Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
Constant Pop-ups Adware and Trojan detected by Avast; Vapsup-BQ Vapsup-EB & Agent-TLS Constant Pop-ups Adware and Trojan detected by Avast; Vapsup-BQ Vapsup-EB & Agent-TLS
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 07-23-2008, 05:03 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 15
OS: WinVista 32-bit


Exclamation Constant Pop-ups Adware and Trojan detected by Avast; Vapsup-BQ Vapsup-EB & Agent-TLS
Deckard System Scanner Log(main.txt):
Deckard's System Scanner v20071014.68
Run by Boyz PC on 2008-07-23 12:37:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 12:40:06
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\1st SMTP Server\SMTPServer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mypops\ypops.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Users\Boyz PC\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O3 - Toolbar: fdkowvbp - {88E2C28F-80C8-49BA-94A3-A5D4930B4A23} - C:\Windows\fdkowvbp.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\1st SMTP Server\SMTPServer.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomlLcbC.dll,#1
O4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] MSOFF07.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\BOYZPC~1\AppData\Local\Temp\iifFwVOF.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\BOYZPC~1\AppData\Local\Temp\xxyvttQG.dll,#1
O4 - HKCU\..\Run: [001fe69a] rundll32.exe "C:\Users\BOYZPC~1\AppData\Local\Temp\erbqwtxl.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab Class) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: kvxqmtre - {9E5FE1A3-D7BF-4CB2-BFB3-43506C3DE377} - C:\Windows\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {D631CEF2-DA28-45DE-833F-754B285B0EFD} - C:\Windows\evgratsm.dll
O21 - SSODL: wnslvxtf - {9859E897-78A2-4995-B006-082DC108C59C} - C:\Windows\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {96BFFCFA-39A1-4A84-B3C4-501C4E931A98} - C:\Windows\eqvwamkl.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


--
End of file - 8914 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S4 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
S4 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&33FD14CA&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&33FD14CA&0
Service: i8042prt


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 11:25:21 0 d-------- C:\Users\All Users\Media Center Programs
2008-07-23 11:20:39 0 d-------- C:\Program Files\Electronic Arts
2008-07-23 10:06:12 0 d-------- C:\ie-spyad_zo
2008-07-23 10:02:55 0 d-------- C:\Program Files\SpywareBlaster
2008-07-23 01:53:07 0 d-------- C:\Program Files\Panda Security
2008-07-23 00:45:35 0 d-------- C:\PerfLogs
2008-07-22 15:11:23 0 d-------- C:\Program Files\Mypops
2008-07-22 15:10:14 33152 --a------ C:\Windows\system32\qomlLcbC.dll
2008-07-22 15:10:14 33152 --a------ C:\Windows\system32\geBSlJCU.dll
2008-07-22 15:08:38 94208 --a------ C:\Windows\grswptdl.exe
2008-07-22 15:08:38 192512 --a------ C:\Windows\fdkowvbp.dll
2008-07-22 15:08:38 163840 --a------ C:\Windows\erfb.exe
2008-07-22 15:05:48 245760 --a------ C:\Windows\evgratsm.dll
2008-07-22 15:05:48 163840 --a------ C:\Windows\erms.exe
2008-07-22 15:05:17 0 d-------- C:\Program Files\VAV
2008-07-22 15:05:01 0 d-------- C:\Program Files\PCHealthCenter
2008-07-22 10:58:58 0 d-------- C:\Program Files\VideoLAN
2008-07-22 08:48:21 0 d-------- C:\Program Files\THQ
2008-07-21 19:51:07 0 d-------- C:\Program Files\Activision
2008-07-20 23:32:11 0 d-------- C:\Program Files\DreamCatcher
2008-07-20 23:32:10 233472 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-20 23:32:10 81920 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (c) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-07-20 12:21:47 0 d-------- C:\Windows\PCHEALTH
2008-07-20 12:21:47 0 d-------- C:\Program Files\Microsoft.NET
2008-07-20 12:20:19 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-20 12:19:00 0 dr-h----- C:\MSOCache
2008-07-20 11:17:25 0 d-------- C:\Program Files\1st SMTP Server
2008-07-19 10:52:31 0 d-------- C:\Program Files\FileZilla FTP Client
2008-07-16 10:03:14 0 d-------- C:\Users\All Users\HiddenSecretsNightmare
2008-07-15 11:43:21 4096 --a------ C:\Windows\d3dx.dat
2008-07-15 10:38:27 0 d-------- C:\Users\All Users\Trymedia
2008-07-14 17:03:47 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-07-14 17:03:42 0 d-------- C:\Program Files\DivX
2008-07-14 07:35:14 0 -rahs---- C:\MSDOS.SYS
2008-07-14 07:35:14 0 -rahs---- C:\IO.SYS
2008-07-13 23:18:26 0 d-------- C:\Program Files\YouTube Downloader
2008-07-13 13:03:01 0 d-------- C:\Business
2008-07-13 12:36:38 0 d-------- C:\Users\All Users\html
2008-07-13 00:39:19 0 d-------- C:\Fraps
2008-07-12 23:42:02 0 d-a------ C:\Users\All Users\TEMP
2008-07-12 23:41:28 0 d-------- C:\Program Files\Blaze Media Pro
2008-07-12 23:41:26 0 d--h----- C:\Users\All Users\{56759C22-EA1E-4BE5-A903-72F67D450F43}
2008-07-12 21:35:28 0 d-------- C:\Gamemaking
2008-07-12 12:46:59 0 d-------- C:\Game News
2008-07-11 21:12:42 0 d-------- C:\Program Files\Game_Maker7
2008-07-11 19:09:10 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-07-11 17:25:03 0 d-------- C:\Program Files\KONAMI
2008-07-11 07:19:55 0 d-------- C:\Windows\pss
2008-07-10 12:14:03 0 d-------- C:\Users\All Users\Google
2008-07-10 12:14:01 0 d-------- C:\Program Files\Google
2008-07-10 12:13:34 0 d-------- C:\Users\All Users\NOS
2008-07-10 12:13:33 0 d-------- C:\Program Files\NOS
2008-07-10 08:11:04 0 d-------- C:\homework & coursework
2008-07-09 18:24:01 0 d-------- C:\Cash On Demand
2008-07-09 03:03:24 0 d-------- C:\Program Files\MSXML 4.0
2008-07-08 20:14:34 0 d-------- C:\HiTRUSTDrive
2008-07-08 19:20:28 0 d-------- C:\Users\All Users\WEBREG
2008-07-08 19:19:51 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-07-08 19:18:01 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-08 19:18:00 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-08 19:17:42 0 d-------- C:\Program Files\Common Files\HP
2008-07-08 19:16:08 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-07-08 19:12:59 117760 --a------ C:\Windows\system32\hpz3l4v2.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2008-07-08 19:12:50 0 d-------- C:\Program Files\HP
2008-07-08 19:12:15 130834 --a------ C:\Windows\hpoins18.dat
2008-07-08 19:12:11 0 d-------- C:\Users\All Users\HP
2008-07-08 19:12:09 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-07-08 19:12:08 675840 --a------ C:\Windows\system32\hpowiav1.dll <Not Verified; Hewlett-Packard; hpowiav1.dll>
2008-07-08 19:12:08 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-07-08 19:12:08 897024 --a------ C:\Windows\system32\hpotiop1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-07-08 19:12:07 6600 --a------ C:\Windows\hpomdl18.dat
2008-07-08 18:59:12 0 d-------- C:\Windows\WinRAR
2008-07-08 18:53:01 0 d-------- C:\Program Files\BitLord
2008-07-08 18:39:09 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-08 18:14:45 0 d-------- C:\Program Files\Alwil Software
2008-07-08 17:56:10 0 d-------- C:\Program Files\Sky Broadband
2008-07-08 17:44:54 0 dr------- C:\Users\Boyz PC\Searches
2008-07-08 17:44:45 0 dr------- C:\Users\Boyz PC\Contacts
2008-07-08 17:44:39 0 d-------- C:\Program Files\Yahoo!
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Videos
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\Templates
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\Start Menu
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\SendTo
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Saved Games
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\Recent
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\PrintHood
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Pictures
2008-07-08 17:44:26 2621440 --ahs---- C:\Users\Boyz PC\NTUSER.DAT
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\NetHood
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\My Documents
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Music
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\Local Settings
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Links
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Favorites
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Downloads
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Documents
2008-07-08 17:44:26 0 dr------- C:\Users\Boyz PC\Desktop
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\Cookies
2008-07-08 17:44:26 0 d--hs---- C:\Users\Boyz PC\Application Data
2008-07-08 17:44:26 0 d--h----- C:\Users\Boyz PC\AppData


-- Find3M Report ---------------------------------------------------------------

2008-07-23 00:51:29 174 --ahs---- C:\Program Files\desktop.ini
2008-07-23 00:46:06 0 d-------- C:\Program Files\Windows Sidebar
2008-07-23 00:46:06 0 d-------- C:\Program Files\Windows Photo Gallery
2008-07-23 00:46:06 0 d-------- C:\Program Files\Windows Mail
2008-07-23 00:46:06 0 d-------- C:\Program Files\Windows Journal
2008-07-23 00:46:06 0 d-------- C:\Program Files\Windows Collaboration
2008-07-23 00:46:06 0 d-------- C:\Program Files\Windows Calendar
2008-07-23 00:46:06 0 d-------- C:\Program Files\Movie Maker
2008-07-23 00:46:05 0 d-------- C:\Program Files\Windows Defender
2008-07-22 10:59:11 0 d-------- C:\Users\Boyz PC\AppData\Roaming\vlc
2008-07-22 10:55:33 0 d-------- C:\Users\Boyz PC\AppData\Roaming\DivX
2008-07-21 19:54:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-20 22:44:42 0 d-------- C:\Users\Boyz PC\AppData\Roaming\FileZilla
2008-07-20 12:22:52 0 d-------- C:\Program Files\Microsoft Works
2008-07-20 12:22:43 0 d-------- C:\Program Files\MSBuild
2008-07-20 12:22:26 0 d-------- C:\Program Files\Common Files
2008-07-18 08:17:19 0 d-------- C:\Users\Boyz PC\AppData\Roaming\CyberLink
2008-07-15 21:54:50 0 d-------- C:\Users\Boyz PC\AppData\Roaming\Mozilla
2008-07-14 21:35:03 0 d-------- C:\Users\Boyz PC\AppData\Roaming\Move Networks
2008-07-11 19:09:11 0 d-------- C:\Users\Boyz PC\AppData\Roaming\Adobe
2008-07-10 17:09:18 0 d-------- C:\Users\Boyz PC\AppData\Roaming\Google
2008-07-10 15:58:42 0 d-------- C:\Program Files\Microsoft Games
2008-07-09 17:56:03 0 d-------- C:\Users\Boyz PC\AppData\Roaming\AdobeUM
2008-07-08 20:12:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-08 19:20:40 0 d-------- C:\Users\Boyz PC\AppData\Roaming\HP
2008-07-08 19:03:51 0 d-------- C:\Users\Boyz PC\AppData\Roaming\WinRAR
2008-07-08 17:45:10 0 d-------- C:\Users\Boyz PC\AppData\Roaming\Macromedia
2008-07-08 17:44:46 0 d-------- C:\Users\Boyz PC\AppData\Roaming\Identities
2008-06-11 01:07:20 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [19/01/2008 08:33]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19]
"smtpsrv"="C:\Program Files\1st SMTP Server\SMTPServer.exe" [16/12/2005 19:02]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"MSServer"="C:\Windows\system32\qomlLcbC.dll" [22/07/2008 15:10]
"ypops"="C:\Program Files\Mypops\ypops.exe" [22/07/2008 15:11]
"RtHDVCpl"="RtHDVCpl.exe" [20/06/2007 09:56 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [15/06/2007 09:45 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [05/12/2007 02:41]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/12/2007 02:41]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/12/2007 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/07/2008 12:14]
"Microsoft Update Machine"="MSOFF07.exe" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]
"cmds"="C:\Users\BOYZPC~1\AppData\Local\Temp\iifFwVOF.dll,c" []
"MSServer"="C:\Users\BOYZPC~1\AppData\Local\Temp\xxyvttQG.dll,#1" []
"001fe69a"="C:\Users\BOYZPC~1\AppData\Local\Temp\erbqwtxl.dll,b" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\Windows\system32\qomlLcbC.dll [22/07/2008 15:10 33152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kvxqmtre"= {9E5FE1A3-D7BF-4CB2-BFB3-43506C3DE377} - C:\Windows\kvxqmtre.dll [ ]
"evgratsm"= {D631CEF2-DA28-45DE-833F-754B285B0EFD} - C:\Windows\evgratsm.dll [17/07/2008 11:14 245760]
"wnslvxtf"= {9859E897-78A2-4995-B006-082DC108C59C} - C:\Windows\wnslvxtf.dll [ ]
"eqvwamkl"= {96BFFCFA-39A1-4A84-B3C4-501C4E931A98} - C:\Windows\eqvwamkl.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\NewSetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-23 12:42:40 ------------

Avast Log on the day the problem began;
22/07/2008 15:05:02 SYSTEM 1552 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\PCHealthCenter\1.exe" file.
22/07/2008 15:05:08 SYSTEM 1552 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\PCHealthCenter\2.exe" file.
22/07/2008 15:05:09 SYSTEM 1552 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\3.exe" file.
22/07/2008 15:05:12 SYSTEM 1552 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\4.exe" file.
22/07/2008 15:05:14 SYSTEM 1552 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\7.exe" file.
22/07/2008 15:05:17 SYSTEM 1552 Sign of "Win32:FakeAV-M [Trj]" has been found in "C:\Program Files\VAV\vav.cpl" file.
22/07/2008 15:05:18 SYSTEM 1552 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\VAV\vav.exe" file.
22/07/2008 15:05:42 SYSTEM 1552 Sign of "Win32:Vapsup-BQ [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\agpqlrfm.exe" file.
22/07/2008 15:05:46 SYSTEM 1552 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kgxmotapktx.dll" file.
22/07/2008 15:05:48 SYSTEM 1552 Sign of "Win32:Agent-LTS [Trj]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kvxqmtre.dll" file.
22/07/2008 15:06:43 SYSTEM 1552 Sign of "Win32:Vapsup-BQ [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\agpqlrfm.exe" file.
22/07/2008 15:06:52 SYSTEM 1552 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kgxmotapktx.dll" file.
22/07/2008 15:06:55 SYSTEM 1552 Sign of "Win32:Agent-LTS [Trj]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kvxqmtre.dll" file.
22/07/2008 15:07:45 SYSTEM 1552 Sign of "Win32:Vapsup-BQ [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\agpqlrfm.exe" file.
22/07/2008 15:07:48 SYSTEM 1552 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kgxmotapktx.dll" file.
22/07/2008 15:07:49 SYSTEM 1552 Sign of "Win32:Agent-LTS [Trj]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kvxqmtre.dll" file.
22/07/2008 15:08:28 SYSTEM 1552 Sign of "Win32:Vapsup-CF [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\eqvwamkl.dll" file.
22/07/2008 15:08:34 SYSTEM 1552 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\nfavxwdbpgs.dll" file.
22/07/2008 15:08:36 SYSTEM 1552 Sign of "Win32:Agent-LTS [Trj]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\wnslvxtf.dll" file.
22/07/2008 15:09:33 SYSTEM 1552 Sign of "Win32:Vapsup-BQ [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\agpqlrfm.exe" file.
22/07/2008 15:09:51 SYSTEM 1552 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kgxmotapktx.dll" file.
22/07/2008 15:09:54 SYSTEM 1552 Sign of "Win32:Agent-LTS [Trj]" has been found in "C:\Users\Boyz PC\AppData\Local\Temp\ac8zt2\kvxqmtre.dll" file.


Attached are: extra.txt, ActiveScan.txt

As you have already helped me fix a previous problem, I have great faith in your services. if there are any additional informatins that you will like me to upload please tell me.

Once again thank you for your servies!



Mod’s Message

Please note that this section of the forum is very busy, and re-familiarize yourself with the Bumping Rules found in Step 5 of our sticky topic Important - Please Read This Before Posting for Malware Removal Help, which you should have read before posting. We ask that no one bump a thread before 72 hrs have passed, and then, only once. Premature bump posts will be deleted.

Thanks for understanding.
Attached Files
File Type: txt extra.txt (17.3 KB, 0 views)
File Type: txt ActiveScan.txt (6.7 KB, 0 views)
Last edited by amateur : 07-24-2008 at 06:44 AM.
muunboy2006 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:36 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82