Thread: popups and fake warning messages
View Single Post
Old 08-10-2008, 06:59 AM   #1 (permalink)
stijnman
Registered User
 
Join Date: Aug 2008
Posts: 9
OS: xp sp2


popups and fake warning messages
Since a few days, my computer shows fake warning messages that there is a virus, followed by a pop-up window for various anti-malware programs. Surfing is also very slow, because of malware activity?
In windows security center, automatic update has been disabled, and it is impossibe to enable it.
I have run AVG anti-spyware, Spybot S&D, Ad-Aware and Panda Activescan. They all give different results, but none of them is able to resolve the issue.
Looking at the Hijack This log, it is clear that the virus has invaded into the registry. Notably the program % %%% %....exe This program cannot be stopped through msconfig, neither with WinPatrol and not manually removed in Explorer.

Deckard's System Scanner v20071014.68
Run by Natalie on 2008-08-10 14:12:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
53: 2008-08-10 12:12:40 UTC - RP841 - Deckard's System Scanner Restore Point
52: 2008-08-09 09:55:33 UTC - RP840 - Controlepunt van systeem
51: 2008-08-07 16:48:21 UTC - RP839 - Installed Ad-Aware
50: 2008-08-05 21:45:47 UTC - RP838 - Controlepunt van systeem
49: 2008-08-04 21:43:13 UTC - RP837 - Controlepunt van systeem


-- First Restore Point --
1: 2008-08-02 20:01:51 UTC - RP789 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Natalie.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:44, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Natalie\Bureaublad\dss.exe
C:\PROGRA~1\HIJACK~1\Natalie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% %%% % ^% %%%%^%^^ ^ ^%^ %^ ^% ^ ^^%^%%.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\yaywurqr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FED044DE-95E7-46BA-A9E8-BA8A78A285A8} - C:\WINDOWS\system32\vTlKDULb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [BM67e43793] Rundll32.exe "C:\WINDOWS\system32\cnjgublu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynam...//DexiaIIA.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://potceline.spaces.live.com//Ph...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2b0e1b134aa1e25d.spaces.l...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextnl.oberon-media.com/G...onGameHost.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenext.oberon-media.com/onl...h.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: yaywurqr - C:\WINDOWS\SYSTEM32\yaywurqr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11739 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080807-221407-105 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% %%% % ^% %%%%^%^^ ^ ^%^ %^ ^% ^ ^^%^%%.exe
backup-20080807-221407-205 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
backup-20080807-221407-237 O16 - DPF: {B80F9FCE-DFDD-4A2A-8AA9-E05C6B7D4ED3} - http://www.smileyworld.com/toolbar/SmileyWorld.cab
backup-20080807-221407-415 O4 - HKLM\..\Run: [BM67e43793] Rundll32.exe "C:\WINDOWS\system32\pcopcjgr.dll",s
backup-20080807-221407-426 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20080807-221407-601 O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\% %%% % ^% %%%%^%^^ ^ ^%^ %^ ^% ^ ^^%^%%.exe
backup-20080807-221408-125 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20080807-221408-725 O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
backup-20080807-221408-857 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
backup-20080807-221408-879 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
backup-20080807-223327-527 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% %%% % ^% %%%%^%^^ ^ ^%^ %^ ^% ^ ^^%^%%.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 eID CRL Service - c:\windows\system32\beidservicecrl.exe <Not Verified; Zetes; .be eID Software>
R2 eID Privacy Service - c:\windows\system32\beidservicepcsc.exe <Not Verified; Zetes; .be eID Software>
R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>

S2 Planner voor Automatische LiveUpdate - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-10 10:46:00 256 --a------ C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job
2008-06-13 17:15:00 398 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 10:47:42 82432 --a------ C:\WINDOWS\system32\yuuqrxaw.dll
2008-08-10 10:44:48 107008 --a------ C:\WINDOWS\system32\mlaplk.dll
2008-08-10 10:44:47 107008 --a------ C:\WINDOWS\system32\rxufegdv.dll
2008-08-10 10:43:19 89088 --a------ C:\WINDOWS\system32\cnjgublu.dll
2008-08-09 18:01:41 0 d-------- C:\VundoFix Backups
2008-08-09 17:30:13 0 d-------- C:\Program Files\IE-spyad
2008-08-09 17:24:56 0 d-------- C:\Program Files\SpywareBlaster
2008-08-09 17:23:27 23040 --a------ C:\WINDOWS\system32\khfEXnNe.dll
2008-08-09 17:23:26 23040 --a------ C:\WINDOWS\system32\yayvSife.dll
2008-08-09 15:25:32 0 d-------- C:\Program Files\Panda Security
2008-08-09 10:30:10 107008 --a------ C:\WINDOWS\system32\ybprpfvs.dll
2008-08-09 10:30:10 107008 --a------ C:\WINDOWS\system32\fymxzr.dll
2008-08-09 10:27:10 82432 --a------ C:\WINDOWS\system32\bucqhglv.dll
2008-08-09 10:25:41 89088 --a------ C:\WINDOWS\system32\cqavafdd.dll
2008-08-08 08:07:02 107008 --a------ C:\WINDOWS\system32\jjmpfbwy.dll
2008-08-08 08:07:02 107008 --a------ C:\WINDOWS\system32\edkmsf.dll
2008-08-08 08:04:02 82432 -----n--- C:\WINDOWS\system32\dtyihejb.dll
2008-08-08 08:01:02 89088 --a------ C:\WINDOWS\system32\vyiqywaa.dll
2008-08-07 23:42:22 0 d-------- C:\Documents and Settings\Natalie\Application Data\WinPatrol
2008-08-07 23:42:13 0 d-------- C:\Program Files\WinPatrol
2008-08-07 23:38:49 23040 --a------ C:\WINDOWS\system32\wvUllIyy.dll
2008-08-07 23:38:49 23040 --a------ C:\WINDOWS\system32\pmnMCrpm.dll
2008-08-07 22:37:18 0 d--h----- C:\Documents and Settings\Administrator.PCNATALIE\Sjablonen
2008-08-07 22:37:18 0 dr-h----- C:\Documents and Settings\Administrator.PCNATALIE\SendTo
2008-08-07 22:37:18 0 d--h----- C:\Documents and Settings\Administrator.PCNATALIE\Onlangs geopend
2008-08-07 22:37:18 0 d--h----- C:\Documents and Settings\Administrator.PCNATALIE\Netwerkprinteromgeving
2008-08-07 22:37:18 0 d--h----- C:\Documents and Settings\Administrator.PCNATALIE\NetHood
2008-08-07 22:37:18 0 d-------- C:\Documents and Settings\Administrator.PCNATALIE\Mijn documenten
2008-08-07 22:37:18 0 dr------- C:\Documents and Settings\Administrator.PCNATALIE\Menu Start
2008-08-07 22:37:18 0 d--h----- C:\Documents and Settings\Administrator.PCNATALIE\Local Settings
2008-08-07 22:37:18 0 d-------- C:\Documents and Settings\Administrator.PCNATALIE\Favorieten
2008-08-07 22:37:18 0 d--hs---- C:\Documents and Settings\Administrator.PCNATALIE\Cookies
2008-08-07 22:37:18 0 d-------- C:\Documents and Settings\Administrator.PCNATALIE\Bureaublad
2008-08-07 22:37:18 0 dr-h----- C:\Documents and Settings\Administrator.PCNATALIE\Application Data
2008-08-07 22:37:18 0 d---s---- C:\Documents and Settings\Administrator.PCNATALIE\Application Data\Microsoft
2008-08-07 22:37:18 0 d-------- C:\Documents and Settings\Administrator.PCNATALIE\Application Data\Hulabee
2008-08-07 22:37:17 524288 --ah----- C:\Documents and Settings\Administrator.PCNATALIE\NTUSER.DAT
2008-08-07 21:34:42 0 d-------- C:\Program Files\Hijack This
2008-08-07 18:48:24 0 d-------- C:\Program Files\Lavasoft
2008-08-07 18:48:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-07 18:47:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 08:02:30 107008 -----n--- C:\WINDOWS\system32\qliluy.dll
2008-08-07 08:02:30 107008 --a------ C:\WINDOWS\system32\hukvgrcj.dll
2008-08-07 07:58:34 82432 --a------ C:\WINDOWS\system32\qtwccxgq.dll
2008-08-05 21:44:03 105472 --a------ C:\WINDOWS\system32\potpkd.dll
2008-08-05 21:44:03 105472 --a------ C:\WINDOWS\system32\cisneldv.dll
2008-08-05 21:43:16 83456 -----n--- C:\WINDOWS\system32\faafiwix.dll
2008-08-05 21:43:09 91648 --a------ C:\WINDOWS\system32\pcopcjgr.dll
2008-08-04 11:54:09 83456 -----n--- C:\WINDOWS\system32\tdaqleeg.dll
2008-08-04 11:51:09 114176 --a------ C:\WINDOWS\system32\uevved.dll
2008-08-04 11:51:09 114176 --a------ C:\WINDOWS\system32\aiisipmu.dll
2008-08-04 11:48:09 91648 --a------ C:\WINDOWS\system32\qdnuhdle.dll
2008-08-02 22:01:40 240912 --ahs---- C:\WINDOWS\system32\bLUDKlTv.ini2
2008-08-02 22:01:03 314880 -----n--- C:\WINDOWS\system32\vTlKDULb.dll
2008-08-02 21:55:44 26112 --a------ C:\WINDOWS\system32\mlJBqqQk.dll
2008-08-02 21:55:43 26112 -----n--- C:\WINDOWS\system32\yaywurqr.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-07 18:47:38 0 d-------- C:\Program Files\Common Files
2008-08-02 23:14:07 6144 --ahs---- C:\Program Files\Thumbs.db
2008-07-25 13:08:58 0 d-------- C:\Program Files\Shrink Pic
2008-07-02 23:57:22 0 d-------- C:\Program Files\SyncBack
2008-07-01 20:02:06 0 d-------- C:\Documents and Settings\Natalie\Application Data\shrink_pic
2008-06-18 21:23:48 0 d-------- C:\Program Files\Common Files\NewSoft
2008-06-18 21:22:32 0 d-------- C:\Program Files\NewSoft
2008-06-18 21:22:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 21:18:57 0 d-------- C:\Documents and Settings\Natalie\Application Data\ScanSoft
2008-06-18 21:18:27 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-18 21:18:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-18 21:16:59 0 d-------- C:\Program Files\ScanSoft
2008-06-18 21:12:17 0 d-------- C:\Program Files\Canon
2008-06-18 20:56:23 0 d-------- C:\Program Files\Common Files\CANON
2008-06-18 20:50:06 0 d--h----- C:\Program Files\CanonBJ
2008-06-03 22:55:59 43675 --a------ C:\WINDOWS\system32\shoot.exe
2008-05-10 13:13:32 0 --------- C:\WINDOWS\system32\% %%% %


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DEABE3F-4A61-47C2-A64D-90453DC01542}]
02/08/2008 21:55 26112 --------- C:\WINDOWS\system32\yaywurqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED044DE-95E7-46BA-A9E8-BA8A78A285A8}]
02/08/2008 22:01 314880 --------- C:\WINDOWS\system32\vTlKDULb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/08/2004 10:03]
"WinPatrol"="C:\Program Files\WinPatrol\winpatrol.exe" [25/04/2008 19:31]
"BM67e43793"="C:\WINDOWS\system32\cnjgublu.dll" [10/08/2008 10:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:03]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4DEABE3F-4A61-47C2-A64D-90453DC01542}"= C:\WINDOWS\system32\yaywurqr.dll [02/08/2008 21:55 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% %%% % ^% %%%%^%^^ ^ ^%^ %^ ^% ^ ^^%^%%.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywurqr]
yaywurqr.dll 02/08/2008 21:55 26112 C:\WINDOWS\system32\yaywurqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vTlKDULb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsystemtray]
C:\Program Files\Belgium Identity Card\beidsystemtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]
C:\WINDOWS\System32\sistray.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\sisUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe




-- End of Deckard's System Scanner: finished at 2008-08-10 14:16:42 ------------
Attached Files
File Type: txt extra.txt (35.2 KB, 1 views)
File Type: txt ActiveScan20080810.txt (8.7 KB, 1 views)
stijnman is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here