Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack Log - Major Browser Hijack


  • Please log in to reply
25 replies to this topic

#16 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 13 July 2007 - 09:08 PM

Here is the scan for both of those files. I still can not get to the combofix on my pc. Service load: 0% 100% File: iifdaww.dll Status: INFECTED/MALWARE MD5: d8571c8e24362cf62ca522a959861d75 Packers detected: - Bit9 reports: File not found Scanner results Scan taken on 12 Jul 2007 21:33:10 (GMT) A-Squared Found nothing AntiVir Found TR/Crypt.XPACK.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Obfustat.IJ BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Service load: 0% 100% File: mtxclb.dll Status: INFECTED/MALWARE MD5: 2f80045b7b380c73da12edf73efcbb78 Packers detected: - Bit9 reports: Not analyzed yet (more info) Scanner results Scan taken on 12 Jul 2007 22:37:41 (GMT) A-Squared Found nothing AntiVir Found ADSPY/DuncanMonit.D ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Obfustat.IF BitDefender Found nothing ClamAV Found nothing Dr.Web Found Adware.Duncan.33 F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

    Advertisements

Register to Remove


#17 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 13 July 2007 - 10:34 PM

Your my night in shining armor!!!!!!

Here is my combofix log and my new hjt log and my pc is not doing anything funny, woooohoooo!!!!! What did I do and how can I prevent this from happening again???


Combfix log:

"Audrey" - 2007-07-13 23:48:53 - ComboFix 07-07-13.8 - Service Pack 2 FAT32


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\iifdaww.dll
C:\WINDOWS\system32\efedaxx.dll
C:\WINDOWS\system32\mtxclb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Audrey\APPLIC~1.\DriveCleaner Free
C:\DOCUME~1\Audrey\APPLIC~1.\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\Audrey\APPLIC~1.\icroso~1.net
C:\DOCUME~1\Audrey\APPLIC~1.\wnsxs~1
C:\DOCUME~1\Audrey\APPLIC~1\tmp17.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp18.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp1F.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp2.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp23.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp24.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp27.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp29.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp2B.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp34.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp35.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp36.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp3F.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp40.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp5.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp54E.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp54F.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp551.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp6.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp61.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp62.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp8A.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp8B.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmpB.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmpD.tmp.exe
C:\DOCUME~1\Audrey\APPLIC~1\tmpF.tmp.exe
C:\DOCUME~1\Audrey\Desktop.\internet explorer.lnk
C:\Documents and Settings\AUDREY.\err.log
C:\Documents and Settings\AUDREY.\ResErrors.log
C:\temp\tn3
C:\WINDOWS\start.exe
C:\WINDOWS\system32\dn356c1701.dat
C:\WINDOWS\system32\tmp2B.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp35.tmp.dll
C:\WINDOWS\system32\tmp36.tmp.dll
C:\WINDOWS\system32\tmp40.tmp.dll
C:\WINDOWS\system32\tmp551.tmp.dll
C:\WINDOWS\system32\tmp62.tmp.dll
C:\WINDOWS\system32\tmp8B.tmp.dll
C:\WINDOWS\system32\wcpisvit32.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\xcopy.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-13 23:46 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 20:21 <DIR> d-------- C:\DOCUME~1\Audrey\APPLIC~1\SITEguard
2007-07-10 20:02 <DIR> d-------- C:\Program Files\STOPzilla!
2007-07-10 20:02 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-07-10 20:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-07-09 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-07 22:07 115,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-07-05 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-05 22:54 <DIR> d--hs---- C:\FOUND.000
2007-07-05 22:41 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-05 21:27 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-04 22:41 <DIR> d-------- C:\DOCUME~1\Audrey\APPLIC~1\WinTouch
2007-07-03 10:42 22,016 --a------ C:\WINDOWS\b138.exe
2007-07-01 17:41 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-06-28 11:53 217,088 -ra------ C:\WINDOWS\SYSTEM32\SZBase5.dll
2007-06-22 14:59 294,912 -ra------ C:\WINDOWS\SYSTEM32\IS3DBA5.dll
2007-06-22 14:59 126,976 -ra------ C:\WINDOWS\SYSTEM32\IS3HTUI5.dll
2007-06-22 14:58 69,632 -ra------ C:\WINDOWS\SYSTEM32\IS3Hks5.dll
2007-06-22 14:58 372,736 -ra------ C:\WINDOWS\SYSTEM32\IS3UI5.dll
2007-06-22 14:57 94,208 -ra------ C:\WINDOWS\SYSTEM32\IS3Inet5.dll
2007-06-22 14:57 23,040 -ra------ C:\WINDOWS\SYSTEM32\IS3XDat5.dll
2007-06-22 14:57 184,320 -ra------ C:\WINDOWS\SYSTEM32\IS3Win325.dll
2007-06-22 14:56 90,112 -ra------ C:\WINDOWS\SYSTEM32\IS3Svc5.dll
2007-06-22 14:56 688,128 -ra------ C:\WINDOWS\SYSTEM32\IS3Base5.dll
2007-06-20 21:31 <DIR> d-------- C:\DOCUME~1\Audrey\APPLIC~1\Nova Development
2007-06-20 20:00 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-06-20 20:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nova Development
2007-06-20 19:59 <DIR> d-------- C:\Program Files\Nova Development
2007-06-19 18:20 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2007-06-19 18:17 <DIR> d-------- C:\Program Files\Creative Home
2007-06-19 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative Home


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 02:10:56 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-08 02:10:56 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-08 02:10:56 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-01 21:36:12 138,080 ----a-w C:\DOCUME~1\Audrey\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2003-12-22 17:19:24 75 ----a-w C:\DOCUME~1\Audrey\APPLIC~1\fusioncache.dat
2003-11-18 20:04:08 271 --sh--w C:\Program Files\desktop.ini
2003-11-18 20:04:08 23,357 ---h--w C:\Program Files\folder.htt
2001-06-20 20:19:18 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
2007-06-28 12:01 275640 -ra------ C:\Program Files\STOPzilla!\SZSG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
2007-06-28 12:01 177336 -ra------ C:\Program Files\STOPzilla!\SZIEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-07-13 19:55]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 11:02]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 00:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-09 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-24 21:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\iifdaww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"DIAGENT"=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
"UpdReg"=C:\WINDOWS\Updreg.exe
"AHQInit"=C:\Program Files\Creative\SBLive\Program\AHQInit.exe
"LexStart"=Lexstart.exe
"Lexmark X83 Button Monitor"=C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
"Lexmark X83 Button Manager"=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
"LexmarkPrinTray"=PrinTray.exe
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"<NO NAME>"=
"updmgr"=C:\Program Files\Common files\updmgr\updmgr.exe
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
"dxsoftlrkksmf"=C:\WINDOWS\SYSTEM\kckvfmk.exe
"DBSRV"=C:\WINDOWS\MICROSOFT.NET\DBSRV.EXE
"NAV Agent"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMON.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\start.exe


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}
RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

Contents of the 'Scheduled Tasks' folder
2007-07-08 03:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-07-14 03:57:04 C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
2007-07-08 18:00:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-10 00:00:04 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Audrey.job
2007-07-14 04:12:46 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 00:10:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 0:18:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-14 00:18

--- E O F ---


New hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 12:30:06 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Hijackthis\seek.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - AppInit_DLLs: c:\windows\system32\iifdaww.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#18 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 13 July 2007 - 10:43 PM

Ok, its not 100 percent, I just opened ie and my home page was this about:SecurityRisk instead of my regular homepage and still getting blank ie pages and the Microsoft error report asking if I want to send the error or not. So not sure what else is left on my pc thats not working up to par. You have been great and its soooo much better but I want all this gook off, so do you know what else we can do?? Thanks sooooo much!!!!!

#19 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 14 July 2007 - 01:33 PM

I am not sure what you meant by this either, did I do the scan right or no?

Blacklight can be run in "beginner" mode, for want of a better word, by double clicking it, or in expert mode by using the command that I posted.
While I don't know exactly what the difference is between the two modes, given that it has an expert mode, I prefer to use it.
So technically you didn't do the scan right, but I don't know that it makes any real difference.

the Microsoft error report asking if I want to send the error or not.

When do you see this report, every time you start the PC?
What exactly does the error report say?
How long have you been getting it?

my home page was this about:SecurityRisk

Is this what you see:

Posted Image
Death to the salad eaters!

#20 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 14 July 2007 - 02:31 PM

Yes that is the screen I see when I clicked on my ie shortcut after all the scans, why am I getting that? Is it from all the programs I have loaded to stop viruses? Which programs do you suggest I have running to control the viruses? I have stopzilla, norton and all the ones you had me download. I see the error send or dont send dialogue box every time I had to ctrl alt delete out of all the ie windows that kept opening up. I will get a screen shot and post that if I get it again. So is there more to clean up since I am still getting these errors? Did my scan show that the virus is gone? Thanks again so much for all your help

Edited by AudreyP, 14 July 2007 - 02:33 PM.


#21 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 14 July 2007 - 02:41 PM

The window you see is delivered by Internet Explorer and tells you why it's there: "Your security setting level puts your computer at risk". Have you followed the instructions: "To fix this, click on the Information Bar above, and choose Fix Settings for Me."?
Death to the salad eaters!

#22 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 14 July 2007 - 04:25 PM

The window you see is delivered by Internet Explorer and tells you why it's there: "Your security setting level puts your computer at risk".
Have you followed the instructions: "To fix this, click on the Information Bar above, and choose Fix Settings for Me."?


I havent done that because I didnt think it was legit, so the next time I get it should I do this step?

#23 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 14 July 2007 - 04:59 PM

Yup. Let me know if the PC self-destructs!
Death to the salad eaters!

#24 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 14 July 2007 - 07:13 PM

Yup. Let me know if the PC self-destructs!


Hey now!! Do you really want me to follow those steps?

#25 AudreyP

AudreyP

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 14 July 2007 - 07:16 PM

another thing is happening. I just clicked on a link in an email that I know is legit and i got an extra blank ie window and that keeps happening everytime I click to open ie.

    Advertisements

Register to Remove


#26 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 15 July 2007 - 01:09 PM

I don't know what's causing the problem, so try this one first. If it doesn't work, i'd try a fresh install and see if that solves the problem.

Go to Start > Run, enter sfc /scannow ( note the space between the "c" and "/" ) and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point.

For details on the System File Checker, click here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If that doesn't do it, go here and follow the instructions.

Let me know how you get on.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users