Jump to content
Sign in to follow this  
binfordw

HJT log, outerinfo troubles

Recommended Posts

hi all,

 

 

Been awhile since i needed a hand. Wound up with "outerinfo" problems tonight and cannot seem to get rid of it.

 

 

I cannot remove the outerinfo program from the add/remove list in cp, my antivirus pops up anytime i try. Also, trying to use the links posted here on another thread on uninstalling Outerinfo doesnt work, my antivirus says it found Generic Malware virus and deleted it instead of showing the page.

 

Don't know how much this helps, if at all, but after cleaning, scanning and cleaning some more, I ran HJT and heres the log.

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:07:30 AM, on 10/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Benni\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

Share this post


Link to post
Share on other sites

Hi and welcome

 

Download ComboFix from Here

IMPORTANT !! Place it on your Desktop.

 

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

After rebooting ensure your Security applications have been re-enabled.

 

 

 

In your next reply post:

ComboFix.txt

New HJT log taken after the above scan has run

Share this post


Link to post
Share on other sites

New HJT log

 

 

Logfile of HijackThis v1.99.1

Scan saved at 2:48:08 PM, on 10/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Documents and Settings\Benni\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

 

 

 

 

 

 

 

 

 

 

 

Combofix Log

 

 

 

 

 

ComboFix 07-10-20.1 - Benni 2007-10-18 14:41:36.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.677 [GMT -7:00]

Running from: C:\Documents and Settings\Benni\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data.\salesmonitor

C:\Documents and Settings\Benni\Application Data.\AVSystemCare

C:\Documents and Settings\Benni\Application Data.\AVSystemCare\avtasks.dat

C:\Documents and Settings\Benni\Application Data.\AVSystemCare\Logs\av.log

C:\Documents and Settings\Benni\Application Data.\AVSystemCare\Logs\ga6Support.log

C:\Documents and Settings\Benni\Application Data.\AVSystemCare\Logs\update.log

C:\Documents and Settings\Benni\Application Data\YMANTE~1

C:\Documents and Settings\Benni\Application Data\YMANTE~1\?ymantec\

C:\Documents and Settings\Benni\Application Data\YMANTE~1\winword.exe

C:\Documents and Settings\Benni\Desktop\internet.lnk

C:\Documents and Settings\LocalService\Application Data\NetMon

C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt

C:\Documents and Settings\NetworkService\Application Data\NetMon

C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt

C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt

C:\Program Files\AVSystemCare

C:\Program Files\AVSystemCare\history.db

C:\Program Files\AVSystemCare\ResErrors.log

C:\Program Files\Common Files\smante~1

C:\Program Files\Common Files\smante~1\r?gedit.exe

C:\Program Files\Common Files\Yazzle1549OinAdmin.exe

C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe

C:\Program Files\Temporary

C:\Program Files\Windows NT\projyfsi.html

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\Temp\fCOe

C:\Temp\fCOe\tOasF.log

C:\temp\tn3

C:\UGA6P

C:\WINDOWS\b122.exe

C:\WINDOWS\system32\byxxuvu.dll

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

C:\WINDOWS\system32\drivers\core.sys

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\urqnnmk.dll

C:\WINDOWS\system32\wnstsitr32.exe

C:\WINDOWS\tsitra1000106.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_CORE

-------\LEGACY_NPF

-------\core

 

 

((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))

.

 

2007-10-18 14:41 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-18 05:01 <DIR> d-------- C:\Program Files\CCleaner

2007-10-18 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2007-10-18 01:33 202,500 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2007-10-18 01:33 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys

2007-10-18 01:33 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2007-10-18 01:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys

2007-10-18 01:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys

2007-10-18 01:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys

2007-10-18 01:33 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2007-10-18 01:32 <DIR> d-------- C:\Program Files\Panda Security

2007-10-18 01:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup

2007-10-18 01:31 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2007-10-18 01:31 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2007-10-18 01:31 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2007-10-18 01:02 <DIR> d-------- C:\Program Files\PCPitstop

2007-10-18 00:05 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2007-10-18 00:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-10-18 00:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-10-18 00:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-10-18 00:05 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-10-18 00:04 <DIR> d-------- C:\WINDOWS\system32\ib1

2007-10-18 00:04 <DIR> d-------- C:\WINDOWS\system32\cp1

2007-10-18 00:04 <DIR> d-------- C:\WINDOWS\system32\bo2

2007-10-18 00:04 <DIR> d-------- C:\WINDOWS\system32\ap1

2007-10-18 00:04 <DIR> d--hs---- C:\WINDOWS\QmVu

2007-10-18 00:03 <DIR> d-------- C:\WINDOWS\system32\oTt08e

2007-10-18 00:03 <DIR> d-------- C:\Temp

2007-10-18 00:03 35,840 --a------ C:\WINDOWS\tsitra77.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-18 21:40 202,500 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2007-10-18 21:40 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2007-10-18 21:40 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2007-10-18 11:32 --------- d-----w C:\Program Files\Cain

2007-10-18 11:21 --------- d-----w C:\Program Files\mIRC

2007-10-18 08:32 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-18 07:15 --------- d-----w C:\Program Files\AlphaZIP

2007-10-01 08:41 --------- d-----w C:\Program Files\Yahoo!

2007-09-17 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2007-09-13 11:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-09-08 13:27 --------- d-----w C:\Documents and Settings\Benni\Application Data\IGN_DLM

2007-08-20 09:36 --------- d-----w C:\Program Files\SD EnterNET

2007-08-20 09:03 --------- d-----w C:\Program Files\IGN

2007-08-09 13:37 58,904 -c--a-w C:\WINDOWS\system32\azipcontmn.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 18:43]

"nwiz"="nwiz.exe" [2006-08-11 18:43 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 18:43]

"SoundMan"="SOUNDMAN.EXE" [2005-04-14 20:01 C:\WINDOWS\SOUNDMAN.EXE]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

 

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS

R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS

R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS

R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS

R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys

R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS

R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys

R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys

R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys

S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys

 

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-20 14:44:27

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-10-20 14:44:58 - machine was rebooted

.

--- E O F ---

Share this post


Link to post
Share on other sites

Welcome back

 

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

File::

C:\WINDOWS\tsitra77.exe

 

Folder::

C:\WINDOWS\system32\ib1

C:\WINDOWS\system32\cp1

C:\WINDOWS\system32\bo2

C:\WINDOWS\system32\ap1

C:\WINDOWS\QmVu

C:\WINDOWS\system32\oTt08e

C:\Temp

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

 

 

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

 

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives

      Scan Mail Bases

  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Posted Image

Posted Image

To obtain the report:

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

 

 

 

 

 

 

 

 

 

 

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

 

Download Trend Micro Hijack This™ and save to desktop.

Doubleclick the HJTInstall.exe to start it.

By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

 

Accept the license agreement by clicking the "I Accept" button.

Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click "Save log" to save the log file and then the log will open in Notepad.

Click on Edit-> Select All then click on "Edit -> Copy" to copy the entire contents of the log.

 

 

In your next reply post:

ComboFix.txt

Kaspersky log

New HJT log

Share this post


Link to post
Share on other sites

ComboFix log

 

 

ComboFix 07-10-20.1 - Benni 2007-10-21 0:31:57.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -7:00]

Running from: C:\Documents and Settings\Benni\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Benni\Desktop\CFScript.txt

* Created a new restore point

 

FILE::

C:\WINDOWS\tsitra77.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Temp

C:\WINDOWS\QmVu

C:\WINDOWS\system32\ap1

C:\WINDOWS\system32\ap1\sysmondll3.exe

C:\WINDOWS\system32\bo2

C:\WINDOWS\system32\cp1

C:\WINDOWS\system32\ib1

C:\WINDOWS\system32\ib1\rwv12drv.exe

C:\WINDOWS\system32\oTt08e

C:\WINDOWS\system32\oTt08e\oTt08e1099.exe

C:\WINDOWS\tsitra77.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))

.

 

2007-10-18 14:41 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-18 05:01 <DIR> d-------- C:\Program Files\CCleaner

2007-10-18 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2007-10-18 01:33 202,500 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2007-10-18 01:33 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys

2007-10-18 01:33 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2007-10-18 01:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys

2007-10-18 01:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys

2007-10-18 01:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys

2007-10-18 01:33 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2007-10-18 01:32 <DIR> d-------- C:\Program Files\Panda Security

2007-10-18 01:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup

2007-10-18 01:31 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2007-10-18 01:31 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2007-10-18 01:31 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2007-10-18 01:02 <DIR> d-------- C:\Program Files\PCPitstop

2007-10-18 00:05 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2007-10-18 00:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-10-18 00:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-10-18 00:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-10-18 00:05 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-21 07:31 202,500 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2007-10-21 07:31 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2007-10-21 07:31 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2007-10-18 11:32 --------- d-----w C:\Program Files\Cain

2007-10-18 11:21 --------- d-----w C:\Program Files\mIRC

2007-10-18 08:32 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-18 07:15 --------- d-----w C:\Program Files\AlphaZIP

2007-10-01 08:41 --------- d-----w C:\Program Files\Yahoo!

2007-09-17 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2007-09-13 11:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-09-08 13:27 --------- d-----w C:\Documents and Settings\Benni\Application Data\IGN_DLM

2007-08-09 13:37 58,904 -c--a-w C:\WINDOWS\system32\azipcontmn.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 18:43]

"nwiz"="nwiz.exe" [2006-08-11 18:43 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 18:43]

"SoundMan"="SOUNDMAN.EXE" [2005-04-14 20:01 C:\WINDOWS\SOUNDMAN.EXE]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

 

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS

R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS

R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS

R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS

R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys

R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS

R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys

R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys

R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys

R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys

 

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-21 00:32:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-10-21 0:33:14

C:\ComboFix2.txt ... 2007-10-20 14:44

.

--- E O F ---

 

 

 

 

 

Kaspersky online scan Log

 

 

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, October 21, 2007 1:32:56 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 20/10/2007

Kaspersky Anti-Virus database records: 441374

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

 

Scan Statistics:

Total number of scanned objects: 32843

Number of viruses found: 16

Number of infected objects: 37

Number of suspicious objects: 0

Duration of the scan process: 00:24:10

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped

C:\Documents and Settings\Benni\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Benni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Benni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Benni\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Benni\Local Settings\History\History.IE5\MSHist012007102120071022\index.dat Object is locked skipped

C:\Documents and Settings\Benni\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Benni\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Benni\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped

C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES Object is locked skipped

C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES2 Object is locked skipped

C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.ehg skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ib1\rwv12drv.exe.vir Infected: Trojan-Downloader.Win32.Small.gci skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\oTt08e\oTt08e1099.exe.vir Infected: Trojan-Downloader.Win32.VB.bnq skipped

C:\qoobox\Quarantine\C\WINDOWS\tsitra1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.ecz skipped

C:\qoobox\Quarantine\C\WINDOWS\tsitra77.exe.vir Infected: Trojan-Downloader.Win32.Agent.ecz skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019892.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019895.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019931.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019931.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019932.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019933.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019935.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019948.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019949.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019968.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP197\A0019975.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020012.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020014.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020015.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020023.exe Infected: Trojan-Downloader.Win32.Small.fjp skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020025.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020026.exe Infected: not-a-virus:PSWTool.Win32.Cain.281 skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020027.exe Infected: Trojan.Win32.Agent.bqn skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020028.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020029.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020030.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020031.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020031.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020033.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020034.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020034.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020083.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP199\A0020140.exe Infected: Trojan-Downloader.Win32.Agent.ehg skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP199\A0020141.exe Infected: Trojan-Downloader.Win32.Agent.ecz skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP201\A0020217.exe Infected: Trojan-Downloader.Win32.Small.gci skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP201\A0020218.exe Infected: Trojan-Downloader.Win32.VB.bnq skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP201\A0020219.exe Infected: Trojan-Downloader.Win32.Agent.ecz skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP201\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP201\change.log Object is locked skipped

 

Scan process completed.

 

 

 

 

New version HJT log

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:33:32 AM, on 10/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 4158 bytes

Share this post


Link to post
Share on other sites

That turned out very well.

 

These logs are clean, good job!

 

 

What Kaspersky found were remnants that we can easily take care of now.

C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.ehg skipped

C:\System Volume Information\_restore{38655DD2-1F8B-4065-902F-6B4B26AEEB32}\RP198\A0020015.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

 

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

 

 

If there are no more issues your good to go!

 

 

Below are recommendations to protect your computer.

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Install and Update SpywareBlaster protects against bad ActiveX, browser hijackers, and dialers that are some of the fastest-growing threats on the Internet today.

Tutorial

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

 

You can find a list of reliable trustworthy AntiSpyware programs here

 

Update these programs regularly . Without regular updates you will not be protected when new malicious programs are released.

Run them regularly as this can prevent a great deal of spyware hassle.

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Another article to read Dealing with Unwanted Spyware and Parasites

Secure My Computer: A Layered Approach

PC Safety and Security--What Do I Need?

Strong passwords: How to create and use them

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Free Antivirus-AntiSpyware-Firewall Software

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...