Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Nov 2008
    Posts
    2
    Points
    0

    Exclamation Congratulations, you have been selected ...

    Hello, this is my first post - hope I get it right.

    I'm running Windows XP w/SP2 on an IBM Thinkpad.
    About 2 weeks ago, I began getting this audio message played by my laptop:
    Congratulations, you have been selected to receive a Nintendo Wii...

    Sometimes it says...2 iPod Nanos, $1000 dollars, etc.

    Occasionally, websites suddenly spring up from nowhere.

    When these things occur, my brower isn't even open.
    Obviously, this is quite inconvenient.
    When I'm giving a presentation with my speakers turned up and an annoying female voice screams congratulations to my audience, I get pretty angry.

    Can you help?

    Steps taken so far:
    1. Ccleaner scan done.
    2. SUPERAntiSpyware scan done.
    3. SPTBot scan done.
    4. Malwarbytes scan done.
    5. Symantec AntiVirus scan done
    these were all FULL scans

    6. I just downloaded and ran the HiJackThis scan (as suggested) the log is pasted below

    I sure hope you folks can help me.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:48:53 AM, on 11/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Common Files\Virtual Token\vtserver.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\IBMTOOLS\UTILS\ibmprc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\LOGI_MWX.EXE
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Isrv\programs\Isrvmain.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\DSSTAT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
    C:\WINDOWS\system32\h5LLJr6B.exe
    C:\WINDOWS\system32\h5LLJr6B.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by APW
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ocmrs3.cnyric.org
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
    O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'Default user')
    O4 - Global Startup: Isrv.lnk = C:\Isrv\programs\isrv.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www8.iepdirect.com/ScriptX/smsx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = apwcsd.cnyric.org
    O17 - HKLM\Software\..\Telephony: DomainName = apwcsd.cnyric.org
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = apwcsd.cnyric.org
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = apwcsd.cnyric.org
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
    O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 15377 bytes

  2. #2
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Hello ghudson.

    Suspicious files to scan

    Please go to VirSCAN.org FREE on-line scan service
    (If more than one file needs scanned they must be done separately and logs posted for each one)

    1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
    Code:
    C:\WINDOWS\system32\h5LLJr6B.exe
    2. At the upload site, click once inside the window next to Browse.
    3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    4. Click on the Upload button.
    This will perform a scan across multiple different virus scanning engines.
    Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    Important: Wait for all of the scanning engines to complete.
    5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
    6. Paste the contents of the Clipboard in your next reply.

    ----------

    Also do you know what these are?

    O4 - HKUS\S-1-5-19\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Launch Datacard Status] C:\WINDOWS\system32\PRNATT.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Datacard Status] C:\WINDOWS\system32\DSSTAT.EXE SmartDriver (User 'Default user')


    Is this your computer or is it owned by your employer?
    Last edited by evilfantasy; 11-10-2008 at 12:14 AM.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  3. #3
    Member
    Join Date
    Nov 2008
    Posts
    2
    Points
    0

    Default Thank You

    What a coincidence!
    When I checked my computer this morning the Symtec AutoFinder had found and "cleaned by deletion" the following files:

    h5LLJr6B.exe
    3W4j8AOA.exe

    Good Call....!

    Keeping my fingers crossed, I haven't heard the irratating woman wanting to give me a Nintendo Wii.

    However, she's been quiet in the past, I'm not totally convinced this Hijacker is gone - but we'll see.

    I will use VirScan.org in the future if necessary.

    The files you asked about are from software that is used to create proximity access cards.

    Thanks again

  4. #4
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    OK lets run another scan to make sure nothing else is hiding.

    Run CCleaner first.

    Run the Kaspersky Online Scanner

    In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.


    • Click on SCAN NOW
    • Click Accept.
    • The program will then begin downloading the latest definition files.
    • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
    • The scan will take a while, so be patient and let it finish.



    When the scan is done, in the Scan is complete window, any infection is displayed.
    There is no option to clean/disinfect, however, we need to analyze the information on the report.

    To obtain the report:
    Click on: Save Report As
    • Next, in the Save as prompt, Save in area, select: Desktop.
    • In the File name area use KScan, or something similar.
    • In Save as type: click the drop arrow and select: Text file [*.txt]
    • Then, click: Save



    Copy and paste the Kaspersky Online Scanner Report in your next reply.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum