Tech Support Forum - View Single Post

Husko · 07-25-2007, 07:11 AM

I'm afraid my computer is infected with some pretty bad spyware. I ran spybot, but it was unable to remove all of the problems on my computer. I still get frequent popups while I am online.

The following is my DSS log:

Deckard's System Scanner v20070711.54
Run by husko on 2007-07-25 at 08:53:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
87: 2007-07-25 12:53:23 UTC - RP521 - Deckard's System Scanner Restore Point
86: 2007-07-25 06:45:58 UTC - RP520 - System Checkpoint
85: 2007-07-24 06:21:35 UTC - RP519 - System Checkpoint
84: 2007-07-23 06:13:35 UTC - RP518 - System Checkpoint
83: 2007-07-22 00:37:08 UTC - RP517 - System Checkpoint

-- First Restore Point --
1: 2007-04-27 05:58:33 UTC - RP435 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-25 08:54:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\??stem\services.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\??stem32\fast.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Husko\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation...97&service=AIM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {333A13A9-8369-889A-4B66-8B8DB126D3CA} - C:\WINDOWS\system32\rxlv.dll
O2 - BHO: (no name) - {7D53A523-15A2-44F4-8F33-45AB380E8559} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: (no name) - {A0DCD109-AF10-4CC9-BE40-E00739555DF6} - C:\Program Files\Internet Explorer\sademoxu83122.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\yayvvuv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\STEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Nnxszate] C:\WINDOWS\??stem32\fast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra 'Tools' menuitem: (no name) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send To &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = susqu.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = susqu.edu
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: Domain = susqu.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = susqu.edu
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O20 - Winlogon Notify: yayvvuv - C:\WINDOWS\system32\yayvvuv.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\BAsfIpM.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
R3 Appdrv - c:\program files\dell\nicconfigsvc\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 TnIDriver - c:\docume~1\husko\locals~1\temp\tni284.tmp (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>

-- Scheduled Tasks -------------------------------------------------------------

2007-07-25 00:40:32 406 --a------ C:\WINDOWS\Tasks\Pareto UNS.job

-- Files created between 2007-06-25 and 2007-07-25 -----------------------------

2007-07-25 01:24:27 8576 --a------ C:\WINDOWS\system32\drivers\fkskekiimsws.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-25 01:15:29 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 01:15:26 0 d-------- C:\WINDOWS\LastGood
2007-07-25 00:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-07-25 00:40:11 0 d-------- C:\Program Files\ParetoLogic
2007-07-25 00:23:27 0 d-------- C:\Program Files\Enigma Software Group
2007-07-24 21:34:10 6466 ---hs---- C:\WINDOWS\system32\srutv.bak1
2007-07-24 21:33:30 228960 --a------ C:\WINDOWS\system32\vturs.dll
2007-07-24 21:30:36 2 --a------ C:\WINDOWS\system32\wnstssv32.exe
2007-07-24 21:30:06 0 d-------- C:\Program Files\Outerinfo
2007-07-24 21:30:05 0 d-------- C:\WINDOWS\??stem32
2007-07-24 21:29:54 60928 --a------ C:\WINDOWS\system32\rxlv.dll
2007-07-24 21:28:36 0 d-------- C:\WINDOWS\system32\T7
2007-07-24 21:28:36 0 d-------- C:\WINDOWS\system32\T11
2007-07-24 21:28:35 0 d-------- C:\WINDOWS\system32\T5
2007-07-24 21:28:35 0 d-------- C:\WINDOWS\system32\T3
2007-07-24 21:28:34 0 d-------- C:\WINDOWS\system32\win
2007-07-24 21:28:34 0 d-------- C:\WINDOWS\system32\T1
2007-07-24 21:28:31 0 d-------- C:\Program Files\Common Files\??stem
2007-07-24 21:28:30 39424 --a------ C:\WINDOWS\retadpu572.exe
2007-07-24 21:27:59 0 d-------- C:\WINDOWS\system32\b02FdUe
2007-07-24 21:27:58 31254 -----n--- C:\WINDOWS\system32\yayvvuv.dll
2007-07-05 20:15:58 0 d-------- C:\CloneDVDTemp
2007-07-05 20:11:33 0 d-------- C:\Documents and Settings\Husko\Application Data\SlySoft
2007-07-05 20:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-07-05 20

52 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-07-05 20

37 0 d-------- C:\Program Files\CloneDVD2
2007-07-05 17:59:32 0 d-------- C:\Program Files\AnyDVD
2007-07-05 17:30:25 0 d-------- C:\Documents and Settings\Husko\Application Data\Elaborate Bytes
2007-07-05 16:51:43 0 d-------- C:\DVDburner

-- Find3M Report ---------------------------------------------------------------

2007-07-25 02:08:47 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-25 02:08:18 0 d-------- C:\Program Files\iTunes
2007-07-25 02:07:22 0 d-------- C:\Program Files\Common Files\??stem
2007-07-25 02:04:28 0 d-------- C:\Program Files\Apoint
2007-07-25 02:04:24 0 d-------- C:\Program Files\AIM
2007-07-25 01:11:38 0 d-------- C:\Program Files\Viewpoint
2007-07-24 21:29:55 0 d-------- C:\Program Files\Online Services
2007-06-27 17:31:45 0 d-------- C:\Program Files\Starcraft
2007-06-08 01:20:35 0 d-------- C:\Program Files\LimeWire

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{333A13A9-8369-889A-4B66-8B8DB126D3CA} C:\WINDOWS\system32\rxlv.dll
{7D53A523-15A2-44F4-8F33-45AB380E8559} C:\WINDOWS\system32\vturs.dll
{A0DCD109-AF10-4CC9-BE40-E00739555DF6} C:\Program Files\Internet Explorer\sademoxu83122.dll
{DCD53738-C4F9-414A-A03C-C7405A4AC844} C:\WINDOWS\system32\yayvvuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Tair"="\"C:\\PROGRA~1\\COMMON~1\\STEM~1\\services.exe\" -vt yazb"
"Nnxszate"="C:\\WINDOWS\\??stem32\\fast.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{DCD53738-C4F9-414A-A03C-C7405A4AC844}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvvuv

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_FKSKEKIIMSWS
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RKPAVPROC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SDTHOOK

Any help with this problem would be greatly appreciated. Thank you.