Thread: popup problems
View Single Post
Old 06-29-2007, 09:26 PM   #1 (permalink)
Przn
Registered User
 
Join Date: Jun 2007
Posts: 5
OS: XP


popup problems
I've been having some problems with popups lately. Heres the logs:

Panda Scan

Virus:Trj/Downloader.OQW Disinfected Operating system
Virus:Trj/Downloader.OZB Disinfected Operating system
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\byxwtuu.dll
Dialer:Dialer.KJT Not disinfected C:\WINDOWS\system32\winmqx32.dll
Spyware:spyware/virtumonde Not disinfected c:\windows\system32\ssttt.dll
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Kasra\Desktop\Click to Find and Fix Errors.url
Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\atwsettl1.exe
Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\atwsettl2.exe
Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\atwsettl3.exe
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kasra\Application Data\Mozilla\Firefox\Profiles\yygvxhyq.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@fastclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@klik.klikadvertising[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@mediaplex[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@stats.drivecleaner[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@www.winantivirus[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kasra\Cookies\kasra@zedo[2].txt
Virus:Malware Generic Disinfected C:\Documents and Settings\Kasra\Local Settings\Temp\comver.dll
Virus:Trj/Downloader.OQW Disinfected C:\Documents and Settings\Kasra\Local Settings\Temp\win176.tmp.exe
Dialer:Dialer.KJT Not disinfected C:\Documents and Settings\Kasra\Local Settings\Temp\wnd162.tmp
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\ddemhceu.exe
Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\WINDOWS\system32\scchk32.exe.bak
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\tolnibyw.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\usiwomjo.exe
Virus:Trj/Lowzones.TP Disinfected C:\WINDOWS\system32\xxcxlqbr.exe
Virus:Malware Generic Disinfected C:\WINDOWS\Temp\win574.tmp.exe
Virus:Trj/Downloader.PDX Disinfected C:\WINDOWS\Temp\win580.tmp.exe

DSS Log

Deckard's System Scanner v20070611.50
Run by Kasra on 2007-06-29 at 21:59:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2007-06-30 02:59:51 UTC - RP298 - Deckard's System Scanner Restore Point
21: 2007-06-30 02:28:59 UTC - RP297 - Software Distribution Service 3.0
20: 2007-06-30 02:21:44 UTC - RP296 - Software Distribution Service 3.0
19: 2007-06-30 01:46:14 UTC - RP295 - Installed Windows Internet Explorer 7.
18: 2007-06-30 01:43:29 UTC - RP294 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2007-06-21 06:23:38 UTC - RP277 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-29 22:04:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Kasra\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\efldxhqi.dll
O2 - BHO: (no name) - {38A9D3C5-8AB2-42E2-B736-6E1E3D215888} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\byxwtuu.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cpyveclh.dll",forkonce
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [mschkdsk.exe] C:\WINDOWS\system32\mschkdsk.exe
O4 - HKCU\..\Run: [googletalk] "C:\DOCUME~1\Kasra\LOCALS~1\Temp\Rar$EX03.297\googletalk.exe" /autostart
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: byxwtuu - C:\WINDOWS\system32\byxwtuu.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\system32\winmqx32.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xkienrhf.exe /service
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Macromedia Licensing Service - Macromedia - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 geebers12 - c:\documents and settings\kasra\desktop\buffy engine\buffy engine\nvid888.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S2 DomainService - c:\windows\system32\xkienrhf.exe /service (file missing)
S2 wltrysvc (Dell Wireless WLAN Tray Service) - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 Dmioskct.tw -


-- Scheduled Tasks -------------------------------------------------------------

2007-06-16 09:34:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-08-06 16:01:30 106 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2007-05-29 and 2007-06-29 -----------------------------

2007-06-29 20:30:55 0 d-------- C:\WINDOWS\network diagnostic
2007-06-29 20:23:56 0 d-------- C:\163feac91fc889b62ecec0d940dbb6
2007-06-29 19:25:13 0 d-------- C:\Program Files\SpywareBlaster
2007-06-29 18:02:30 128576 --a------ C:\WINDOWS\system32\cpyveclh.dll
2007-06-29 17:31:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-27 15:28:28 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-27 14:59:29 30846 --a------ C:\WINDOWS\DIIUnin.dat
2007-06-27 14:59:27 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-06-27 14:59:26 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-06-27 14:53:20 0 d-------- C:\Program Files\Diablo II
2007-06-26 22:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-26 14:17:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-26 10:13:39 66112 --a------ C:\WINDOWS\system32\efldxhqi.dll
2007-06-26 10:07:45 1850584 ---hs---- C:\WINDOWS\system32\tttss.bak2
2007-06-25 14:40:50 0 d-------- C:\Program Files\EA GAMES
2007-06-25 11:23:22 0 d-------- C:\Program Files\Advanced Batch Converter
2007-06-25 11:02:47 0 d-------- C:\Documents and Settings\Kasra\Application Data\Viewpoint
2007-06-25 09:06:13 6369 ---hs---- C:\WINDOWS\system32\tttss.bak1
2007-06-25 09:01:29 266336 --a------ C:\WINDOWS\system32\ssttt.dll
2007-06-25 08:56:46 0 d-------- C:\Documents and Settings\Kasra\Application Data\F?nts
2007-06-25 08:56:19 31254 --a------ C:\WINDOWS\system32\byxwtuu.dll
2007-06-24 14:51:32 0 d-------- C:\Documents and Settings\Kasra\.housecall6.6 <HOUSEC~1.6>
2007-06-21 16:06:23 0 d-------- C:\WINDOWS\system32\atwsettl
2007-06-20 21:36:21 0 d-------- C:\Program Files\InetGet2
2007-06-20 21:32:55 20480 --a------ C:\WINDOWS\system32\winmqx32.dll
2007-06-20 21:32:49 43 --a------ C:\Documents and Settings\Kasra\RUNME.bat
2007-06-18 17:24:30 0 d-------- C:\Program Files\directx
2007-06-18 17:20:57 0 d-------- C:\DeusEx
2007-06-16 23:14:17 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-06-16 23:12:59 0 d-------- C:\Program Files\AIM6
2007-06-15 10:38:46 0 d--hs---- C:\WINDOWS\ftpcache
2007-06-13 19:38:34 4 --a------ C:\WINDOWS\system32\proc683804487.bin
2007-06-13 19:38:34 0 d-------- C:\Documents and Settings\Kasra\Application Data\GanymedeNet
2007-05-29 07:58:07 0 d-------- C:\WINDOWS\Application Data <APPLIC~1>


-- Find3M Report ---------------------------------------------------------------

2007-06-29 18:18:36 0 d-------- C:\Program Files\QuickTime
2007-06-29 18:17:35 0 d-------- C:\Program Files\Picasa2
2007-06-29 18:16:50 0 d-------- C:\Program Files\Messenger
2007-06-29 18:09:50 0 d-------- C:\Program Files\iTunes
2007-06-29 18:04:11 0 d-------- C:\Program Files\D-Tools
2007-06-29 18:04:01 0 d-------- C:\Program Files\CursorXP
2007-06-29 18:00:39 0 d-------- C:\Program Files\BitComet
2007-06-29 18:00:24 0 d-------- C:\Program Files\Apoint
2007-06-29 18:00:23 0 d-------- C:\Program Files\AlienGUIse
2007-06-27 15:09:01 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-06-27 15:09:01 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-06-27 15:09:01 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-06-25 14:40:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-22 16:09:10 0 d-------- C:\Program Files\McAfee.com
2007-06-19 12:45:05 0 d-------- C:\Program Files\PokerStars
2007-06-16 23:13:07 0 d-------- C:\Program Files\Common Files\AOL
2007-06-13 19:38:34 6845 --a------ C:\WINDOWS\mozver.dat
2007-06-02 08:12:31 0 d-------- C:\Program Files\Google
2007-06-02 08:12:31 0 d-------- C:\Program Files\Common Files\Stardock
2007-06-01 22:43:57 0 d-------- C:\Program Files\Common Files\Real
2007-06-01 22:42:54 0 d-------- C:\Documents and Settings\Kasra\Application Data\Real
2007-06-01 22:42:02 0 d-------- C:\Program Files\Java
2007-05-22 20:41:38 0 d-------- C:\Program Files\LittleFighter2
2007-05-06 13:34:18 0 d-------- C:\Documents and Settings\Kasra\Application Data\Adobe
2007-04-22 16:50:57 7373312 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-15 11:27:15 72 --a------ C:\WINDOWS\sysInf.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} C:\WINDOWS\system32\efldxhqi.dll
{38A9D3C5-8AB2-42E2-B736-6E1E3D215888} C:\WINDOWS\system32\ssttt.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{A6807262-1D7A-44AB-947B-23B71E97915C} C:\WINDOWS\system32\byxwtuu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb12.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"runner1"="C:\\WINDOWS\\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"icq.com"="rundll32.exe \"C:\\WINDOWS\\system32\\cpyveclh.dll\",forkonce"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"mschkdsk.exe"="C:\\WINDOWS\\system32\\mschkdsk.exe"
"googletalk"="\"C:\\DOCUME~1\\Kasra\\LOCALS~1\\Temp\\Rar$EX03.297\\googletalk.exe\" /autostart"
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6807262-1D7A-44AB-947B-23B71E97915C}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwtuu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{131f5c16-d245-11db-8e67-0013ce25c58a}]
Shell\AutoRun\command G:\LaunchU3.exe -a


-- End of Deckard's System Scanner: finished at 2007-06-29 at 22:05:29 ---------
Attached Files
File Type: txt extra.txt (16.9 KB, 0 views)
Last edited by Przn; 06-29-2007 at 09:27 PM.
Przn is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here