Thread: Unable to attach anything to emails and keep getting popups/ads
View Single Post
Old 01-22-2008, 06:59 PM   #4 (permalink)
loreto08
Registered User
 
Join Date: Jan 2008
Posts: 61
OS: Windows XP SP2


[B]Laptop very slow. Windows/Internet Explorer keeps crashing[/B]
Hi,

My laptop is bugged with virus/adware/popup since past one month. I had to switch to Firefox for browsing as trying IE invokes irritating popups, crashes the windows explorer and the task bar (as well as desktop content) vanishes.

No extra.txt file is getting created in C:\Deckard\System Scanner. Yes, the directory has only main.txt created and no file like extra.txt is minimized/created.

Here're the log file after DSS run:-

Deckard's System Scanner v20071014.68
Run by Arana on 2008-01-22 19:46:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.4 GiB (less than 15%) free.


-- HijackThis (run as Arana.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Animesh Spyware removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arana.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9BAD6220-9BF1-4971-9D55-7A439FE22381} - C:\WINDOWS\system32\sstqp.dll
O2 - BHO: {a9b8b75f-978c-e479-0944-8d501b912f2a} - {a2f219b1-05d8-4490-974e-c879f57b8b9a} - C:\WINDOWS\system32\rqtxuxrq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [948afca3] rundll32.exe "C:\WINDOWS\system32\spmfdytb.dll",b
O4 - HKLM\..\Run: [BM97b9cf3f] Rundll32.exe "C:\WINDOWS\system32\gyxpelqq.dll",s
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnlkkh - nnnlkkh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJhbmE\command.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10999 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 15:10:55 8576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-22 1509 0 d-------- C:\WINDOWS\LastGood
2008-01-21 20:17:29 88640 --a------ C:\WINDOWS\system32\spmfdytb.dll
2008-01-21 20:11:28 70208 --a------ C:\WINDOWS\system32\gyxpelqq.dll
2008-01-21 20:09:10 78912 --a------ C:\WINDOWS\system32\rqtxuxrq.dll
2008-01-17 18:33:17 86592 --a------ C:\WINDOWS\system32\vshgngtg.dll
2008-01-17 18:27:26 70208 --a------ C:\WINDOWS\system32\tldghfxi.dll
2008-01-17 18:27:19 77376 --a------ C:\WINDOWS\system32\iwlybxcb.dll
2008-01-16 18:58:03 0 d-------- C:\Documents and Settings\Kiran\Application Data\Mozilla
2008-01-16 18:25:43 76864 --a------ C:\WINDOWS\system32\qtijugrp.dll
2008-01-16 18:25:31 70208 --a------ C:\WINDOWS\system32\gqofxtpu.dll
2008-01-15 19:27:50 0 d-------- C:\Borland
2008-01-15 18:30:15 89152 --a------ C:\WINDOWS\system32\qubipxoh.dll
2008-01-15 18:26:19 70208 --a------ C:\WINDOWS\system32\oxlkvrhj.dll
2008-01-15 18:26:12 79936 --a------ C:\WINDOWS\system32\lxlnsvdb.dll
2008-01-14 23:20:29 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-14 22:53:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02:55 0 d-------- C:\Program Files\Lavasoft
2008-01-14 20:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 18:25:55 70208 --a------ C:\WINDOWS\system32\iemadlpg.dll
2008-01-14 18:25:43 77888 --a------ C:\WINDOWS\system32\dfgvsivh.dll
2008-01-14 17:35:13 0 d--h----- C:\Documents and Settings\Arana\.huptlzo
2008-01-14 17:35:13 0 d-------- C:\Documents and Settings\Arana\.borland
2008-01-14 15:27:17 0 d-------- C:\Program Files\Turbo C++ <TURBOC~1>
2008-01-14 14:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 18:30:17 90176 --a------ C:\WINDOWS\system32\qnstphpc.dll
2008-01-13 18:24:29 79936 --a------ C:\WINDOWS\system32\nwrcpnkk.dll
2008-01-13 18:24:19 70208 --a------ C:\WINDOWS\system32\jbnmjiac.dll
2008-01-12 18:27:57 90176 --a------ C:\WINDOWS\system32\trsfnkfv.dll
2008-01-12 18:25:08 76864 --a------ C:\WINDOWS\system32\nvebpnet.dll
2008-01-12 18:24:57 70208 --a------ C:\WINDOWS\system32\kobbftrn.dll
2008-01-11 18:25:05 70208 --a------ C:\WINDOWS\system32\gxntjmbv.dll
2008-01-11 18:25:01 76864 --a------ C:\WINDOWS\system32\oytllbeo.dll
2008-01-10 18:24:29 70208 --a------ C:\WINDOWS\system32\gttwtnrq.dll
2008-01-10 18:24:22 79424 --a------ C:\WINDOWS\system32\wchflhdt.dll
2008-01-09 18:23:23 79936 --a------ C:\WINDOWS\system32\hdylmfaa.dll
2008-01-08 18:25:05 77888 --a------ C:\WINDOWS\system32\payhdtdl.dll
2008-01-07 18:24:01 76864 --a------ C:\WINDOWS\system32\tlrpuwif.dll
2008-01-06 18:25:40 75840 --a------ C:\WINDOWS\system32\hkyggfvx.dll
2008-01-05 18:26:31 90176 --a------ C:\WINDOWS\system32\ddmvrxff.dll
2008-01-05 18:23:33 78912 --a------ C:\WINDOWS\system32\prbwsvga.dll
2008-01-04 23:26:00 0 d-------- C:\Program Files\Media Converter SA Edition
2008-01-04 18:23:17 79424 --a------ C:\WINDOWS\system32\wwbubwly.dll
2008-01-03 18:21:13 78400 --a------ C:\WINDOWS\system32\mgqswbds.dll
2008-01-02 18:22:08 90176 --a------ C:\WINDOWS\system32\mdqdcwic.dll
2008-01-02 18:20:31 78400 --a------ C:\WINDOWS\system32\txjjfkfo.dll
2008-01-01 18:28:05 90176 --a------ C:\WINDOWS\system32\obyphxpo.dll
2008-01-01 18:25:01 77376 --a------ C:\WINDOWS\system32\xwmqafuo.dll
2007-12-31 18:22:38 78912 --a------ C:\WINDOWS\system32\nhxuwikv.dll
2007-12-30 18:20:59 78400 --a------ C:\WINDOWS\system32\anuaocrp.dll
2007-12-30 18:02:41 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-29 18:20:45 90176 --a------ C:\WINDOWS\system32\wmvwdulm.dll
2007-12-29 18:18:14 78912 --a------ C:\WINDOWS\system32\wtvclpes.dll
2007-12-28 18:22:22 90176 --a------ C:\WINDOWS\system32\bklpbqxm.dll
2007-12-28 18:22:14 77888 --a------ C:\WINDOWS\system32\bqgfvwjh.dll
2007-12-27 22:52:16 0 d-------- C:\Garmin
2007-12-27 18:25:57 81984 --a------ C:\WINDOWS\system32\ifcdnsac.dll
2007-12-26 16:03:13 80448 --a------ C:\WINDOWS\system32\fchbpbdb.dll
2007-12-26 01:56:11 77376 --a------ C:\WINDOWS\system32\dfnnteia.dll
2007-12-26 01:53:12 87104 --a------ C:\WINDOWS\system32\ayiytwdj.dll
2007-12-25 01:52:16 78400 --a------ C:\WINDOWS\system32\wgvkbuhu.dll
2007-12-25 01:49:14 87104 --a------ C:\WINDOWS\system32\bndqdpuk.dll


-- Find3M Report ---------------------------------------------------------------

2008-01-22 19:48:12 335474 --ahs---- C:\WINDOWS\system32\pqtss.ini2
2008-01-22 16:04:04 0 d-------- C:\Program Files\iTunes
2008-01-22 16:03:32 0 d-------- C:\Program Files\GoogleAFE
2008-01-22 16:03:31 0 d-------- C:\Program Files\Google
2008-01-22 15:58:17 0 d-------- C:\Program Files\Apoint
2008-01-14 22:19:50 0 d-------- C:\Program Files\Common Files
2008-01-14 20:00:04 0 d-------- C:\Program Files\Microsoft.NET
2008-01-14 19:09:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-14 16:35:31 0 d-------- C:\Program Files\IrfanView
2008-01-09 10:18:41 5278 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 09:15:30 0 d-------- C:\Program Files\Java
2007-12-30 18:11:18 0 d-------- C:\Program Files\QuickTime
2007-12-26 17:20:59 0 d-------- C:\Program Files\SopCast
2007-12-20 21:15:55 85568 --a------ C:\WINDOWS\system32\quajsvoc.dll
2007-12-18 21:23:46 85568 --a------ C:\WINDOWS\system32\ovxtsttv.dll
2007-12-17 10:09:52 0 d-------- C:\Documents and Settings\Arana\Application Data\Skype
2007-12-17 09:20:47 0 d-------- C:\Documents and Settings\Arana\Application Data\Adobe
2007-12-17 09:20:43 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-17 01:07:27 0 d-------- C:\Program Files\Temporary
2007-12-16 22:48:01 0 d-------- C:\Program Files\Trend Micro
2007-12-16 21:46:37 10 --a------ C:\Program Files\.autoreg
2007-12-16 21:39:08 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-16 21:39:03 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-16 20:14:54 85568 --a------ C:\WINDOWS\system32\ceqkurxh.dll
2007-12-15 20:13:40 334848 --a------ C:\WINDOWS\system32\sstqp.dll
2007-12-15 17:58:20 0 d-------- C:\Documents and Settings\Arana\Application Data\Ahead
2007-12-11 00:10:00 0 d-------- C:\Documents and Settings\Arana\Application Data\SopCast
2007-12-10 10:32:06 0 d-------- C:\Documents and Settings\Arana\Application Data\AdobeUM
2007-12-03 2255 0 d-------- C:\Documents and Settings\Arana\Application Data\Mozilla
2007-12-02 19:30:57 0 --ahs---- C:\Documents and Settings\Arana\Application Data\f1a797a6f964dcab1e0706db9cb0aec4bf6e3f0a.dat
2007-12-02 19:26:45 0 d-------- C:\Program Files\Crazy Browser
2007-12-01 10:51:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 18:18:07 0 d-------- C:\Program Files\LizardTech
2007-11-25 14:43:00 0 d-------- C:\Documents and Settings\Arana\Application Data\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BAD6220-9BF1-4971-9D55-7A439FE22381}]
2007-12-15 20:13 334848 --a------ C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2f219b1-05d8-4490-974e-c879f57b8b9a}]
2008-01-21 20:09 78912 --a------ C:\WINDOWS\system32\rqtxuxrq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 19:20]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:30]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-28 19:41]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-01 20:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 06:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]
"948afca3"="C:\WINDOWS\system32\spmfdytb.dll" [2008-01-21 20:17]
"BM97b9cf3f"="C:\WINDOWS\system32\gyxpelqq.dll" [2008-01-21 20:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 11:39]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 06:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-08 09:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-08-08 13:50:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]
nnnlkkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
AutoRun\command- reper.exe

*Newly Created Service* - ISYJABJTOPXD



-- End of Deckard's System Scanner: finished at 2008-01-22 19:49:13 ------------
loreto08 is offline