Thread: DSS wont complete-viruses,trojan downloaders and popups
View Single Post
Old 10-05-2007, 01:49 PM   #7 (permalink)
hybritical
Registered User
 
Join Date: Oct 2007
Posts: 28
OS: winxp


Re: DSS wont complete-viruses,trojan downloaders and popups
Thanks .

Everything is running better....net hasn't froze since Istarted this....didn't have to oull out the ole Task Manager. I am concerned that it says I still have viruses thought . Heres all the logs in the order you asked for them. I hope it's ok that I just copy and pasted.

ComboFix 07-10-05.3 - Owner 2007-10-05 14:13:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.103 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-05 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 22:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-04 16:50 <DIR> d-------- C:\Deckard
2007-10-04 16:39 <DIR> d-------- C:\ie-spyad_zo
2007-10-04 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-04 15:55 6,465 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2007-10-04 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-03 14:50 6,513 ---hs---- C:\WINDOWS\system32\ppqss.bak2
2007-10-02 15:37 6,465 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2007-10-02 15:35 310,880 --a------ C:\WINDOWS\system32\ssqpp.dll
2007-10-02 15:30 36,352 --a------ C:\WINDOWS\system32\awtqrpn.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 02:03 --------- d-------- C:\Program Files\Google
2007-09-22 00:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-10 19:25 --------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2007-09-06 01:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-05 21:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-05 21:40 --------- d-------- C:\Program Files\Yahoo!
2007-08-26 12:10 --------- d-------- C:\Program Files\Dell
2007-08-18 18:41 --------- d-------- C:\Program Files\Escape From Paradise
2007-08-14 12:33 --------- d-------- C:\Program Files\America Online 9.0
2007-08-14 12:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-08-14 12:23 --------- d-------- C:\Program Files\McAfee.com
2007-08-14 12:20 --------- d-------- C:\Program Files\Common Files\aol
2007-08-14 03:14 --------- d-------- C:\Program Files\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-08-14 01:49 --------- d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-08-13 03:21 --------- d-------- C:\Program Files\AVG2
2007-08-12 14:17 3638 --a------ C:\WINDOWS\5bydbzjy.exe
2007-08-12 13:42 --------- d-------- C:\Program Files\Burger Island
2007-08-10 14:37 --------- d-------- C:\Program Files\DivX
2007-08-10 01:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-08-10 01:08 --------- d-------- C:\Program Files\Cake Mania 2
2007-08-09 19:35 --------- d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games
2007-08-09 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-08-09 17:47 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-09 16:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-05_12.46.18.71 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 40,196 2007-10-05 16:47:39 C:\WINDOWS\system32\perfc009.dat
----a-w 311,934 2007-10-05 16:47:39 C:\WINDOWS\system32\perfh009.dat
----a-w 16,384 2007-10-05 16:43:33 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 16,384 2007-10-05 16:43:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-05 16:43:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 40,196 2007-04-12 23:07:38 C:\WINDOWS\system32\perfc009.dat
----a-w 311,934 2007-04-12 23:07:38 C:\WINDOWS\system32\perfh009.dat
----a-w 16,384 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 16,384 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}]
2007-10-02 15:35 310880 --a------ C:\WINDOWS\System32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
C:\WINDOWS\WebAssist.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 21:27]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-13 12:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-08 23:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 14:51]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 04:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-08-26 13:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-08-26 14:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-01 15:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-05 16:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-05 17:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-10-05 18:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-03 19:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 20:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 21:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 22:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 05:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 23:00:00 C:\WINDOWS\Tasks\At20.job"
"2007-10-05 00:00:00 C:\WINDOWS\Tasks\At21.job"
"2007-10-05 01:00:00 C:\WINDOWS\Tasks\At22.job"
"2007-10-05 02:00:00 C:\WINDOWS\Tasks\At23.job"
"2007-10-05 03:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-10-04 06:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 07:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-15 08:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-06 09:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-03 10:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-03 11:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-03 12:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-05 18:12:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 14:16:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05 14:17:52
C:\ComboFix-quarantined-files.txt ... 2007-10-05 14:17
C:\ComboFix.txt ... 2007-10-05 12:49
.
--- E O F ---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 3:40:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 428000
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 29440
Number of viruses found: 3
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 00:48:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\HyBRidHzYsyS67\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\HyBRidHzYsyS67\style.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\HyBRidHzYsyS67\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\hybridhzysys02 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\hybridhzysys67 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\hybridhzysys67.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\hybridhzysys67.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFBBCE.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Back-up Shared Folder\Unfileable Songs\freenaruto.exe/file09 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Owner\My Documents\Back-up Shared Folder\Unfileable Songs\freenaruto.exe Inno: infected - 1 skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fhktplvc.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gomfiewh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ihrqoxkg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vpkacgkl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wjhxickh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xuqyvttu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP127\A0046701.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP127\A0046718.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP128\A0046789.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049864.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049865.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049866.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049867.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049868.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049869.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP132\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

Scan process completed.


Deckard's System Scanner v20070905.67
Run by Owner on 2007-10-05 15:43:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:09 PM, on 10/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {4F9C7C74-BD48-45B4-BB02-47C411790F14} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7589 bytes

-- Files created between 2007-09-05 and 2007-10-05 -----------------------------

2007-10-05 14:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-05 14:34:24 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2007-10-05 14:34:19 0 d-------- C:\WINDOWS\LastGood
2007-10-04 22:52:35 0 d-------- C:\Program Files\Trend Micro
2007-10-04 16:39:25 0 d-------- C:\ie-spyad_zo
2007-10-04 16:14:06 0 d-------- C:\Program Files\SpywareBlaster
2007-10-04 15:55:18 6487 ---hs---- C:\WINDOWS\System32\ppqss.ini2
2007-10-04 00:50:45 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-10-03 14:50:28 6513 ---hs---- C:\WINDOWS\System32\ppqss.bak2
2007-10-02 15:37:00 6465 ---hs---- C:\WINDOWS\System32\ppqss.bak1
2007-10-02 15:35:33 310880 --a------ C:\WINDOWS\System32\ssqpp.dll
2007-10-02 15:30:22 36352 --a------ C:\WINDOWS\System32\awtqrpn.dll
2007-09-27 16:46:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-09-08 14:34:36 0 d-------- C:\Program Files\Common Files\ODBC


-- Find3M Report ---------------------------------------------------------------

2007-10-04 02:03:11 0 d-------- C:\Program Files\Google
2007-10-03 15:45:24 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-09-10 19:25:25 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2007-09-08 14:34:36 0 d-------- C:\Program Files\Common Files
2007-09-05 21:40:10 0 d-------- C:\Program Files\Yahoo!
2007-08-29 17:10:53 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-26 12:10:50 0 d-------- C:\Program Files\Dell
2007-08-18 18:41:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-08-18 18:41:08 0 d-------- C:\Program Files\Escape From Paradise
2007-08-14 12:33:24 0 d-------- C:\Program Files\America Online 9.0
2007-08-14 12:23:12 0 d-------- C:\Program Files\McAfee.com
2007-08-14 12:20:26 0 d-------- C:\Program Files\Common Files\aol
2007-08-14 03:14:04 0 d-------- C:\Program Files\Webroot
2007-08-14 0318 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-08-14 01:49:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-08-13 03:21:55 0 d-------- C:\Program Files\AVG2
2007-08-12 14:17:28 3638 --a------ C:\WINDOWS\5bydbzjy.exe
2007-08-12 13:42:37 0 d-------- C:\Program Files\Burger Island
2007-08-11 02:14:19 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-10 14:37:43 0 d-------- C:\Program Files\DivX
2007-08-10 03:18:59 598 --a------ C:\Documents and Settings\Owner\Application Data\error.log
2007-08-10 03:15:20 15 --a------ C:\Documents and Settings\Owner\Application Data\config.tcf
2007-08-10 01:08:52 0 d-------- C:\Program Files\Cake Mania 2
2007-08-09 19:35:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games
2007-08-09 17:47:06 0 d-------- C:\Program Files\Microsoft ActiveSync


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}]
10/02/2007 03:35 PM 310880 --a------ C:\WINDOWS\System32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
C:\WINDOWS\WebAssist.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/12/2007 09:27 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/13/2007 12:52 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/08/2007 11:09 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/19/2007 10:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2007 02:51 PM]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [07/12/2005 06:17 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS



-- End of Deckard's System Scanner: finished at 2007-10-05 15:44:49 ------------
hybritical is offline