Thread: Computer Malware Issue - "VIRUS ALERT!"
View Single Post
Old 06-14-2008, 07:10 AM   #1 (permalink)
BoyWonderZ
Registered User
 
Join Date: Jun 2008
Posts: 9
OS: WinXP


Computer Malware Issue - "VIRUS ALERT!"
I attempted to download a video plugin, and it downloaded some crap onto my pc. Here are my symptoms:
- PC is running extremely slow
- Virus alert! In system tray
- Desktop icons created: error cleaner, privacy protector, spyware&Malware protection
- My Computer & My Documents icons gone
- Cannot access C: (harddrive) or D: (DVD drive)

I went through the 5 step process, here are my results:
Step 1) Can't access Control panel in regular mode and in safe mode the "Add/Remove programs" option is not visible
Step 2) Ran the program, took overnight, but wouldn't let me diagnose without registering, I'll attach the ActiveScan.txt log below
Step 3) Ran both programs
Step 4) Cannot access internet in regular mode and site doesn't work in safe mode
Step 5) Ran program, got main.txt (below), but did not get extra.txt

Please help!

ActiveScan.txt:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-14 06:51:01
PROTECTIONS: 2
MALWARE: 41
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus 8.0 Yes Yes
Symantec AntiVirus Corporate Edition 10.0.1.1000 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029264 adware/beginto Adware No 0 Yes No c:\windows\system32\cache32_rtneg2
00029352 spyware/lzio-media Spyware No 1 Yes No c:\windows\io2uns.exe
00035773 adware/hotoffers Adware No 1 Yes No hkey_local_machine\software\appdat
00035773 adware/hotoffers Adware No 1 Yes No c:\windows\system32\the shield professional 2005.ico
00035773 adware/hotoffers Adware No 1 Yes No c:\windows\system32\party poker.ico
00047863 adware/ieplugin Adware No 0 Yes No c:\windows\kwv2.dat
00048316 spyware/omi Spyware No 0 Yes No hkey_classes_root\appid\actsetup.dll
00048316 spyware/omi Spyware No 0 Yes No hkey_local_machine\software\classes\actsetup.actsetupobj
00048316 spyware/omi Spyware No 0 Yes No hkey_classes_root\actsetup.actsetupobj
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@anm.co[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@ccbill[1].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@kinghost[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@burstnet[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@www.burstbeacon[2].txt
00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@fe.lea.lycos[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@adopt.hbmediapro[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
00173448 Adware/EliteBar Adware No 1 Yes No C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\search.mnu[1].xml
00173473 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\casino[1].bmp
00173474 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\fav[1].bmp
00173476 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\drugs[1].bmp
00173477 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\dating[1].bmp
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@go[2].txt
00194727 Spyware/ClientMan Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\mscgdc.dll
00194730 Adware/Hotoffers Adware No 1 Yes No C:\WINDOWS\SYSTEM32\msodae.dll
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@target[2].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@www2.addfreestats[1].txt
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\dinerdash2Setup-dm[1].exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@atwola[2].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@www6.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@www1.addfreestats[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Evan Schuman\Cookies\evan_schuman@enhance[2].txt
03042449 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0252672.dll
03053150 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\qrfyrkio.dll
03053150 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0252704.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location K
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description K
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Main.txt log:
Deckard's System Scanner v20071014.68
Run by Evan Schuman on 2008-06-14 07:53:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Evan Schuman.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-14 07:53:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\Evan Schuman\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi.redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\urqNEUom.dll (file missing)
O2 - BHO: QXK Olive - {4F7764DC-5B4A-44B9-B629-E889E542C545} - C:\WINDOWS\boqnrwdmqed.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: IE - {73AB9095-4904-4C64-83D8-01F9F7DDC41C} - C:\WINDOWS\odunbexu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {D4587915-9514-48A6-8E55-C1770ED17536} - C:\WINDOWS\system32\ssqPhhGX.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: atfxqogp - {6813E51A-D108-4693-972A-0490411C4878} - C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\ac8zt2\atfxqogp.dll (file missing)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [c0a7d64e] rundll32.exe "C:\WINDOWS\system32\qrfyrkio.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://qp1.csom.umn.edu/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} () - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096580807437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169934886966
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: urqNEUom - C:\WINDOWS\system32\urqNEUom.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 15027 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 06:55:18 0 d-------- C:\Cleanup programs
2008-06-14 01:51:48 0 d-------- C:\Program Files\Panda Security
2008-06-14 01:25:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 01:25:19 0 d-------- C:\Program Files\Spyware Doctor
2008-06-14 01:25:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-14 01:24:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-14 01:23:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 21:21:46 96128 --a------ C:\WINDOWS\system32\qrfyrkio.dll
2008-06-02 19:26:54 0 d--h----- C:\$AVG8.VAULT$
2008-06-02 19:23:43 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 19:23:42 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\AVGTOOLBAR
2008-06-02 19:23:18 0 d-------- C:\Program Files\AVG
2008-06-02 19:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 19:18:04 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\TmpRecentIcons
2008-05-31 09:27:37 371185 --ahs---- C:\WINDOWS\system32\XGhhPqss.ini2
2008-05-31 09:21:44 52 --a------ C:\smp.bat


-- Find3M Report ---------------------------------------------------------------

2008-06-14 07:52:02 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-14 06:56:36 0 d-------- C:\Program Files\SpywareBlaster
2008-05-31 08:36:50 0 d-------- C:\Program Files\Starcraft
2008-05-18 22:41:57 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\uTorrent
2008-04-20 07:48:55 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\Adobe
2008-04-16 20:02:49 0 d-------- C:\Program Files\Microsoft Works


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F26BEDB-D89B-44A1-948B-5D523292DADF}]
C:\WINDOWS\system32\urqNEUom.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F7764DC-5B4A-44B9-B629-E889E542C545}]
C:\WINDOWS\boqnrwdmqed.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73AB9095-4904-4C64-83D8-01F9F7DDC41C}]
C:\WINDOWS\odunbexu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/03/2008 08:16: VIRUS ALERT! 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4587915-9514-48A6-8E55-C1770ED17536}]
C:\WINDOWS\system32\ssqPhhGX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 11:43: VIRUS ALERT!]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43: VIRUS ALERT!]
"P17Helper"="P17.dll" [05/03/2005 19:38: VIRUS ALERT! C:\WINDOWS\SYSTEM32\P17.dll]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 20:15: VIRUS ALERT!]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01: VIRUS ALERT!]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [09/23/2003 18:04: VIRUS ALERT!]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [08/21/2003 16:12: VIRUS ALERT!]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [11/02/2002 01:33: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 10:21: VIRUS ALERT!]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 20:27: VIRUS ALERT!]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/15/2005 04:46: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 15:24: VIRUS ALERT!]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [11/25/2005 10:53: VIRUS ALERT!]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 15:41: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/09/2006 07:37: VIRUS ALERT!]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 14:21: VIRUS ALERT!]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!]
"advap32"="C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\rbnpsrv.exe/r" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/03/2008 08:16: VIRUS ALERT!]
"c0a7d64e"="C:\WINDOWS\system32\qrfyrkio.dll" [06/05/2008 21:21: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56: VIRUS ALERT!]
"Sonic RecordNow!"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 19:16: VIRUS ALERT!]

C:\Documents and Settings\Evan Schuman\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/3/2004 3:49:22 PM]
Color Calibration.lnk - C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe [11/25/2006 9:44:29 PM]
DESKTOP.INI [9/3/2002 9:00:00 AM]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [11/25/2006 9:35:34 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F26BEDB-D89B-44A1-948B-5D523292DADF}"= C:\WINDOWS\system32\urqNEUom.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNEUom]
urqNEUom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3344167508-1604278677-3497227341-1007\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntU55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\obO31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpH33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqY68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-14 07:55:01 ------------
BoyWonderZ is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here