Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Explorer exits and random pop ups in 1e 7

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Explorer exits and random pop ups in 1e 7

Unread postby Katana » July 14th, 2008, 4:38 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\system32\281qPpkk.exe
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: Explorer exits and random pop ups in 1e 7

Unread postby aryan » July 15th, 2008, 11:53 am

Hi Katana,
Thanks to you, my laptop now running perfectly fine without any pop ups or explorer plomblems



combofix log


ComboFix 08-07-12.2 - rajesh 2008-07-15 18:09:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT 5.5:30]
Running from: C:\Documents and Settings\rajesh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\rajesh\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\281qPpkk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\281qPpkk.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 01:12 . 2008-07-15 01:12 <DIR> d-------- C:\Documents and Settings\mahesh\Application Data\HotSync
2008-07-11 15:45 . 2008-07-11 15:46 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-11 15:30 . 2008-07-11 16:07 <DIR> d-------- C:\SDFix
2008-07-08 19:25 . 2008-07-08 19:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-07 15:41 . 2008-07-07 15:41 <DIR> d-------- C:\Documents and Settings\rajesh\Application Data\Malwarebytes
2008-07-07 15:41 . 2008-07-07 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 20:07 . 2004-08-04 17:30 539,136 --a--c--- C:\WINDOWS\system32\dllcache\dialer.exe
2008-06-26 12:34 . 2008-06-26 12:34 <DIR> d-------- C:\Program Files\MSECache
2008-06-23 10:18 . 2008-07-14 13:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 10:18 . 2008-06-23 10:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-20 23:11 . 2008-06-20 23:11 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 16:14 . 2008-06-20 16:14 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 14:55 --------- d-----w C:\Program Files\Common Files\HTML Executable Viewer
2008-07-06 13:11 --------- d-----w C:\Program Files\Java
2008-07-01 14:42 --------- d-----w C:\Documents and Settings\rajesh\Application Data\Skype
2008-06-26 08:34 37,360 ----a-w C:\Documents and Settings\rajesh\Application Data\GDIPFONTCACHEV1.DAT
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 04:06 --------- d-----w C:\Program Files\MyBroker
2008-05-22 13:29 345,604 ----a-w C:\WINDOWS\system32\msinfhlp.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-01-03 13:38 2,768 ----a-w C:\Documents and Settings\rajesh\Application Data\ViewerApp.dat
2005-10-17 04:57 284 ----a-w C:\Documents and Settings\mahesh\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-14_16.21.14.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 10:40:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-15 12:17:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-20 06:12 61440]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-08 05:51 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 09:40 339968]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 10:38 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2004-06-30 10:15 180224]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-06-30 03:19 122880]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-08-04 05:26 294912]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 02:42 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 16:06 135168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45 71280]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-12 01:05 70800]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 12:07 496752]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-03-10 00:50 95960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-10 14:38 98304]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 06:49 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-13 06:49 49152]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 15:11 185896]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 05:16 45056 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 17:30 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 06:53 443968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 21:22 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 17:30 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\rajesh\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-09-19 13:20:36 2367488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2005-05-10 14:37:42 156784]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 22:05:17 125624]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Qlock.lnk - C:\Program Files\pdaBusiness\Qlock\Qlock.exe [2005-03-06 21:10:00 1022464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-09 09:56]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-21 01:29]
S3 MicroStrategy Logging Client;MicroStrategy Logging Client;C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\MCLogSvc.exe -N -b -c C:20020 -a S:20009 -P C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt -C C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt []
S3 MicroStrategy System Monitor;MicroStrategy System Monitor;C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\MCMemUsg.EXE [2004-06-19 16:44]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-29 06:51]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 23:04]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-09 09:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-15 12:36:57 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:47 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:44:46 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\281qPpkk.exe
"2008-07-14 17:51:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-11 14:30:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - rajesh.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2005-01-14 04:18:50 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-01-14 04:18:51 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-08-27 06:19:05 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 18:11:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MicroStrategy Logging Client]
"ImagePath"="\"C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\MCLogSvc.exe\" -N -b -c C:20020 -a S:20009 -P \"C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt\" -C \"C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt\" -Q 64"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-07-15 18:14:20
ComboFix-quarantined-files.txt 2008-07-15 12:43:53
ComboFix2.txt 2008-07-14 17:41:58
ComboFix3.txt 2008-07-14 10:51:35

Pre-Run: 47,923,625,984 bytes free
Post-Run: 47,918,374,912 bytes free

205 --- E O F --- 2008-07-09 15:15:03




Panda scan report


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-15 19:50:55
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2004 10.00.13 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Application Data\Netscape\Navigator\Profiles\p64krzrj.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Application Data\Mozilla\Profiles\default\txhbl4hl.slt\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\rajesh\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@mediaplex[1].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@centrport[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@azjmp[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Application Data\Netscape\Navigator\Profiles\p64krzrj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Application Data\Netscape\Navigator\Profiles\p64krzrj.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@ads.pointroll[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Cookies\rajesh@bravenet[1].txt
00215545 Cookie/Bettersearch TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@index[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Application Data\Netscape\Navigator\Profiles\p64krzrj.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\rajesh\Application Data\Mozilla\Profiles\default\txhbl4hl.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@atwola[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\mahesh\Cookies\mahesh@citi.bridgetrack[2].txt
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\281qPpkk.exe.vir
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP302\A0040760.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039297.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039307.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039323.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP301\A0040738.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039359.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039438.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039483.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039496.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039571.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0040646.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039590.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0040597.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0040611.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0040633.exe
03093293 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP303\A0040847.exe
03173559 Trj/BHO.BF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039358.dll
03173559 Trj/BHO.BF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039296.dll
03173559 Trj/BHO.BF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0039572.dll
03173559 Trj/BHO.BF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{24476977-16D4-4E60-8842-5AE649400F5B}\RP300\A0040612.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
aryan
Active Member
 
Posts: 12
Joined: July 8th, 2008, 4:22 am

Re: Explorer exits and random pop ups in 1e 7

Unread postby Katana » July 15th, 2008, 4:29 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\Documents and Settings\rajesh\Desktop\SDFix.exe
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    Folder::
    C:\SDFix
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Explorer exits and random pop ups in 1e 7

Unread postby aryan » July 15th, 2008, 11:05 pm

Is it ok have the files 281QPPKK.EXE-172153F9.pf and QLTGMO0E.EXE-2D2D355A.pf in C:\WINDOWS\Prefetch

My system had norton antivirus 2004 came with purchase, which is corrupted can we remove it ?

comofix log

ComboFix 08-07-12.2 - rajesh 2008-07-16 8:08:24.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT 5.5:30]
Running from: C:\Documents and Settings\rajesh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\rajesh\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\rajesh\Desktop\SDFix.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\rajesh\Desktop\SDFix.exe
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 18:31 . 2008-07-15 18:31 <DIR> d-------- C:\Program Files\Panda Security
2008-07-15 18:31 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-15 01:12 . 2008-07-15 01:12 <DIR> d-------- C:\Documents and Settings\mahesh\Application Data\HotSync
2008-07-11 15:45 . 2008-07-11 15:46 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-08 19:25 . 2008-07-08 19:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-07 15:41 . 2008-07-07 15:41 <DIR> d-------- C:\Documents and Settings\rajesh\Application Data\Malwarebytes
2008-07-07 15:41 . 2008-07-07 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 20:07 . 2004-08-04 17:30 539,136 --a--c--- C:\WINDOWS\system32\dllcache\dialer.exe
2008-06-26 12:34 . 2008-06-26 12:34 <DIR> d-------- C:\Program Files\MSECache
2008-06-23 10:18 . 2008-07-15 19:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 10:18 . 2008-06-23 10:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-20 23:11 . 2008-06-20 23:11 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 16:14 . 2008-06-20 16:14 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 14:55 --------- d-----w C:\Program Files\Common Files\HTML Executable Viewer
2008-07-06 13:11 --------- d-----w C:\Program Files\Java
2008-07-01 14:42 --------- d-----w C:\Documents and Settings\rajesh\Application Data\Skype
2008-06-26 08:34 37,360 ----a-w C:\Documents and Settings\rajesh\Application Data\GDIPFONTCACHEV1.DAT
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 04:06 --------- d-----w C:\Program Files\MyBroker
2008-05-22 13:29 345,604 ----a-w C:\WINDOWS\system32\msinfhlp.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-01-03 13:38 2,768 ----a-w C:\Documents and Settings\rajesh\Application Data\ViewerApp.dat
2005-10-17 04:57 284 ----a-w C:\Documents and Settings\mahesh\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-14_16.21.14.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 10:40:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-16 02:28:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 05:09:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-20 06:12 61440]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-08 05:51 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 09:40 339968]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 10:38 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2004-06-30 10:15 180224]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-06-30 03:19 122880]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-08-04 05:26 294912]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 02:42 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 16:06 135168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45 71280]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-12 01:05 70800]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 12:07 496752]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-03-10 00:50 95960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-10 14:38 98304]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 06:49 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-13 06:49 49152]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 15:11 185896]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 05:16 45056 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 17:30 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 06:53 443968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 21:22 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 17:30 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\rajesh\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-09-19 13:20:36 2367488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2005-05-10 14:37:42 156784]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-20 22:05:17 125624]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Qlock.lnk - C:\Program Files\pdaBusiness\Qlock\Qlock.exe [2005-03-06 21:10:00 1022464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-09 09:56]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-21 01:29]
S3 MicroStrategy Logging Client;MicroStrategy Logging Client;C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\MCLogSvc.exe -N -b -c C:20020 -a S:20009 -P C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt -C C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt []
S3 MicroStrategy System Monitor;MicroStrategy System Monitor;C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\MCMemUsg.EXE [2004-06-19 16:44]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-29 06:51]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 23:04]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-09 09:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 16:51:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-11 14:30:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - rajesh.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2005-01-14 04:18:50 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-01-14 04:18:51 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-08-27 06:19:05 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 08:11:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MicroStrategy Logging Client]
"ImagePath"="\"C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\MCLogSvc.exe\" -N -b -c C:20020 -a S:20009 -P \"C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt\" -C \"C:\Program Files\MicroStrategy\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt\" -Q 64"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-07-16 8:14:17
ComboFix-quarantined-files.txt 2008-07-16 02:43:51
ComboFix2.txt 2008-07-15 12:44:22
ComboFix3.txt 2008-07-14 17:41:58
ComboFix4.txt 2008-07-14 10:51:35

Pre-Run: 47,825,334,272 bytes free
Post-Run: 47,811,981,312 bytes free

292 --- E O F --- 2008-07-09 15:15:03
aryan
Active Member
 
Posts: 12
Joined: July 8th, 2008, 4:22 am

Re: Explorer exits and random pop ups in 1e 7

Unread postby Katana » July 16th, 2008, 2:50 am

The Prefetch folder just contains a link to the files, not the actual file. However, we will clean it out anyway.


ATF Cleaner by Atribune
  • Please Download ATF Cleaner
  • Double click ATF.exe
  • Put a check mark next to the items with a X

      Windows Temp
      Current User Temp
      All Users Temp
      Cookies
      Temporary Internet Files X
      History
      Prefetch X
      Java Cache X
      Recycle Bin
      Select All

  • Now click Empty Selected then Exit

Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool

You need to make sure you have an AV
Free AV list ( for Home users)
Avira AntiVir
Avast


Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D



  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.




The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Explorer exits and random pop ups in 1e 7

Unread postby aryan » July 16th, 2008, 2:31 pm

Thanks for your timely help and effort, now my system working perfectly fine .
I did whatever you said, installed the Avira Antivir and i'll try to keep the system clean

Combofix is definately powerfull tool in the hands of experts except that its bit senstive to touch
aryan
Active Member
 
Posts: 12
Joined: July 8th, 2008, 4:22 am

Re: Explorer exits and random pop ups in 1e 7

Unread postby aryan » July 18th, 2008, 7:36 am

Hi Katana,
I have installed the mvp hosts but some how iam not comfortable, so i want remove the same .
If you could me ,help how can i remove the same
Thanks in advance
aryan
Active Member
 
Posts: 12
Joined: July 8th, 2008, 4:22 am

Re: Explorer exits and random pop ups in 1e 7

Unread postby Katana » July 18th, 2008, 9:30 am

This will restore the basic Hosts file

Restore Host File

Download HostsXpert v4.1 and unzip it to your desktop.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection. (unless you plan to use another host file)
  • Exit the program.
Visit the Website for more information.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Explorer exits and random pop ups in 1e 7

Unread postby Simon V. » July 20th, 2008, 10:09 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the username used. If the username does not match the one in the thread linked, the email will be deleted.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware