtuvsrp.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll (file missing)

O20 - Winlogon Notify: vtuvsrp - C:\WINDOWS\SYSTEM32\vtuvsrp.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)

O20 - Winlogon Notify: €(8 - €(8 (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Share this post


Link to post
Share on other sites

Hi,

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = confused.gifconfused.gifconfused.gifconfused.gifl?@?l?@?D..... (This portion is deleted by me because this error was prompted: You have posted a message with more emoticons that this board allows. Please reduce the number of emoticons you've added to the message)

scanning hidden files ...

Yes, I know, Catchme, a tool used by Combofix has problems with displaying the entries properly for PowerBar. That entry is Ok. It just contains embedded nulls, that's why Catchme is seeing it.

 

Do next please...

 

Open notepad and copy/paste the text in the quotebox below into it:

 

File::

C:\WINDOWS\SYSTEM32\vtuvsrp.dll

 

Folder::

C:\Program Files\WinPop

 

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43837588-4E6D-472D-9216-AC9D3052CC7B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinPop"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjk]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvsrp]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\€(8]

 

Save this as ComboFix-Do.txt

 

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

 

Combo-Do.gif

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also, please use two seperate posts to post your logs, because your latest HijackThislog didn't fit in your previous reply, a part was cut off at the end.

Share this post


Link to post
Share on other sites

This is my new combofix.txt log report:

 

ComboFix 07-06-18.2 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe

"Owner" - 2007-06-23 10:28:53 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))

 

 

2007-06-22 04:04 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-20 13:16 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\TrojanHunter

2007-06-20 11:31 <DIR> d-------- C:\Program Files\TrojanHunter 4.5

2007-06-16 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-06-16 20:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-06-16 04:03 10,872 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys

2007-06-16 03:14 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-06-16 00:08 <DIR> d-------- C:\WINDOWS\pss

2007-06-13 19:11 <DIR> d-------- C:\Program Files\SymNetDrv

2007-06-13 18:45 91,904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL

2007-06-13 18:45 4,608 --a------ C:\WINDOWS\SYSTEM32\drivers\symlcbrd.sys

2007-06-13 18:45 124,016 --a------ C:\WINDOWS\SYSTEM32\drivers\SYMEVENT.SYS

2007-06-13 18:45 <DIR> d-------- C:\Program Files\Norton AntiVirus

2007-06-13 17:07 <DIR> d-------- C:\Program Files\Symantec

2007-06-13 02:18 <DIR> d-------- C:\Program Files\CDex_150

2007-06-13 02:05 <DIR> d-------- C:\Program Files\Audacity

2007-06-13 01:04 <DIR> d--h----- C:\~cevts_001_tmp.dir

2007-06-09 20:08 255,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll

2007-06-09 19:40 <DIR> d--hs---- C:\WINDOWS\ftpcache

2007-06-09 19:15 611,064 --a------ C:\WINDOWS\SYSTEM32\drivers\sptd.sys

2007-06-03 13:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\HP

2007-06-03 13:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

2007-06-03 13:30 <DIR> d-------- C:\bin

2007-06-03 13:27 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared

2007-06-03 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

2007-06-03 13:23 <DIR> d-------- C:\Program Files\Common Files\HP

2007-06-03 13:19 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-06-03 13:18 49,664 -ra------ C:\WINDOWS\SYSTEM32\drivers\HPZid412.sys

2007-06-03 13:18 16,496 -ra------ C:\WINDOWS\SYSTEM32\drivers\HPZipr12.sys

2007-06-03 13:17 77,824 -ra------ C:\WINDOWS\SYSTEM32\HPZIDS01.dll

2007-06-03 13:17 38,400 --a------ C:\WINDOWS\SYSTEM32\hpz3l054.dll

2007-06-03 13:13 94,208 --a------ C:\WINDOWS\SYSTEM32\HPZipt12.dll

2007-06-03 13:13 69,632 --a------ C:\WINDOWS\SYSTEM32\HPZipm12.exe

2007-06-03 13:13 65,536 --a------ C:\WINDOWS\SYSTEM32\HPZinw12.exe

2007-06-03 13:13 57,344 --a------ C:\WINDOWS\SYSTEM32\HPZisn12.dll

2007-06-03 13:13 282,680 --a------ C:\WINDOWS\SYSTEM32\HPZidr12.dll

2007-06-03 13:13 204,800 --a------ C:\WINDOWS\SYSTEM32\HPZipr12.dll

2007-06-03 13:11 <DIR> d-------- C:\Program Files\HP

2007-06-03 13:08 117,083 --a------ C:\WINDOWS\hpoins11.dat

2007-05-27 03:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Joost

2007-05-27 03:43 <DIR> d-------- C:\Program Files\Joost

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-23 02:13:12 -------- d-----w C:\Program Files\lg_fwupdate

2007-06-17 21:23:30 -------- d-----w C:\Program Files\NJStar Communicator

2007-06-16 01:23:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Registry Cleaner

2007-06-14 03:16:24 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-09 12:10:07 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-06-09 12:06:56 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-03 05:21:13 -------- d-----w C:\Program Files\Hewlett-Packard

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-03 06:51:12 -------- d-----w C:\Program Files\Alisoft

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-03-28 10:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 10:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll

2001-07-22 02:45:40 94,784 --sh--w C:\WINDOWS\twain.dll

2004-08-03 16:56:48 50,688 --sh--w C:\WINDOWS\twain_32.dll

2004-08-03 16:56:44 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll

2004-08-03 16:56:44 54,784 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll

2004-08-03 16:56:44 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll

2004-08-03 16:56:44 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll

2004-08-03 16:56:46 553,472 --sha-w C:\WINDOWS\SYSTEM32\oleaut32.dll

2004-08-03 16:56:46 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll

2004-08-03 16:56:56 11,776 --sha-w C:\WINDOWS\SYSTEM32\regsvr32.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-13 10:00]

"WangWang"="C:\Program Files\Alisoft\WangWang\WangWang.EXE" [2007-04-12 09:29]

"THGuard"="C:\Program Files\TrojanHunter 4.5\THGuard.exe" [2006-05-31 19:52]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-13 19:11]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\SYSTEM32\nwiz.exe]

"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 10:00]

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 10:00]

"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-10 16:52]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 22:25]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" []

"WinPop"="C:\Program Files\WinPop\winpop.exe" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 20:29]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

NtmlSvc

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-13 11:04:04 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-23 10:35:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

? [2904]

 

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l (This portion is deleted by me because this error was prompted: You have posted a message with more emoticons that this board allows. Please reduce the number of emoticons you've added to the message)

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-23 10:39:18

C:\ComboFix-quarantined-files.txt ... 2007-06-23 10:38

C:\ComboFix2.txt ... 2007-06-23 09:41

C:\ComboFix3.txt ... 2007-06-22 04:55

 

--- E O F ---

Share this post


Link to post
Share on other sites

...and this is my latest hijackthislog report:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:20:26 AM, on 23/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Alisoft\WangWang\WangWang.EXE

C:\Program Files\TrojanHunter 4.5\THGuard.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\control.exe

C:\WINDOWS\system32\rundll32.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WangWang] "C:\Program Files\Alisoft\WangWang\WangWang.EXE"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: hp center.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WL630USB Wireless B+G Utility.lnk = C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Share this post


Link to post
Share on other sites

Hi,

 

Check and fix next entry in HijackThis:

 

O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe

 

Then, Download and Save blacklight to your desktop.

F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml

(fsbl.exe - graphical user interface)

Double-click fsbl.exe then accept the agreement.

click > scan then > next,

You'll see a list of all items found - if found, so don't worry it tells that there were no files found.

In case hidden files were found, Don't choose for rename yet! I want to see the log first, because legit items can also be present there...

There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

Post the contents of the log in your next reply.

Share this post


Link to post
Share on other sites

Hi,

 

O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe FIXED.

 

Scanned with F-Secure Blacklight but no hidden file found.

 

Please advise next step. Thanks.

Share this post


Link to post
Share on other sites

Hi,

 

As far as I can see, malware should be gone now though..

 

How are things now? Popups etc gone?

Share this post


Link to post
Share on other sites

Hi,

 

Glad to hear that malware should be gone. I'll check and update you.

 

p/s: I am using another PC to communicate with you because the infected PC with the popups doesn't allow me to communicate efficiently :-)

 

Regards.

Share this post


Link to post
Share on other sites

Hi,

 

Glad to hear that malware should be gone. I'll check and update you.

 

p/s: I am using another PC to communicate with you because the infected PC with the popups doesn't allow me to communicate efficiently :-)

 

Regards.

Share this post


Link to post
Share on other sites

Didn't you notice any difference yet while you were working on the infected PC?

Please try to communicate from there now.. :)

Share this post


Link to post
Share on other sites

Hi,

 

I am communicating with this CURE PC now. Every thing looks fine, no more pop-ups. Thank you so much!

 

Would like to confirm that all malware, spyware, etc including Trojan infostealer are gone? Am I safe to do banking online and providing my credit info online? Thank you in advance for your advice.

Share this post


Link to post
Share on other sites

Hi,

 

Good to hear.

 

Delete next folder: C:\Qoobox

 

Then perform a full scan afterwards with an updated Norton/Symantec to get rid of the leftovers if still present.

 

It is always a good idea to change all your passwords after being infected, because you never know what info the malware collected in a meanwhile.

 

Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for the advice and info. Will follow accordingly.

 

Your help is greatly appreciated. I am so relieved that I am able to surf in peace of mind again! Thanks once again.

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0