Thread: popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ
View Single Post
Old 10-04-2007, 03:16 PM   #1 (permalink)
stellar
Registered User
 
Join Date: Oct 2007
Location: oklahoma
Posts: 13
OS: windows xp service pack 2


popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ
i started dealing w/ the popups a week or so ago, my sister was visiting a page for myspace layouts, can't remember the name and clicked on a link when the firewall popped up saying it stopped trojan from downloading. however, that's when the popups started. i ran ad aware, remove it pro 4.1and ran norton antivirus (subscription expired months ago tho). did this several times, sometimes in safe mode, several things were removed including trojans, but the popups remained. mainly they were from outerinfo and winantispyware pro...but there are a lot of others from random websites. i found out how to uninstall outerinfo on their website, and have had no more problems with it, but the others keep coming. also, i noticed under the privacy tab of internet options the settings keep resetting to "accept all cookies". i've changed it to medium-high several times, it keeps resetting. a few times i have received a "buffer runtime error" message and the desktop reloads, sort of acts like the computer restarts but all of the programs stay on the screen.

panda log:


Incident Status Location

Adware:Adware/DnsInsider Not disinfected C:\Program Files\Insider\Insider.exe
Virus:Trj/Downloader.OZB Disinfected Operating system
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
Adware:adware/commad Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[4].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[5].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[3].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[4].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\owner@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Cookies\owner@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[4].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Cookies\owner@systemdoctor[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[4].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winantispyware[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winantivirus[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.winantiviruspro[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
Virus:Generic Malware Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\snapsnet.exe[vMW02a1065.exe]
Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr6946\uninst.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/DnsInsider Not disinfected C:\Program Files\Insider\UnInstall.exe
Adware:Adware/TTC Not disinfected C:\Program Files\Online Services\meqocaho4444.dll
Adware:Adware/TTC Not disinfected C:\Program Files\Online Services\meqocaho83122.dll
Virus:Trj/Downloader.PCQ Disinfected C:\WINDOWS\system32\cwygikxf.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
Deckard's System Scanner v20070905.67
Run by Owner on 2007-10-04 12:36:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2007-10-04 17:36:32 UTC - RP556 - Deckard's System Scanner Restore Point
96: 2007-10-03 20:25:28 UTC - RP555 - System Checkpoint
95: 2007-10-02 20:24:58 UTC - RP554 - Last known good configuration
94: 2007-10-02 20:24:47 UTC - RP553 - System Checkpoint
93: 2007-10-02 20:24:47 UTC - RP552 - System Checkpoint


-- First Restore Point --
1: 2007-10-02 20:24:13 UTC - RP460 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 320 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:50 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\tsitra572.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Insider\Insider.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5L033815\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.overture.com/d/search/p/h...e+black+parade
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F46967D-45DE-4150-AE52-EA8558EE43DA} - C:\WINDOWS\system32\sstqq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\hlcxdxrs.dll
O2 - BHO: (no name) - {9296AC64-DD27-485A-B73F-99CC4A98CE86} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {9C908D09-65E8-394B-BD2F-3D766B3A04C1} - C:\WINDOWS\system32\rlxgp.dll (file missing)
O2 - BHO: (no name) - {A6278372-933E-4450-A5DC-78A446E8F4E6} - C:\Program Files\Online Services\meqocaho4444.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CBFB8287-A7F7-4A1A-831A-02736E462518} - C:\Program Files\Online Services\meqocaho83122.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F86C07B5670CA3D5170E744AB97
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\uhpvifmp.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Object\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Object\pmsnrr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174753528453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: efcayyy - C:\WINDOWS\SYSTEM32\efcayyy.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\system32\sstqq.dll (file missing)
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aonhobsp.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 10207 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 DomainService - c:\windows\system32\aonhobsp.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-28 20:00:00 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2007-01-23 16:32:42 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-09-04 and 2007-10-04 -----------------------------

2007-10-04 12:39:48 0 d-------- C:\Program Files\Trend Micro
2007-10-04 11:11:03 0 d-------- C:\Program Files\SpywareBlaster
2007-10-03 19:38:38 86080 --a------ C:\WINDOWS\system32\uhpvifmp.dll
2007-10-03 19:35:43 77376 --a------ C:\WINDOWS\system32\hlcxdxrs.dll
2007-10-03 19:33:10 1533418 ---hs---- C:\WINDOWS\system32\hgjlm.bak2
2007-10-02 22:29:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-02 16:25:51 1530837 ---hs---- C:\WINDOWS\system32\hgjlm.bak1
2007-10-02 15:35:02 0 d-------- C:\Program Files\Insider
2007-10-02 15:35:02 0 d-------- C:\Program Files\InetGet2
2007-10-02 15:23:55 319072 --a------ C:\WINDOWS\system32\mljgh.dll
2007-10-02 15:23:20 36352 --a------ C:\WINDOWS\system32\hggefge.dll
2007-10-02 15:18:57 35840 -ra------ C:\WINDOWS\tsitra572.exe
2007-10-02 15:18:52 0 d-------- C:\WINDOWS\system32\vMW02a
2007-10-02 15:18:50 36352 --a------ C:\WINDOWS\system32\efcayyy.dll
2007-09-27 18:18:50 2 --a------ C:\WINDOWS\system32\wtsisvcc.exe
2007-09-27 18:18:40 0 d-------- C:\WINDOWS\system32\W?nSxS
2007-09-27 18:18:31 6448 ---hs---- C:\WINDOWS\system32\qqtss.bak1
2007-09-27 18:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
2007-09-27 18:17:53 0 d-------- C:\Program Files\WinAble
2007-09-27 18:17:35 0 d-------- C:\Program Files\Temporary
2007-09-27 18:16:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-09-27 18:15:24 0 d--hs---- C:\WINDOWS\IA
2007-09-27 18:13:23 0 d-------- C:\WINDOWS\system32\comsz1
2007-09-27 18:13:22 0 d-------- C:\WINDOWS\system32\czr3
2007-09-27 18:13:22 0 d-------- C:\WINDOWS\system32\bbs2
2007-09-27 18:13:16 0 d-------- C:\WINDOWS\system32\vMW10a
2007-09-21 14:21:14 146432 ---hs---- C:\Program Files\Common Files\Yazzle1549OinAdmin.exe


-- Find3M Report ---------------------------------------------------------------

2007-10-04 10:59:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-10-04 09:32:54 0 d-------- C:\Program Files\QuickTime
2007-10-04 09:31:00 0 d-------- C:\Program Files\Norton AntiVirus
2007-10-04 09:30:42 0 d-------- C:\Program Files\Multimedia Card Reader
2007-10-04 09:24:36 0 d-------- C:\Program Files\Google
2007-10-04 09:23:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-04 02:01:54 0 d-a------ C:\Program Files\Common Files
2007-09-28 21:07:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-09-28 14:10:09 0 d-------- C:\Program Files\Common Files\Companion Wizard
2007-09-28 14:10:08 0 d-------- C:\Program Files\Yahoo!
2007-09-27 22:27:55 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-27 21:44:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-27 18:16:50 0 d-------- C:\Program Files\Online Services
2007-09-23 16:45:45 4 --a------ C:\WINDOWS\system32\453C79
2007-09-12 11:19:03 0 d-------- C:\Program Files\Quicken
2007-08-30 08:51:29 0 d-------- C:\Program Files\Rhapsody
2007-08-30 08:50:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-08-15 10:05:21 0 d-------- C:\Program Files\MSXML 6.0
2007-08-11 15:34:00 0 d-------- C:\Program Files\Logitech
2007-08-11 15:33:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 23:21:52 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F46967D-45DE-4150-AE52-EA8558EE43DA}]
C:\WINDOWS\system32\sstqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
10/03/2007 07:35 PM 77376 --a------ C:\WINDOWS\system32\hlcxdxrs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9296AC64-DD27-485A-B73F-99CC4A98CE86}]
10/02/2007 03:23 PM 319072 --a------ C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C908D09-65E8-394B-BD2F-3D766B3A04C1}]
C:\WINDOWS\system32\rlxgp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6278372-933E-4450-A5DC-78A446E8F4E6}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Online Services\meqocaho4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFB8287-A7F7-4A1A-831A-02736E462518}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Online Services\meqocaho83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 06:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 06:15 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 11:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 07:50 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 12:53 PM C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 12:47 PM]
"NAV CfgWiz"="c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [08/15/2003 09:24 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 06:57 PM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/29/2003 12:17 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [02/06/2007 07:15 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"pas_check"="C:\Program Files\SystemDoctor 2006 Free\pasmon.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/05/2007 12:22 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/25/2007 09:51 AM]
"runner1"="C:\WINDOWS\tsitra572.exe" [10/02/2007 03:03 PM]
"SearchIndexer"="C:\WINDOWS\system32\uhpvifmp.dll" [10/03/2007 07:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 04:34 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 07:04 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [09/28/2007 06:56 PM]
"Insider"="C:\Program Files\Insider\Insider.exe" [10/02/2007 03:35 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [1/21/2004 4:52:52 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [8/11/2007 3:34:18 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 7:49:48 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"=C:\Program Files\Video ActiveX Object\isamntr.exe
"rare"=C:\Program Files\Video ActiveX Object\pmsnrr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\system32\efcayyy.dll [10/02/2007 03:18 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayyy]
efcayyy.dll 10/02/2007 03:18 PM 36352 C:\WINDOWS\system32\efcayyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqq]
C:\WINDOWS\system32\sstqq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\mljgh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8afc6db2-a733-11db-ad88-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2007-10-04 12:43:59 ------------
Attached Files
File Type: txt extra.txt (16.9 KB, 2 views)
stellar is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here