Thread: Pop-ups and recurring infections - can't clean.
View Single Post
Old 08-11-2007, 05:00 PM   #1 (permalink)
ohimtheking
Registered User
 
Join Date: Aug 2007
Posts: 5
OS: XP


Pop-ups and recurring infections - can't clean.
Hi and thanks for this service! I have pasted and attached the requested information as described in the '5 steps.' Thanks for your help!

>>>Deckard's main.txt.....

Deckard's System Scanner v20070809.63
Run by Marc on 2007-08-11 at 18:37:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-08-11 22:37:30 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-08-11 17:16:22 UTC - RP3 - Software Distribution Service 3.0
2: 2007-08-10 16:57:31 UTC - RP2 - After Clean - Good Restore point
1: 2007-08-10 16:56:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as Marc.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:36 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1129037481\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Marc\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Marc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CB65F89-932D-4F3E-A795-CC30C66F1D59} - C:\WINDOWS\system32\jkklm.dll
O2 - BHO: (no name) - {4DF984CA-140F-7CFE-7876-4AB60F3BF2C3} - C:\WINDOWS\system32\qgtorf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\byvspqq.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tbidyvsA] C:\WINDOWS\tbidyvsA.exe
O4 - HKLM\..\Run: [i34yuc387] C:\WINDOWS\i34yuc387
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe
O4 - HKLM\..\Run: [irdmelt] dlltyxzc.exe
O4 - HKLM\..\Run: [jsispsl] C:\WINDOWS\system32\jdnems.exe
O4 - HKLM\..\Run: [certds] C:\WINDOWS\system32\cncersh.exe
O4 - HKLM\..\Run: [ismdoc] C:\WINDOWS\system32\atlupjhg.exe
O4 - HKLM\..\Run: [blwquest] C:\WINDOWS\system32\libevlkf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: byvspqq - C:\WINDOWS\SYSTEM32\byvspqq.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll
O21 - SSODL: PJOJGre - {0DEA13F3-A740-B959-398E-4356508B0CCB} - C:\WINDOWS\system32\gjo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 12074 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-03 23:38:47 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-08-03 23:38:45 338 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 18:02:39 0 d-------- C:\Program Files\SpywareBlaster
2007-08-11 13:27:08 0 d-------- C:\Program Files\Trend Micro
2007-08-11 11:08:48 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-11 00:42:48 0 d-------- C:\Documents and Settings\Marc\Application Data\acccore
2007-08-10 23:55:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-10 22:18:07 0 d-------- C:\Documents and Settings\Marc\.housecall6.6
2007-08-10 22:17:23 0 d-------- C:\Documents and Settings\Marc\Application Data\Macromedia
2007-08-10 22:01:55 0 d-------- C:\Program Files\Viewpoint
2007-08-10 19:05:37 125504 --a------ C:\WINDOWS\system32\chpemgkg.dll
2007-08-10 19:05:32 70208 --a------ C:\WINDOWS\system32\gesohtwo.dll
2007-08-10 10:16:08 0 d---s---- C:\Documents and Settings\Marc\UserData
2007-08-10 09:21:11 0 d-------- C:\Documents and Settings\Marc\Application Data\InterMute
2007-08-10 09:21:11 0 d-------- C:\Documents and Settings\Marc\Application Data\Identities
2007-08-10 09:21:11 0 d-------- C:\Documents and Settings\Marc\Application Data\Apple Computer
2007-08-10 09:21:10 0 d-------- C:\Documents and Settings\Marc\WINDOWS
2007-08-10 09:21:10 0 d--h----- C:\Documents and Settings\Marc\Templates
2007-08-10 09:21:10 0 dr------- C:\Documents and Settings\Marc\Start Menu
2007-08-10 09:21:10 0 dr-h----- C:\Documents and Settings\Marc\SendTo
2007-08-10 09:21:10 0 dr-h----- C:\Documents and Settings\Marc\Recent
2007-08-10 09:21:10 0 d--h----- C:\Documents and Settings\Marc\PrintHood
2007-08-10 09:21:10 0 d--h----- C:\Documents and Settings\Marc\NetHood
2007-08-10 09:21:10 0 dr------- C:\Documents and Settings\Marc\My Documents
2007-08-10 09:21:10 0 d--h----- C:\Documents and Settings\Marc\Local Settings
2007-08-10 09:21:10 0 dr------- C:\Documents and Settings\Marc\Favorites
2007-08-10 09:21:10 0 d-------- C:\Documents and Settings\Marc\Desktop
2007-08-10 09:21:10 0 d---s---- C:\Documents and Settings\Marc\Cookies
2007-08-10 09:21:10 0 dr-h----- C:\Documents and Settings\Marc\Application Data
2007-08-10 09:21:10 0 d-------- C:\Documents and Settings\Marc\Application Data\Symantec
2007-08-10 09:21:10 0 d-------- C:\Documents and Settings\Marc\Application Data\SampleView
2007-08-10 09:21:10 0 d-------- C:\Documents and Settings\Marc\Application Data\Real
2007-08-10 09:21:09 1572864 --ah----- C:\Documents and Settings\Marc\NTUSER.DAT
2007-08-10 08:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-09 19:05:01 1682890 ---hs---- C:\WINDOWS\system32\mlkkj.bak2
2007-08-09 18:35:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-09 18:35:50 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-09 18:35:50 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-09 18:35:50 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-08-09 18:35:50 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-09 18:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-08-09 18:35:49 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-08-09 18:35:49 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-09 18:35:49 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-09 18:35:49 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-09 18:35:49 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-09 18:35:49 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-09 18:35:49 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-09 18:35:49 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-09 18:35:49 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-03 23:42:48 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-08-03 23:41:35 78255 --a------ C:\WINDOWS\system32\windows_log_289666
2007-08-03 23:39:03 107083 --a------ C:\WINDOWS\system32\windows_log_270122
2007-08-03 23:37:28 0 d-------- C:\Program Files\McAfee.com
2007-08-03 23:36:51 0 d-------- C:\Program Files\Common Files\McAfee
2007-08-03 23:36:41 0 d-------- C:\Program Files\McAfee
2007-08-03 22:12:32 0 --a------ C:\WINDOWS\system32\windows_log_204371
2007-08-03 22:10:02 95191 --a------ C:\WINDOWS\system32\windows_log_198120
2007-08-03 21:51:46 0 d-------- C:\Program Files\Lavasoft
2007-08-03 21:51:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-03 21:51:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 21:36:28 91084 --a------ C:\WINDOWS\system32\windows_log_205918
2007-08-03 21:34:15 92140 --a------ C:\WINDOWS\system32\windows_log_204703
2007-08-03 21:25:37 103921 --a------ C:\WINDOWS\system32\windows_log_198947
2007-08-03 21:21:29 90315 --a------ C:\WINDOWS\system32\windows_log_195760
2007-08-03 21:17:39 108282 --a------ C:\WINDOWS\system32\windows_log_192722
2007-08-03 21:08:05 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-03 20:51:30 46073 --a------ C:\WINDOWS\system32\windows_log_150929
2007-08-03 20:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-03 17:58:06 0 --a------ C:\WINDOWS\system32\windows_log_0
2007-08-03 17:50:37 0 d-------- C:\Program Files\Common Files\Companion Wizard
2007-08-03 17:49:45 6466 ---hs---- C:\WINDOWS\system32\mlkkj.bak1
2007-08-03 17:49:24 228960 -----n--- C:\WINDOWS\system32\jkklm.dll
2007-08-03 17:40:32 101 --a------ C:\WINDOWS\system32\mit.bat
2007-08-03 17:40:18 31254 -----n--- C:\WINDOWS\system32\byvspqq.dll
2007-08-03 17:34:45 20171 --a------ C:\WINDOWS\system32\21344518341.dll
2007-08-03 17:29:51 171520 --a------ C:\WINDOWS\system32\oobualw.dll
2007-08-03 17:29:25 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\win
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\W3
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\E5
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\C9
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\C5
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\C3
2007-08-03 17:28:58 0 d-------- C:\WINDOWS\system32\C1
2007-08-03 17:28:53 0 d-------- C:\WINDOWS\system32\b06FdUe
2007-08-03 17:28:53 0 d-------- C:\Temp
2007-08-03 13:07:23 224283 --a------ C:\WINDOWS\Setup167.exe
2007-08-02 09:43:59 282624 --a------ C:\Program Files\TTC.dll
2007-08-01 19:48:54 60928 --a------ C:\WINDOWS\system32\qgtorf.dll
2007-07-30 18:12:52 0 d-------- C:\Program Files\Common Files\qooz
2007-07-30 18:12:51 0 d-------- C:\WINDOWS\qooz


-- Find3M Report ---------------------------------------------------------------

2007-08-11 17:28:09 0 d-------- C:\Program Files\QuickTime
2007-08-11 17:20:27 0 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2007-08-11 17:19:17 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-08-10 09:03:33 0 d-------- C:\Program Files\Common Files
2007-08-09 22:17:01 0 d-------- C:\Program Files\DivX
2007-08-09 18:19:04 0 d-------- C:\Program Files\AIM
2007-08-03 23:12:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 23:12:00 0 d-------- C:\Program Files\PC-Doctor for Windows
2007-08-03 22:50:49 0 d-------- C:\Program Files\Common Files\??sks
2007-08-01 19:48:56 0 d-------- C:\Program Files\Common Files\??pPatch
2007-07-03 07:42:56 22016 --a------ C:\WINDOWS\b138.exe
2007-06-25 09:53:26 53248 --a------ C:\WINDOWS\uninst1014.exe <Not Verified; ; uninst1016>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB65F89-932D-4F3E-A795-CC30C66F1D59}]
08/03/2007 05:49 PM 228960 --------- C:\WINDOWS\system32\jkklm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DF984CA-140F-7CFE-7876-4AB60F3BF2C3}]
08/01/2007 09:43 AM 60928 --a------ C:\WINDOWS\system32\qgtorf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]
08/03/2007 05:40 PM 31254 --------- C:\WINDOWS\system32\byvspqq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [04/12/2005 11:31 AM C:\WINDOWS\system32\SiSPower.dll]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 09:54 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/27/2006 01:17 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/24/2005 06:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 04:48 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/13/2007 11:07 PM]
"tbidyvsA"="C:\WINDOWS\tbidyvsA.exe" []
"i34yuc387"="C:\WINDOWS\i34yuc387" []
"g4356cbvy63"="C:\WINDOWS\g4356cbvy63" []
"WinCore32.exe"="C:\WINDOWS\system32\WinCore32.exe" []
"irdmelt"="dlltyxzc.exe" []
"jsispsl"="C:\WINDOWS\system32\jdnems.exe" []
"certds"="C:\WINDOWS\system32\cncersh.exe" []
"ismdoc"="C:\WINDOWS\system32\atlupjhg.exe" []
"blwquest"="C:\WINDOWS\system32\libevlkf.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 AM]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [09/25/2006 08:52 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [9/2/2005 8:36:21 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 10:28:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\WINDOWS\system32\byvspqq.dll [08/03/2007 05:40 PM 31254]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PJOJGre"= {0DEA13F3-A740-B959-398E-4356508B0CCB} - C:\WINDOWS\system32\gjo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byvspqq]
byvspqq.dll 08/03/2007 05:40 PM 31254 C:\WINDOWS\system32\byvspqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklm]
C:\WINDOWS\system32\jkklm.dll 08/03/2007 05:49 PM 228960 C:\WINDOWS\system32\jkklm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2007-08-11 at 18:40:44 ---------




>>>And Panda's Activescan.....




Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\qgtorf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\byvspqq.dll
Adware:adware/commad Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[5].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[4].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@systemdoctor[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.errorsafe[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.winantiviruspro[1].txt
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\HP_Owner\Local Settings\Temp\CDASilentInstall0501.exe[simple_killw.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Marc\Cookies\marc@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marc\Cookies\marc@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marc\Cookies\marc@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marc\Cookies\marc@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Marc\Cookies\marc@ads.addynamix[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marc\Cookies\marc@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marc\Cookies\marc@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Marc\Cookies\marc@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Marc\Cookies\marc@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Marc\Cookies\marc@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marc\Cookies\marc@doubleclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Marc\Cookies\marc@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marc\Cookies\marc@realmedia[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc\Cookies\marc@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Marc\Cookies\marc@statse.webtrendslive[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc\Cookies\marc@systemdoctor[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Marc\Cookies\marc@trafficmp[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc\Cookies\marc@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc\Cookies\marc@winantivirus[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc\Cookies\marc@www.systemdoctor[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc\Cookies\marc@www.winantiviruspro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Marc\Cookies\marc@zedo[2].txt
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\YDOT8R01\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\YDOT8R01\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/TTC Not disinfected C:\Program Files\TTC.dll
Adware:Adware/WebSearch Not disinfected C:\Temp\bY001.exe[kmhp83122.exe]
Adware:Adware/WebSearch Not disinfected C:\Temp\bY001.exe[kmhp83122.exe][TTC.dll]
Virus:Trj/Downloader.PNC Not disinfected C:\Temp\bY001.exe[wr7317.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\Temp\bY001.exe[rsch25.exe]
Adware:Adware/Zenosearch Not disinfected C:\Temp\bY001.exe[zn553.exe]
Virus:Trj/Downloader.LAF Not disinfected C:\Temp\bY001.exe[tdwn23.exe]
Adware:Adware/NSISMedia Not disinfected C:\WINDOWS\Setup167.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Temp\Cookies\hp_owner@atwola[1].txt
Adware:Adware/DigInk Not disinfected C:\WINDOWS\uninst1014.exe



>>>Extra.txt attached.
Attached Files
File Type: txt extra.txt (12.6 KB, 1 views)
ohimtheking is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here