Tech Support Forum banner
Status
Not open for further replies.

Softwarereferral and other irritating things!

1K views 1 reply 1 participant last post by  RikSaunderson 
#1 ·
Hello,
My computer contracted something thoroughly unpleasant on Friday, and I've spent all weekend trying to get rid of it!

I seem to have a range of icons in my system tray (usually 2, sometimes more, sometimes just 1) which keep emulating the Windows Security Centre and saying that I have various viruses and spyware. They bring up system tray balloons (with the word balloon spelt incorrectly [baloon]), various dialogue boxes, websites in IE7 and various websites in IE7 that are supposed to look like dialogue boxes (e.g. a fake version of the security centre dialogue box telling me that I have no firewall, virus protection etc.)

Additionally, http:// softwarereferral.com/ jump.php?wmid=6010&mid= MjI6Ojg5&lid=2
keeps trying to set itself as my IE start page. This is particularly annoying, since downloaded spywareguard this morning, which tells when something is trying to change that page. softwarereferral (and hence spywareguard popping up to prevent it) keeps coming back roughly every 10 seconds (yes, I did use a stopwatch to time it).

Here's the Deckard's System Scanner main.txt log:

Deckard's System Scanner v20071014.68
Run by OEM Student on 2008-04-21 11:02:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as OEM Student.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:02:24, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Documents and Settings\All Users\Application Data\qfmzepkt\idydsvij.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\chcrcjav.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\OEM Student\Desktop\dss.exe
C:\DOCUME~1\OEMSTU~1\Desktop\HIJACK~1\OEMSTU~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CFILP] C:\WINDOWS\CFILP.exe
O4 - HKLM\..\Run: [ADG] C:\WINDOWS\ADG.exe
O4 - HKLM\..\Run: [PSVZCF] C:\WINDOWS\PSVZCF.exe
O4 - HKLM\..\Run: [CGJMPTW] C:\WINDOWS\CGJMPTW.exe
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [miueauiu] C:\WINDOWS\system32\chcrcjav.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207934881117
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: omlbpkaw - {570BDCB0-08F8-43A3-BF21-DD9D6D450CBF} - C:\WINDOWS\omlbpkaw.dll
O21 - SSODL: pmsoarbf - {AC8784A3-4D53-46A5-99B1-3CA1F4988DA5} - C:\WINDOWS\pmsoarbf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 10:26:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 10:20:10 0 d-------- C:\Program Files\SpywareBlaster
2008-04-21 10:18:54 0 d-------- C:\Program Files\SpywareGuard
2008-04-18 16:18:38 0 d-------- C:\Program Files\Windows Defender
2008-04-18 15:47:52 0 d-------- C:\Documents and Settings\OEM Student\Application Data\AdwareAlert
2008-04-17 21:19:02 0 d-------- C:\WINDOWS\privacy_danger
2008-04-17 21:19:01 0 d-------- C:\Documents and Settings\OEM Student\Application Data\TmpRecentIcons
2008-04-17 18:53:29 0 d-------- C:\Program Files\WinSpyKiller
2008-04-17 18:50:04 0 d-------- C:\Program Files\PC-Cleaner
2008-04-17 18:29:28 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-17 18:29:28 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-17 18:29:28 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-17 18:29:27 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-17 18:29:27 4096 --a------ C:\WINDOWS\a.bat
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-17 18:29:26 0 d-------- C:\WINDOWS\system32smp
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-17 18:29:26 0 d-------- C:\Documents and Settings\OEM Student\Desktopvirii
2008-04-17 18:29:26 4096 --a------ C:\Documents and Settings\OEM Student\Desktopfilemanagerclient.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\bdn.com
2008-04-17 18:29:25 4096 --a------ C:\Documents and Settings\OEM Student\DesktopFWebdEditor.exe
2008-04-17 18:29:25 4096 --a------ C:\Documents and Settings\OEM Student\Desktopfwebd.exe
2008-04-17 18:29:24 0 d-------- C:\Program Files\akl
2008-04-17 18:29:13 172032 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-17 18:29:13 221184 --a------ C:\WINDOWS\omlbpkaw.dll
2008-04-17 18:29:13 94208 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-17 18:29:11 94208 --a------ C:\WINDOWS\system32\chcrcjav.exe
2008-04-17 18:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\qfmzepkt
2008-04-12 18:25:45 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 20:23:50 0 d-------- C:\Program Files\Kinnor Software
2008-04-09 20:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kinnor Software
2008-03-22 21:40:34 0 d-------- C:\Program Files\Bullfrog
2008-03-22 21:29:16 0 d-------- C:\Program Files\Undisker
2008-03-22 21:00:04 0 d-------- C:\Program Files\SlySoft


-- Find3M Report ---------------------------------------------------------------

2008-04-21 10:20:15 0 d-------- C:\Documents and Settings\OEM Student\Application Data\BitTorrent
2008-04-20 17:22:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-20 17:22:55 0 d-------- C:\Program Files\Logitech
2008-04-19 14:25:48 0 d-------- C:\Program Files\Kazaa Lite K++
2008-04-19 12:03:43 0 d-------- C:\Program Files\Google
2008-04-18 17:52:17 0 d-------- C:\Documents and Settings\OEM Student\Application Data\Lavasoft
2008-04-17 18:29:19 13312 --a-s---- C:\WINDOWS\system32\bubbj.dll
2008-04-09 22:46:30 0 d-------- C:\Program Files\QuickTime
2008-04-09 20:24:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-26 20:06:45 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-17 15:48:30 0 d-------- C:\Program Files\Java
2008-03-03 19:18:46 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 13:10:41 10623 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="C:\WINDOWS\Options\OEMReset.exe" [25/09/2001 23:57]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 08:59 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/10/2003 15:16]
"nwiz"="nwiz.exe" [06/10/2003 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [06/03/2003 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [25/02/2003 12:00]
"CFILP"="C:\WINDOWS\CFILP.exe" []
"ADG"="C:\WINDOWS\ADG.exe" []
"PSVZCF"="C:\WINDOWS\PSVZCF.exe" []
"CGJMPTW"="C:\WINDOWS\CGJMPTW.exe" []
"CFJ"="C:\WINDOWS\CFJ.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [19/03/2002 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"miueauiu"="C:\WINDOWS\system32\chcrcjav.exe" [17/04/2008 18:29]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\OEM Student\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [05/02/2008 15:29:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"jyaBcAcPUY"=C:\Documents and Settings\All Users\Application Data\qfmzepkt\idydsvij.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Student_Info\index.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [17/04/2008 18:29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"omlbpkaw"= {570BDCB0-08F8-43A3-BF21-DD9D6D450CBF} - C:\WINDOWS\omlbpkaw.dll [17/04/2008 17:11 221184]
"pmsoarbf"= {AC8784A3-4D53-46A5-99B1-3CA1F4988DA5} - C:\WINDOWS\pmsoarbf.dll [17/04/2008 17:11 172032]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_LOCAL_MACHINE\software\microsoft\activfilee setup\installed components\{3D82B0C3-AAFA-400E-B2D1-46B7AD38AB8C}]
"C:\Program Files\Hummingbird\Connectivity\12.00\Accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1



-- End of Deckard's System Scanner: finished at 2008-04-21 11:03:24 ------------

The first time I ran it, it had a second.txt file called extras.txt, although this wasn't derived when I ran the scanner to derive the above main.txt file.

It's unbelievably annoying, help!!!!!!
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top