Thread: Clogged Computer
View Single Post
Old 06-09-2008, 06:12 PM   #1 (permalink)
roblyerd
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: XP SP2


Clogged Computer
Helping a friend whose PC is clogged with malware. He's running XP (SP2) and symptoms are very sluggish, lots of popups, buffer overflow msgs, and attempt to install McAfee recently appeared to work, but program doesn't operate properly.

DSS main.txt is below. Extra.txt and Panda scans are attached. Your help is greatly appreciated.

Dwight

main.txt***************
Deckard's System Scanner v20071014.68
Run by fam on 2008-06-09 18:56:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
108: 2008-06-09 23:56:21 UTC - RP299 - Deckard's System Scanner Restore Point
107: 2008-06-09 21:07:51 UTC - RP298 - System Checkpoint
106: 2008-06-08 20:43:22 UTC - RP297 - System Checkpoint
105: 2008-06-07 20:13:45 UTC - RP296 - System Checkpoint
104: 2008-06-05 17:51:29 UTC - RP295 - System Checkpoint


-- First Restore Point --
1: 2008-05-15 20:16:41 UTC - RP192 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as fam.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:16 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fam\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\fam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: {89759dcd-19e4-4779-3184-eec3fa8b2382} - {2832b8af-3cee-4813-9774-4e91dcd95798} - C:\WINDOWS\system32\hmbgeuij.dll
O2 - BHO: (no name) - {4855CC91-9912-46CF-8DCE-270EE2069FF6} - C:\WINDOWS\system32\iiffEXqP.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\system32\mlJAqnMF.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll (file missing)
O2 - BHO: (no name) - {D7953349-2B19-4654-BE43-26629652213A} - C:\WINDOWS\system32\efcBtUOi.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Tracy.TURBO\Application Data\Deskbar_{EE464417-8E32-47dd-8DF5-0EE50BAA86D3}\starter.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Glen\Local Settings\Temporary Internet Files\Content.IE5\VRDQ5B90\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [BM97b6fe8d] Rundll32.exe "C:\WINDOWS\system32\aowfnnvc.dll",s
O4 - HKLM\..\Run: [9485cd11] rundll32.exe "C:\WINDOWS\system32\svpbtxcb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: mlJAqnMF - C:\WINDOWS\SYSTEM32\mlJAqnMF.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 7447 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aecc - c:\windows\system32\drivers\aecc.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 mr7910 (Photo Viewer) - c:\windows\system32\drivers\mr7910.sys <Not Verified; Mars Semiconductor Corp.; PhotoViewer>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-15 16:28:42 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-15 16:28:41 350 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 18:58:39 0 d-------- C:\Program Files\Trend Micro
2008-06-09 18:39:12 0 d-------- C:\ie-spyad_zo
2008-06-09 18:20:40 0 d-------- C:\Program Files\SpywareBlaster
2008-06-09 10:46:36 0 d-------- C:\Program Files\Panda Security
2008-06-09 10:46:34 0 d-------- C:\WINDOWS\LastGood
2008-06-09 10:38:37 111616 --a------ C:\WINDOWS\system32\hmbgeuij.dll
2008-06-09 10:35:30 96256 --a------ C:\WINDOWS\system32\svpbtxcb.dll
2008-06-09 10:33:45 108544 --a------ C:\WINDOWS\system32\aowfnnvc.dll
2008-06-08 22:00:56 113664 --a------ C:\WINDOWS\system32\qfsydpjd.dll
2008-06-08 21:58:46 101376 -----n--- C:\WINDOWS\system32\pxtccvdu.dll
2008-06-08 21:58:15 105472 --a------ C:\WINDOWS\system32\utotswpf.dll
2008-06-08 13:31:54 0 d-------- C:\WINDOWS\pss
2008-06-08 12:50:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-08 12:48:35 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-08 12:48:35 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-08 12:48:35 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-08 12:48:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-08 12:48:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-08 12:48:34 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-08 12:48:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-08 12:48:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-08 12:48:34 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-08 12:48:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-08 12:48:34 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-08 12:48:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-08 12:48:34 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-08 12:48:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-07 21:59:51 111616 --a------ C:\WINDOWS\system32\xsnrcuwd.dll
2008-06-07 21:59:33 101376 --a------ C:\WINDOWS\system32\gnmxbfpr.dll
2008-06-06 21:58:04 93184 --a------ C:\WINDOWS\system32\avwurjdd.dll
2008-06-06 21:57:53 108544 --a------ C:\WINDOWS\system32\ttbeidvu.dll
2008-06-06 21:57:38 107520 --a------ C:\WINDOWS\system32\jrdcefaw.dll
2008-06-06 21:56:17 107520 --a------ C:\WINDOWS\system32\bcohiwfg.dll
2008-06-05 15:00:36 0 d-------- C:\Documents and Settings\Guest\Application Data\Move Networks
2008-06-04 21:11:15 97280 -----n--- C:\WINDOWS\system32\oqxhdbsp.dll
2008-06-04 21:11:06 104448 --a------ C:\WINDOWS\system32\fcaibryo.dll
2008-06-04 21:10:49 106496 --a------ C:\WINDOWS\system32\mpylqmro.dll
2008-06-03 14:37:01 114688 --a------ C:\WINDOWS\system32\twakmbgs.dll
2008-06-02 13:07:47 114688 --a------ C:\WINDOWS\system32\utbgrkss.dll
2008-06-01 13:03:00 108544 --a------ C:\WINDOWS\system32\ugnexgrj.dll
2008-06-01 12:59:54 104448 --a------ C:\WINDOWS\system32\pnaejahk.dll
2008-05-31 13:01:20 108544 --a------ C:\WINDOWS\system32\xkkwjtul.dll
2008-05-31 12:59:27 95232 -----n--- C:\WINDOWS\system32\mwsjykyc.dll
2008-05-31 12:59:13 104448 --a------ C:\WINDOWS\system32\slxquroj.dll
2008-05-31 12:46:55 0 d-------- C:\Documents and Settings\fam\Application Data\Leadertech
2008-05-30 1339 104448 --a------ C:\WINDOWS\system32\yhtjapgi.dll
2008-05-30 12:58:31 109568 --a------ C:\WINDOWS\system32\mxlkyirm.dll
2008-05-29 22:33:01 0 d-------- C:\Documents and Settings\fam\Application Data\Yahoo!
2008-05-29 22:33:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-05-29 11:58:56 101376 -----n--- C:\WINDOWS\system32\igtutjtt.dll
2008-05-29 11:58:48 111616 --a------ C:\WINDOWS\system32\qdkqpskn.dll
2008-05-29 11:58:33 106496 --a------ C:\WINDOWS\system32\sujvscyg.dll
2008-05-29 11:57:50 106496 --a------ C:\WINDOWS\system32\klkevmfd.dll
2008-05-28 10:50:43 97280 -----n--- C:\WINDOWS\system32\vgfyhbui.dll
2008-05-28 10:50:28 104448 --a------ C:\WINDOWS\system32\wnaaimsu.dll
2008-05-26 02:20:29 94208 -----n--- C:\WINDOWS\system32\qxgxrkeq.dll
2008-05-26 02:16:15 117760 --a------ C:\WINDOWS\system32\ukjesyso.dll
2008-05-26 02:14:26 109056 --a------ C:\WINDOWS\system32\pgtkyrfv.dll
2008-05-24 23:35:13 117760 --a------ C:\WINDOWS\system32\dsmasgyr.dll
2008-05-24 23:30:43 108544 --a------ C:\WINDOWS\system32\iennvokw.dll
2008-05-23 22:45:51 118272 --a------ C:\WINDOWS\system32\ntgmnjuq.dll
2008-05-23 22:39:52 110080 --a------ C:\WINDOWS\system32\ypqidihb.dll
2008-05-22 22:44:09 93184 --a------ C:\WINDOWS\system32\twnkoujp.dll
2008-05-22 22:40:42 117760 --a------ C:\WINDOWS\system32\hykswuei.dll
2008-05-22 22:38:50 109568 --a------ C:\WINDOWS\system32\vfjhucyu.dll
2008-05-22 12:03:44 0 d-------- C:\Documents and Settings\fam\Application Data\MSNInstaller
2008-05-21 22:56:08 117760 --a------ C:\WINDOWS\system32\uomkmmru.dll
2008-05-21 20:58:06 109056 --a------ C:\WINDOWS\system32\glijdlhy.dll
2008-05-21 12:51:26 93696 -----n--- C:\WINDOWS\system32\sraxkwar.dll
2008-05-20 21:00:06 118272 --a------ C:\WINDOWS\system32\fyoylbyk.dll
2008-05-20 20:57:03 109056 --a------ C:\WINDOWS\system32\nlhdbrnc.dll
2008-05-19 21:04:00 117760 --a------ C:\WINDOWS\system32\qkadwfvb.dll
2008-05-19 21:01:05 94208 --a------ C:\WINDOWS\system32\canxkbrb.dll
2008-05-19 20:55:01 109056 --a------ C:\WINDOWS\system32\tmmhfael.dll
2008-05-19 13:08:43 0 d-------- C:\Documents and Settings\fam\Application Data\Macromedia
2008-05-19 13:07:45 0 d-------- C:\Documents and Settings\fam\Application Data\Adobe
2008-05-19 13:07:09 0 d-------- C:\Documents and Settings\fam\Application Data\SiteAdvisor
2008-05-19 1327 0 d-------- C:\Documents and Settings\fam\Application Data\Identities
2008-05-19 13:05:58 0 d--h----- C:\Documents and Settings\fam\Templates
2008-05-19 13:05:58 0 dr------- C:\Documents and Settings\fam\Start Menu
2008-05-19 13:05:58 0 dr-h----- C:\Documents and Settings\fam\SendTo
2008-05-19 13:05:58 0 dr-h----- C:\Documents and Settings\fam\Recent
2008-05-19 13:05:58 0 d--h----- C:\Documents and Settings\fam\PrintHood
2008-05-19 13:05:58 0 d--h----- C:\Documents and Settings\fam\NetHood
2008-05-19 13:05:58 0 dr------- C:\Documents and Settings\fam\My Documents
2008-05-19 13:05:58 0 d--h----- C:\Documents and Settings\fam\Local Settings
2008-05-19 13:05:58 0 dr------- C:\Documents and Settings\fam\Favorites
2008-05-19 13:05:58 0 d-------- C:\Documents and Settings\fam\Desktop
2008-05-19 13:05:58 0 d--hs---- C:\Documents and Settings\fam\Cookies
2008-05-19 13:05:58 0 dr-h----- C:\Documents and Settings\fam\Application Data
2008-05-19 13:05:57 3670016 --ah----- C:\Documents and Settings\fam\NTUSER.DAT
2008-05-18 21:21:50 0 d-------- C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-05-18 20:59:02 95232 --a------ C:\WINDOWS\system32\narytiqq.dll
2008-05-18 20:53:00 737556 --ahs---- C:\WINDOWS\system32\iOUtBcfe.ini2
2008-05-18 20:52:54 375808 --a------ C:\WINDOWS\system32\efcBtUOi.dll
2008-05-17 15:20:59 109568 --a------ C:\WINDOWS\system32\idmixyju.dll
2008-05-17 10:34:39 83664 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-17 10:24:25 95232 --a------ C:\WINDOWS\system32\slwhbhfy.dll
2008-05-16 16:22:39 0 d-------- C:\Program Files\Svconr
2008-05-16 16:22:38 0 d-------- C:\Program Files\Temporary
2008-05-16 15:29:16 93696 -----n--- C:\WINDOWS\system32\udnlixhq.dll
2008-05-16 15:20:15 108544 --a------ C:\WINDOWS\system32\ifmgfjmk.dll
2008-05-16 14:30:34 93696 --a------ C:\WINDOWS\system32\yaxgkmlg.dll
2008-05-16 14:28:53 108544 --a------ C:\WINDOWS\system32\shwbhrlq.dll
2008-05-16 14:27:32 1342214 --ahs---- C:\WINDOWS\system32\gQYGOXbc.ini2
2008-05-16 12:44:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-15 21:45:45 0 d-------- C:\Program Files\AntiSpywareMaster
2008-05-15 17:25:39 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Desktop
2008-05-15 17:25:39 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\SiteAdvisor
2008-05-15 16:32:21 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-05-15 16:32:21 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor
2008-05-15 16:32:05 0 d-------- C:\Program Files\SiteAdvisor
2008-05-15 16:32:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-05-15 16:27:58 0 d-------- C:\Program Files\McAfee.com
2008-05-15 16:27:34 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-15 16:27:22 0 d-------- C:\Program Files\McAfee
2008-05-15 16:22:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-05-15 15:22:31 116224 --a------ C:\WINDOWS\system32\prhykopg.dll
2008-05-15 15:19:19 0 d-------- C:\Temp
2008-05-15 15:18:56 0 d-------- C:\Program Files\dbar
2008-05-15 15:17:50 108544 --a------ C:\WINDOWS\system32\jlpjqfst.dll
2008-05-15 14:04:29 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-15 14:04:28 0 d-------- C:\Program Files\PCPitstop
2008-05-15 14:02:31 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-05-14 16:46:33 1345106 --ahs---- C:\WINDOWS\system32\PqXEffii.ini2
2008-05-14 16:45:07 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-05-14 16:42:25 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-14 16:41:48 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-14 16:41:41 0 d--hs---- C:\WINDOWS\Z2xlbiBydXRoZXJmb3Jk
2008-05-14 16:41:39 49159 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-05-14 16:41:30 86144 -----n--- C:\WINDOWS\system32\drivers\aecc.sys
2008-05-14 16:41:29 0 d-------- C:\Program Files\winvi
2008-05-14 16:41:26 0 d-------- C:\WINDOWS\system32\polX
2008-05-14 16:41:26 0 d-------- C:\WINDOWS\system32\GUI2
2008-05-14 16:41:26 0 d-------- C:\WINDOWS\system32\binR
2008-05-14 16:41:26 0 d-------- C:\WINDOWS\system32\3036a
2008-05-14 16:41:22 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-14 16:41:16 28672 -----n--- C:\WINDOWS\system32\mlJAqnMF.dll
2008-05-14 15:15:45 0 d-------- C:\Program Files\Microsoft Works
2008-05-14 15:07:58 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-13 15:01:40 0 d-------- C:\Program Files\Microsoft Small Business
2008-05-13 14:57:45 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 14:55:00 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-12 08:43:38 68096 --a------ C:\WINDOWS\b155.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-29 22:28:33 0 d-------- C:\Program Files\Yahoo!
2008-05-22 12:02:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 12:00:15 0 d-------- C:\Program Files\Common Files
2008-05-18 01:13:18 0 d-------- C:\Program Files\Hunting Unlimited
2008-05-15 15:21:45 0 d-------- C:\Program Files\LimeWire
2008-05-15 15:21:30 0 d-------- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2832b8af-3cee-4813-9774-4e91dcd95798}]
06/09/2008 10:38 AM 111616 --a------ C:\WINDOWS\system32\hmbgeuij.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4855CC91-9912-46CF-8DCE-270EE2069FF6}]
C:\WINDOWS\system32\iiffEXqP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}]
05/14/2008 04:41 PM 28672 --------- C:\WINDOWS\system32\mlJAqnMF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
C:\Program Files\dbar\Deskbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7953349-2B19-4654-BE43-26629652213A}]
05/18/2008 08:52 PM 375808 --a------ C:\WINDOWS\system32\efcBtUOi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"dbar_starter"="C:\Documents and Settings\Tracy.TURBO\Application Data\Deskbar_{EE464417-8E32-47dd-8DF5-0EE50BAA86D3}\starter.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 03:06 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SBI"="C:\Documents and Settings\Glen\Local Settings\Temporary Internet Files\Content.IE5\VRDQ5B90\setup_sbd_en[1].exe" [05/15/2008 11:29 PM]
"BM97b6fe8d"="C:\WINDOWS\system32\aowfnnvc.dll" [06/09/2008 10:33 AM]
"9485cd11"="C:\WINDOWS\system32\svpbtxcb.dll" [06/09/2008 10:35 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}"= C:\WINDOWS\system32\mlJAqnMF.dll [05/14/2008 04:41 PM 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAqnMF]
mlJAqnMF.dll 05/14/2008 04:41 PM 28672 C:\WINDOWS\system32\mlJAqnMF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcBtUOi

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

*Newly Created Service* - RKPAVPROC



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-09 19:01:15 ------------
Attached Files
File Type: txt ActiveScan-9Jun1810.txt (65.2 KB, 2 views)
File Type: txt extra.txt (10.4 KB, 2 views)
roblyerd is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here