Results 1 to 10 of 28

Thread: google redirect problem

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2007-01-09, 17:53 #1
    erinsadancer3
    erinsadancer3 is offline
    Junior Member
    Join Date
    Jan 2007
    Location
    Texas
    Posts
    27

    Default

    C:\Program Files\Norton AntiVirus\Quarantine\7E616A86.jar ZIP: infected - 3 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7E616A86.jar CryptFF: infected - 3 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7E616A86.tmp Infected: Exploit.VBS.Phel.i skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7E85266A.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7E9D4DC4.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7E9D4DC4.htm Infected: Exploit.VBS.Phel.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EA077C0.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EC1407F.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EE40F0A.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EE40F0A.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EE40F0A.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EE40F0A.jar ZIP: infected - 3 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EE40F0A.jar CryptFF: infected - 3 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7EE83907.tmp Infected: Exploit.VBS.Phel.i skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7F4B45BD.htm Infected: Exploit.HTML.Mht skipped
    C:\Program Files\Outerinfo\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\Program Files\Outerinfo\OiUninstaller.exe NSIS: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP911\A0077890.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP911\A0077890.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP912\A0077912.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP912\A0077912.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP914\A0077951.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP914\A0077951.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP915\A0077975.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP915\A0077975.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP918\A0078040.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP918\A0078040.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP919\A0078062.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP919\A0078062.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP920\A0078084.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP920\A0078084.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP920\A0078107.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP920\A0078107.exe WiseSFX: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP920\A0078108.exe Infected: not-a-virus:AdWare.Win32.EZula.u skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079236.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079237.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079237.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079239.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079239.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079239.exe NSIS: infected - 2 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079240.exe Infected: Trojan-Downloader.Win32.Zlob.eb skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079242.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079243.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079244.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079245.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079246.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079249.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079257.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\A0079257.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{14659502-6D34-49D9-9E9D-AACE03A0D61B}\RP921\change.log Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
    C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
    C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
    C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ328940$\reg00003 Object is locked skipped
    C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\ptkknuf.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
  2. 2007-01-09, 18:51 #2
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Uninstall via add/remove programs (control panel)

    OIN search

    Empty this folder:

    C:\Program Files\Norton AntiVirus\Quarantine\

    Empty Recycle Bin

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Send:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2007-01-09, 23:39 #3
    erinsadancer3
    erinsadancer3 is offline
    Junior Member
    Join Date
    Jan 2007
    Location
    Texas
    Posts
    27

    Default

    ERIN JOSSERAND - 07-01-09 16:29:01.78 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\ERIN JOSSERAND\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1408OinUninstaller.exe

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ASEMBL~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ASKS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\CROSOF~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ECURIT~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ICROSO~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\MANTEC~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\PPATCH~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\SCURIT~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\SMBOLS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\STEM32~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1\F?nts
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1\svchost.exe
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1\F?nts\ctxad-503.0000
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\CROSOF~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\DOBE~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\FNTS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\MCROSO~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\PPATCH~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\RACLE~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\SSEMBL~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\SSTEM3~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\STEM~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\YMBOLS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\YSTEM~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\FNTS~1\go jane stuff.rtf
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\FNTS~1\?ti2evxx.exe
    C:\QooBox\Purity\Program Files\DOBE~1
    C:\QooBox\Purity\Program Files\FNTS~1
    C:\QooBox\Purity\Program Files\ICROSO~1.NET
    C:\QooBox\Purity\Program Files\MBOLS~1
    C:\QooBox\Purity\Program Files\PPATCH~1
    C:\QooBox\Purity\Program Files\PPATCH~2
    C:\QooBox\Purity\Program Files\RACLE~1
    C:\QooBox\Purity\Program Files\SEMBLY~1
    C:\QooBox\Purity\Program Files\SMANTE~1
    C:\QooBox\Purity\Program Files\STEM32~1
    C:\QooBox\Purity\Program Files\YSTEM3~1
    C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
    C:\QooBox\Purity\Program Files\Common Files\CROSOF~2.NET
    C:\QooBox\Purity\Program Files\Common Files\CURITY~1
    C:\QooBox\Purity\Program Files\Common Files\DOBE~1
    C:\QooBox\Purity\Program Files\Common Files\ECURIT~1
    C:\QooBox\Purity\Program Files\Common Files\FNTS~1
    C:\QooBox\Purity\Program Files\Common Files\FNTS~2
    C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
    C:\QooBox\Purity\Program Files\Common Files\MCROSO~1.NET
    C:\QooBox\Purity\Program Files\Common Files\PPPATC~1
    C:\QooBox\Purity\Program Files\Common Files\RACLE~1
    C:\QooBox\Purity\Program Files\Common Files\RACLE~2
    C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
    C:\QooBox\Purity\Program Files\Common Files\TSKS~1
    C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
    C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
    C:\QooBox\Purity\WINDOWS\CROSOF~1
    C:\QooBox\Purity\WINDOWS\CROSOF~1.NET
    C:\QooBox\Purity\WINDOWS\CURITY~1
    C:\QooBox\Purity\WINDOWS\FNTS~1
    C:\QooBox\Purity\WINDOWS\FNTS~2
    C:\QooBox\Purity\WINDOWS\MBOLS~1
    C:\QooBox\Purity\WINDOWS\PPATCH~1
    C:\QooBox\Purity\WINDOWS\SKS~1
    C:\QooBox\Purity\WINDOWS\STEM~1
    C:\QooBox\Purity\WINDOWS\YMANTE~1
    C:\QooBox\Purity\WINDOWS\system32\APPATC~1
    C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
    C:\QooBox\Purity\WINDOWS\system32\ICROSO~1.NET
    C:\QooBox\Purity\WINDOWS\system32\RACLE~1
    C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
    C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


    2007-01-07 17:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-01-07 17:33 <DIR> d-------- C:\WINDOWS\LastGood
    2007-01-07 17:14 57,856 --a------ C:\WINDOWS\system32\ptkknuf.dll
    2007-01-07 17:14 2 --a------ C:\WINDOWS\system32\wcpsvit.exe
    2007-01-07 15:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-01-07 15:51 <DIR> d-------- C:\Program Files\Grisoft
    2007-01-07 15:35 <DIR> d-------- C:\fixwareout
    2007-01-07 13:48 <DIR> d-------- C:\Program Files\Registry Defender
    2007-01-07 13:28 <DIR> d-------- C:\Program Files\HijackThis
    2007-01-07 13:25 <DIR> d-------- C:\hijackthis
    2007-01-06 17:31 <DIR> d-------- C:\Documents and Settings\ERIN JOSSERAND\Application Data\Lavasoft
    2007-01-06 17:30 <DIR> d-------- C:\Program Files\Lavasoft
    2006-12-27 02:54 <DIR> d-------- C:\Program Files\Outerinfo


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-09 16:31 -------- d-------- C:\Program Files\Common Files
    2007-01-09 16:27 -------- d-------- C:\Program Files\Norton AntiVirus
    2007-01-07 14:01 -------- d-------- C:\Program Files\Spybot - Search & Destroy
    2007-01-06 20:10 -------- d-------- C:\Program Files\Java
    2006-12-22 05:23 -------- d-------- C:\Program Files\Google
    2006-12-15 03:07 -------- d-------- C:\Program Files\Internet Explorer
    2006-12-15 03:04 -------- d-------- C:\Program Files\Outlook Express
    2006-12-15 03:04 -------- d-------- C:\Program Files\Common Files\System
    2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-30 19:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-30 19:55 -------- d-------- C:\Program Files\MARS
    2006-11-28 13:28 -------- d-------- C:\Program Files\Common Files\çasks
    2006-11-25 12:50 -------- d-------- C:\Documents and Settings\ERIN JOSSERAND\Application Data\àppPatch
    2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "IM"="C:\\PROGRA~1\\RRIM\\aim.exe -cnetwait.odl"
    "ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
    "Usrr"="\"C:\\DOCUME~1\\ERINJO~1\\APPLIC~1\\FNTS~1\\svchost.exe\" -vt yazb"
    "Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
    "Ndsuff"="C:\\Documents and Settings\\ERIN JOSSERAND\\My Documents\\F?nts\\?ti2evxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "HostManager"="C:\\Program Files\\Common Files\\AOL\\1125956965\\ee\\AOLHostManager.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070107-172538-694
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.13 85.255.112.78
    backup-20070107-172538-872
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.13 85.255.112.78
    backup-20070107-172538-871
    O17 - HKLM\System\CCS\Services\Tcpip\..\{895D72C0-8702-4D4D-814F-04C75DA6A349}: NameServer = 85.255.114.13,85.255.112.78
    backup-20070107-172537-838
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7490E7CC-B673-4CB3-B0D4-4E414A933E2F}: NameServer = 85.255.114.13,85.255.112.78
    backup-20070107-172537-141
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC44736-B02D-4933-B975-357584248664}: NameServer = 85.255.114.13,85.255.112.78

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - ERIN JOSSERAND.job
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - MARSHA GUINN.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 07-01-09 16:32:46.70
    C:\ComboFix.txt ... 07-01-09 16:32

    Logfile of HijackThis v1.99.1
    Scan saved at 4:38:36 PM, on 1/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\ERINJO~1\APPLIC~1\FNTS~1\svchost.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Common Files\AOL\1125956965\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1125956965\ee\AOLServiceHost.exe
    C:\Corel\Suite8\Programs\DAD8.EXE
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\ERIN JOSSERAND\My Documents\F?nts\?ti2evxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\HijackThis exe.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R3 - URLSearchHook: (no name) - {7661E83F-7BFA-3C40-897B-7C129147B492} - C:\WINDOWS\system32\ybf.dll (file missing)
    R3 - URLSearchHook: (no name) - {46F91121-DBB7-CA58-C72F-89CD5C6BD593} - C:\WINDOWS\system32\ptkknuf.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1A813E7C-EF4F-6CFC-8756-64550DA72D4B} - C:\WINDOWS\System32\eqxlhzn.dll (file missing)
    O2 - BHO: (no name) - {46F91121-DBB7-CA58-C72F-89CD5C6BD593} - C:\WINDOWS\system32\ptkknuf.dll
    O2 - BHO: (no name) - {4F8E3025-E812-35F3-8154-64550DF17E4D} - C:\WINDOWS\system32\ximpagto.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7661E83F-7BFA-3C40-897B-7C129147B492} - C:\WINDOWS\system32\ybf.dll (file missing)
    O2 - BHO: (no name) - {99B7FD0D-699B-7D24-BD5D-3E76173D5591} - C:\WINDOWS\system32\uzvwgsao.dll (file missing)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E71014E9-9FFE-4153-A4AB-8875268F1F7C} - C:\WINDOWS\System32\ioalmf.dll (file missing)
    O2 - BHO: (no name) - {FBCC3D74-ABEE-920F-CFFA-F4FA3FDF3997} - C:\WINDOWS\system32\zybjs.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125956965\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IM] C:\PROGRA~1\RRIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Usrr] "C:\DOCUME~1\ERINJO~1\APPLIC~1\FNTS~1\svchost.exe" -vt yazb
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [Ndsuff] C:\Documents and Settings\ERIN JOSSERAND\My Documents\F?nts\?ti2evxx.exe
    O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
  4. 2007-01-09, 23:40 #4
    erinsadancer3
    erinsadancer3 is offline
    Junior Member
    Join Date
    Jan 2007
    Location
    Texas
    Posts
    27

    Default

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  5. 2007-01-10, 08:29 #5
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    I see from HjT backups that you had also wareout; you just have some more baddies left.

    Weatherbug is adware, so I recommend to uninstall it. However, decision is all yours

    Open HijackThis, click do a system scan only and checkmark these:

    R3 - URLSearchHook: (no name) - {7661E83F-7BFA-3C40-897B-7C129147B492} - C:\WINDOWS\system32\ybf.dll (file missing)
    R3 - URLSearchHook: (no name) - {46F91121-DBB7-CA58-C72F-89CD5C6BD593} - C:\WINDOWS\system32\ptkknuf.dll
    O2 - BHO: (no name) - {1A813E7C-EF4F-6CFC-8756-64550DA72D4B} - C:\WINDOWS\System32\eqxlhzn.dll (file missing)
    O2 - BHO: (no name) - {46F91121-DBB7-CA58-C72F-89CD5C6BD593} - C:\WINDOWS\system32\ptkknuf.dll
    O2 - BHO: (no name) - {4F8E3025-E812-35F3-8154-64550DF17E4D} - C:\WINDOWS\system32\ximpagto.dll (file missing)
    O2 - BHO: (no name) - {7661E83F-7BFA-3C40-897B-7C129147B492} - C:\WINDOWS\system32\ybf.dll (file missing)
    O2 - BHO: (no name) - {99B7FD0D-699B-7D24-BD5D-3E76173D5591} - C:\WINDOWS\system32\uzvwgsao.dll (file missing)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
    O4 - HKCU\..\Run: [Usrr] "C:\DOCUME~1\ERINJO~1\APPLIC~1\FNTS~1\svchost.exe" -vt yazb
    O4 - HKCU\..\Run: [Ndsuff] C:\Documents and Settings\ERIN JOSSERAND\My Documents\F?nts\?ti2evxx.exe

    Close all windows including browser and press fix checked.

    Boot in safe mode.

    Delete these:

    C:\WINDOWS\system32\ptkknuf.dll
    C:\WINDOWS\system32\wcpsvit.exe
    C:\Documents and Settings\ERIN JOSSERAND\My Documents\Fonts
    C:\Documents and Settings\ERIN JOSSERAND\Application Data\Fonts
    C:\Program Files\Common Files\çasks
    C:\Documents and Settings\ERIN JOSSERAND\Application Data\àppPatch

    Empty Recycle Bin

    Reboot

    Re-run combofix

    Send:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  6. 2007-01-11, 00:10 #6
    erinsadancer3
    erinsadancer3 is offline
    Junior Member
    Join Date
    Jan 2007
    Location
    Texas
    Posts
    27

    Default

    Hi, I rebooted in safe mode but the only one on that list that I could find to delete was C:\WINDOWS\system32\wcpsvit.exe. None of the others were there.. I don't even have an Application Data folder or any Fonts.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:06:44 PM, on 1/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Corel\Suite8\Programs\DAD8.EXE
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Common Files\AOL\1125956965\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1125956965\ee\AOLServiceHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis exe.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E71014E9-9FFE-4153-A4AB-8875268F1F7C} - C:\WINDOWS\System32\ioalmf.dll (file missing)
    O2 - BHO: (no name) - {FBCC3D74-ABEE-920F-CFFA-F4FA3FDF3997} - C:\WINDOWS\system32\zybjs.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125956965\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IM] C:\PROGRA~1\RRIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  7. 2007-01-11, 00:14 #7
    erinsadancer3
    erinsadancer3 is offline
    Junior Member
    Join Date
    Jan 2007
    Location
    Texas
    Posts
    27

    Default

    ERIN JOSSERAND - 07-01-09 16:29:01.78 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\ERIN JOSSERAND\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1408OinUninstaller.exe

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ASEMBL~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ASKS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\CROSOF~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ECURIT~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\ICROSO~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\MANTEC~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\PPATCH~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\SCURIT~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\SMBOLS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\STEM32~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1\F?nts
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1\svchost.exe
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\Application Data\FNTS~1\F?nts\ctxad-503.0000
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\CROSOF~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\DOBE~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\FNTS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\MCROSO~1.NET
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\PPATCH~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\RACLE~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\SSEMBL~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\SSTEM3~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\STEM~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\YMBOLS~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\YSTEM~1
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\FNTS~1\go jane stuff.rtf
    C:\QooBox\Purity\Documents and Settings\ERIN JOSSERAND\My Documents\FNTS~1\?ti2evxx.exe
    C:\QooBox\Purity\Program Files\DOBE~1
    C:\QooBox\Purity\Program Files\FNTS~1
    C:\QooBox\Purity\Program Files\ICROSO~1.NET
    C:\QooBox\Purity\Program Files\MBOLS~1
    C:\QooBox\Purity\Program Files\PPATCH~1
    C:\QooBox\Purity\Program Files\PPATCH~2
    C:\QooBox\Purity\Program Files\RACLE~1
    C:\QooBox\Purity\Program Files\SEMBLY~1
    C:\QooBox\Purity\Program Files\SMANTE~1
    C:\QooBox\Purity\Program Files\STEM32~1
    C:\QooBox\Purity\Program Files\YSTEM3~1
    C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
    C:\QooBox\Purity\Program Files\Common Files\CROSOF~2.NET
    C:\QooBox\Purity\Program Files\Common Files\CURITY~1
    C:\QooBox\Purity\Program Files\Common Files\DOBE~1
    C:\QooBox\Purity\Program Files\Common Files\ECURIT~1
    C:\QooBox\Purity\Program Files\Common Files\FNTS~1
    C:\QooBox\Purity\Program Files\Common Files\FNTS~2
    C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
    C:\QooBox\Purity\Program Files\Common Files\MCROSO~1.NET
    C:\QooBox\Purity\Program Files\Common Files\PPPATC~1
    C:\QooBox\Purity\Program Files\Common Files\RACLE~1
    C:\QooBox\Purity\Program Files\Common Files\RACLE~2
    C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
    C:\QooBox\Purity\Program Files\Common Files\TSKS~1
    C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
    C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
    C:\QooBox\Purity\WINDOWS\CROSOF~1
    C:\QooBox\Purity\WINDOWS\CROSOF~1.NET
    C:\QooBox\Purity\WINDOWS\CURITY~1
    C:\QooBox\Purity\WINDOWS\FNTS~1
    C:\QooBox\Purity\WINDOWS\FNTS~2
    C:\QooBox\Purity\WINDOWS\MBOLS~1
    C:\QooBox\Purity\WINDOWS\PPATCH~1
    C:\QooBox\Purity\WINDOWS\SKS~1
    C:\QooBox\Purity\WINDOWS\STEM~1
    C:\QooBox\Purity\WINDOWS\YMANTE~1
    C:\QooBox\Purity\WINDOWS\system32\APPATC~1
    C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
    C:\QooBox\Purity\WINDOWS\system32\ICROSO~1.NET
    C:\QooBox\Purity\WINDOWS\system32\RACLE~1
    C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
    C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


    2007-01-07 17:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-01-07 17:33 <DIR> d-------- C:\WINDOWS\LastGood
    2007-01-07 17:14 57,856 --a------ C:\WINDOWS\system32\ptkknuf.dll
    2007-01-07 17:14 2 --a------ C:\WINDOWS\system32\wcpsvit.exe
    2007-01-07 15:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-01-07 15:51 <DIR> d-------- C:\Program Files\Grisoft
    2007-01-07 15:35 <DIR> d-------- C:\fixwareout
    2007-01-07 13:48 <DIR> d-------- C:\Program Files\Registry Defender
    2007-01-07 13:28 <DIR> d-------- C:\Program Files\HijackThis
    2007-01-07 13:25 <DIR> d-------- C:\hijackthis
    2007-01-06 17:31 <DIR> d-------- C:\Documents and Settings\ERIN JOSSERAND\Application Data\Lavasoft
    2007-01-06 17:30 <DIR> d-------- C:\Program Files\Lavasoft
    2006-12-27 02:54 <DIR> d-------- C:\Program Files\Outerinfo


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-09 16:31 -------- d-------- C:\Program Files\Common Files
    2007-01-09 16:27 -------- d-------- C:\Program Files\Norton AntiVirus
    2007-01-07 14:01 -------- d-------- C:\Program Files\Spybot - Search & Destroy
    2007-01-06 20:10 -------- d-------- C:\Program Files\Java
    2006-12-22 05:23 -------- d-------- C:\Program Files\Google
    2006-12-15 03:07 -------- d-------- C:\Program Files\Internet Explorer
    2006-12-15 03:04 -------- d-------- C:\Program Files\Outlook Express
    2006-12-15 03:04 -------- d-------- C:\Program Files\Common Files\System
    2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-30 19:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-30 19:55 -------- d-------- C:\Program Files\MARS
    2006-11-28 13:28 -------- d-------- C:\Program Files\Common Files\çasks
    2006-11-25 12:50 -------- d-------- C:\Documents and Settings\ERIN JOSSERAND\Application Data\àppPatch
    2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "IM"="C:\\PROGRA~1\\RRIM\\aim.exe -cnetwait.odl"
    "ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
    "Usrr"="\"C:\\DOCUME~1\\ERINJO~1\\APPLIC~1\\FNTS~1\\svchost.exe\" -vt yazb"
    "Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
    "Ndsuff"="C:\\Documents and Settings\\ERIN JOSSERAND\\My Documents\\F?nts\\?ti2evxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "HostManager"="C:\\Program Files\\Common Files\\AOL\\1125956965\\ee\\AOLHostManager.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070107-172538-694
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.13 85.255.112.78
    backup-20070107-172538-872
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.13 85.255.112.78
    backup-20070107-172538-871
    O17 - HKLM\System\CCS\Services\Tcpip\..\{895D72C0-8702-4D4D-814F-04C75DA6A349}: NameServer = 85.255.114.13,85.255.112.78
    backup-20070107-172537-838
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7490E7CC-B673-4CB3-B0D4-4E414A933E2F}: NameServer = 85.255.114.13,85.255.112.78
    backup-20070107-172537-141
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC44736-B02D-4933-B975-357584248664}: NameServer = 85.255.114.13,85.255.112.78

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - ERIN JOSSERAND.job
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - MARSHA GUINN.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 07-01-09 16:32:46.70
    C:\ComboFix.txt ... 07-01-09 16:32
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules