Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page popups by outerinfo and system errors
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-05-2007, 04:31 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


popups by outerinfo and system errors
my problem started with constant popups by outerinfo and after i tried to uninstall it from the startup menu it just came back with less popups but some system errors.

here is my panda scan:


Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\program files\??stem\l?gonui.exe
Adware:Adware/PurityScan Not disinfected c:\progra~1\common~1\mcroso~1\msiexec.exe
Adware:Adware/Mirar Not disinfected c:\docume~1\daniel\locals~1\temp\installfile2.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tuvwwxw.dll
Adware:adware/emediacodec Not disinfected c:\windows\system32\ldBECB.tmp
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rlls.dll
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\daniel\Desktop\Click to Find and Fix Errors.url
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\daniel\Application Data\tvmknwrd.dll
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld1092.tmp
Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/popper Not disinfected c:\windows\offun.exe
Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\Need2Find
Adware:adware/mirar Not disinfected Windows Registry
Potentially unwanted tool:application/slimshield Not disinfected hkey_local_machine\software\SlimSoft
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:Adware/SecurityError Not disinfected C:\!KillBox\dfrgsrv.exe
Adware:Adware/InstaFinder Not disinfected C:\!KillBox\InstaFinder_inst245.exe
Potentially unwanted tool:Application/Need2Find Not disinfected C:\!KillBox\NPNd2fn.dll
Adware:Adware/KeenValue Not disinfected C:\!KillBox\remove.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\svchost.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.atwola.com/]
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.qsrch.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.bravenet.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.tickle.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.inet-traffic.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.fortunecity.es/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[www.winantiviruspro.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-1fe8071e.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-1fe8071e.zip[NewURLClassLoader.class]
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@66.246.209[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@burstnet[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@drivecleaner[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@i.screensavers[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@mediaplex[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@stats.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@systemdoctor[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@targetsaver[2].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@targetsaver[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@winantivirus[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.burstbeacon[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.errorsafe[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.winantiviruspro[1].txt
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\Compinst1.exe[installfile1.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\installfile2.exe
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\Tam01065.exe
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\TICHD003.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\yazzlesnet.exe
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0POCUESX\Tam01065[1].exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0POCUESX\yazzlesnet[1].exe
Virus:Trj/Kolweb.C Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\2LM50JK9\ldr[1][/index.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\HCNQBR97\ErrorSafeFreeInstallW[1].cab[UERS_9999_N91S1502NetInstaller.exe]
Spyware:Spyware/MarketScore Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\HCNQBR97\rk2[1].exe[rk.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I4PTNZ7B\mirarfile[1].exe[installfile2.exe]
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I4PTNZ7B\mirarfile[1].exe[Compinst1.exe][installfile1.exe]
Virus:Trj/Kolweb.C Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I72RSBOJ\ldr[1][/index.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I72RSBOJ\setar-101[1].0000
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\IJ8F45IV\dohinst-103[1].0000
Spyware:Application/ErrorProtector Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\NTOKG773\Install-Errorprotector-Free[1].cab[UERT_0001_D19M2109NetInstaller.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\NTOKG773\WinAntiVirusPro2007FreeInstall[1].exe
Adware:Adware/Popuper Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\SXUBS9EB\cnte-oiduuyes[1].gif
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\SXUBS9EB\TICHD003[1].exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\M?crosoft\msiexec.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\qqrw\qqrwd\qqrwc.dll
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\qqrw\qqrwl.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\qqrw\qqrwp.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Mozilla Firefox\qq.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\smitRem\Process.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Mozilla Firefox\vv.exe
Adware:Adware/Popper Not disinfected C:\WINDOWS\apnggqu.exe
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\b103.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\b136.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\dls0523pmw.exe
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\itpb_3.exe[rk.exe]
Adware:Adware/Mirar Not disinfected C:\WINDOWS\itpb_4.exe[installfile2.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\itpb_4.exe[Compinst1.exe][installfile1.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\rau001978.exe
Virus:Trj/Downloader.OLY Disinfected C:\WINDOWS\retadpu.exe
Virus:Trj/Downloader.ORL Disinfected C:\WINDOWS\retadpu1000106.exe.tmp
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\retadpu11.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\SYSTEM32\AdService.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\diivvrdp.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\SYSTEM32\dorbwkwt.dll
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\core.sys
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\SYSTEM32\hdvbemmf.dll
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\SYSTEM32\O
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\SYSTEM32\O.BAT
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\SYSTEM32\T3\dlltk67.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\SYSTEM32\T4\d5ll.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\SYSTEM32\T6\dlwr.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\vsulkxdq.dll

Deckard system scan:


Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\program files\??stem\l?gonui.exe
Adware:Adware/PurityScan Not disinfected c:\progra~1\common~1\mcroso~1\msiexec.exe
Adware:Adware/Mirar Not disinfected c:\docume~1\daniel\locals~1\temp\installfile2.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tuvwwxw.dll
Adware:adware/emediacodec Not disinfected c:\windows\system32\ldBECB.tmp
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rlls.dll
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\daniel\Desktop\Click to Find and Fix Errors.url
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\daniel\Application Data\tvmknwrd.dll
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld1092.tmp
Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/popper Not disinfected c:\windows\offun.exe
Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\Need2Find
Adware:adware/mirar Not disinfected Windows Registry
Potentially unwanted tool:application/slimshield Not disinfected hkey_local_machine\software\SlimSoft
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:Adware/SecurityError Not disinfected C:\!KillBox\dfrgsrv.exe
Adware:Adware/InstaFinder Not disinfected C:\!KillBox\InstaFinder_inst245.exe
Potentially unwanted tool:Application/Need2Find Not disinfected C:\!KillBox\NPNd2fn.dll
Adware:Adware/KeenValue Not disinfected C:\!KillBox\remove.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\svchost.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.atwola.com/]
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.qsrch.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.bravenet.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.tickle.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.inet-traffic.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\lcprfwuh.Default User\cookies.txt[.fortunecity.es/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt[www.winantiviruspro.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-1fe8071e.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-1fe8071e.zip[NewURLClassLoader.class]
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@66.246.209[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@burstnet[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@drivecleaner[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@i.screensavers[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@mediaplex[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@stats.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@systemdoctor[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@targetsaver[2].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@targetsaver[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@winantivirus[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.burstbeacon[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.errorsafe[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\daniel\Cookies\daniel@www.winantiviruspro[1].txt
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\Compinst1.exe[installfile1.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\installfile2.exe
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\Tam01065.exe
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\TICHD003.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\daniel\Local Settings\Temp\yazzlesnet.exe
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0POCUESX\Tam01065[1].exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0POCUESX\yazzlesnet[1].exe
Virus:Trj/Kolweb.C Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\2LM50JK9\ldr[1][/index.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\HCNQBR97\ErrorSafeFreeInstallW[1].cab[UERS_9999_N91S1502NetInstaller.exe]
Spyware:Spyware/MarketScore Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\HCNQBR97\rk2[1].exe[rk.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I4PTNZ7B\mirarfile[1].exe[installfile2.exe]
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I4PTNZ7B\mirarfile[1].exe[Compinst1.exe][installfile1.exe]
Virus:Trj/Kolweb.C Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I72RSBOJ\ldr[1][/index.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\I72RSBOJ\setar-101[1].0000
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\IJ8F45IV\dohinst-103[1].0000
Spyware:Application/ErrorProtector Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\NTOKG773\Install-Errorprotector-Free[1].cab[UERT_0001_D19M2109NetInstaller.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\NTOKG773\WinAntiVirusPro2007FreeInstall[1].exe
Adware:Adware/Popuper Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\SXUBS9EB\cnte-oiduuyes[1].gif
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\SXUBS9EB\TICHD003[1].exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\M?crosoft\msiexec.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\qqrw\qqrwd\qqrwc.dll
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\qqrw\qqrwl.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\qqrw\qqrwp.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Mozilla Firefox\qq.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\smitRem\Process.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Mozilla Firefox\vv.exe
Adware:Adware/Popper Not disinfected C:\WINDOWS\apnggqu.exe
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\b103.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\b136.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\dls0523pmw.exe
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\itpb_3.exe[rk.exe]
Adware:Adware/Mirar Not disinfected C:\WINDOWS\itpb_4.exe[installfile2.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\itpb_4.exe[Compinst1.exe][installfile1.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\rau001978.exe
Virus:Trj/Downloader.OLY Disinfected C:\WINDOWS\retadpu.exe
Virus:Trj/Downloader.ORL Disinfected C:\WINDOWS\retadpu1000106.exe.tmp
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\retadpu11.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\SYSTEM32\AdService.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\diivvrdp.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\SYSTEM32\dorbwkwt.dll
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\core.sys
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\SYSTEM32\hdvbemmf.dll
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\SYSTEM32\O
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\SYSTEM32\O.BAT
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\SYSTEM32\T3\dlltk67.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\SYSTEM32\T4\d5ll.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\SYSTEM32\T6\dlwr.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\vsulkxdq.dll
Attached Files
File Type: txt extra.txt (20.7 KB, 1 views)
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-05-2007, 04:02 PM   #2 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
sorry my mistake here is my Deckard system scan:

Deckard's System Scanner v20070603.47
Run by daniel on 2007-06-05 at 03:05:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2007-06-05 10:05:34 UTC - RP276 - Deckard's System Scanner Restore Point
4: 2007-06-05 07:07:05 UTC - RP275 - Deckard's System Scanner Restore Point
3: 2007-06-03 21:30:06 UTC - RP274 - Installed Ad-Aware SE Personal
2: 2007-05-31 08:27:45 UTC - RP273 - System Checkpoint
1: 2007-05-28 11:19:50 UTC - RP272 - Removed Rappelz Epic3


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as daniel.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:11:35 AM, on 6/5/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apnggqu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\apnggquA.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\installfile2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe
C:\Program Files\??stem\l?gonui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\windows\system32\rlvknlg.exe
C:\Documents and Settings\daniel\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\daniel.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: (no name) - {02477257-6346-4CE7-B7D6-5DF26741DC39} - C:\WINDOWS\System32\ddayw.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {141704A8-3B8A-4D52-9FB8-E4018B7FE66e} - C:\WINDOWS\System32\dksiuhqm.dll (file missing)
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\System32\tuvwwxw.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\System32\vsulkxdq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {952C4C35-82D6-D25C-DD08-FDADA997209B} - C:\WINDOWS\System32\wao.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\System32\hdvbemmf.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832213329D26033AAC
O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\daniel\Local Settings\Temp\TICHD003.exe CHD003
O4 - HKLM\..\Run: [apnggquA] C:\WINDOWS\apnggquA.exe
O4 - HKLM\..\Run: [MbarInstall] C:\DOCUME~1\daniel\LOCALS~1\Temp\installfile2.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\System32\rfkoedxu.dll",realset
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Ssla] "C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Qgmpr] "C:\Program Files\??stem\l?gonui.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\daniel\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddayw - C:\WINDOWS\System32\ddayw.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\System32\rlls.dll
O20 - Winlogon Notify: tuvwwxw - C:\WINDOWS\SYSTEM32\tuvwwxw.dll
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\apnggqu.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.bat - batfile - shell\edit\command - NOTEDAD.EXE %1
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.ini - inifile - shell\open\command - NOTEDAD.EXE %1
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\edit\command - NOTEDAD.EXE %1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.txt - txtfile - shell\open\command - NOTEDAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 core - c:\windows\system32\drivers\core.sys
R1 NPPTNT - c:\windows\system32\npptnt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R2 TBPanel - c:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 npkcrypt - c:\program files\softnyx\gunbound\npkcrypt.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Windows Overlay Components - c:\windows\apnggqu.exe

S2 Net Agent - c:\windows\dls0523pmw.exe
S4 LxrJD31s (Lexar JD31) - lxrjd31s.exe
S4 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-05 03:05:00 258 --a------ C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job
2007-06-05 01:01:29 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-06-02 14:00:00 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job
2007-06-01 20:12:15 532 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2007-05-05 and 2007-06-05 -----------------------------

2007-06-04 23:51:23 21312 --a------ C:\WINDOWS\choice.exe
2007-06-04 23:50:58 0 d-------- C:\ie-spyad
2007-06-04 23:45:54 2580 --a------ C:\WINDOWS\System32\vbobkvvj.exe
2007-06-04 23:37:17 10240 --a------ C:\WINDOWS\icqfuxgh.exe
2007-06-04 23:37:05 0 d-------- C:\Program Files\SpywareBlaster
2007-06-04 16:04:13 131124 --a------ C:\WINDOWS\System32\rfkoedxu.dll
2007-06-04 16:01:15 2580 --a------ C:\WINDOWS\System32\qomaqnhm.exe
2007-06-04 10:03:22 2580 --a------ C:\WINDOWS\System32\gidthvbn.exe
2007-06-04 01:49:23 2580 --a------ C:\WINDOWS\System32\aptpwiya.exe
2007-06-03 15:24:17 327680 --a------ C:\WINDOWS\System32\rlls.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-06-03 14:54:31 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-06-03 14:44:59 2580 --a------ C:\WINDOWS\System32\yosiaqcx.exe
2007-06-03 14:40:09 0 d-------- C:\Documents and Settings\daniel\Application Data\Lavasoft
2007-06-03 14:10:26 2580 --a------ C:\WINDOWS\System32\fvsybulj.exe
2007-06-03 14:04:01 2580 --a------ C:\WINDOWS\System32\ppeomfna.exe
2007-06-03 13:48:30 2580 --a------ C:\WINDOWS\System32\fuammoyl.exe
2007-06-03 13:48:25 53248 --a------ C:\WINDOWS\System32\silc_dll.dll
2007-06-03 13:48:25 926241 --a------ C:\WINDOWS\System32\model.dat
2007-06-03 13:48:24 729088 --a------ C:\WINDOWS\System32\LDPackage.dll <Not Verified; ; LDPackag Dynamic Link Library>
2007-06-03 12:57:10 2580 --a------ C:\WINDOWS\System32\mmispnlf.exe
2007-06-03 12:47:20 2580 --a------ C:\WINDOWS\System32\wslumokx.exe
2007-06-03 12:45:03 249856 --a------ C:\WINDOWS\System32\rlxf.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-06-03 12:43:12 2580 --a------ C:\WINDOWS\System32\rbccucbj.exe
2007-06-03 12:40:36 1576960 --a------ C:\WINDOWS\System32\rlvknlg.exe <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-06-03 12:40:16 220349 --a------ C:\WINDOWS\itpb_4.exe
2007-06-03 12:40:14 88367 --a------ C:\WINDOWS\itpb_3.exe
2007-06-02 23:28:09 2580 --a------ C:\WINDOWS\System32\jiisvsca.exe
2007-06-02 11:09:57 2580 --a------ C:\WINDOWS\System32\ysuqyreo.exe
2007-06-02 11:00:35 2580 --a------ C:\WINDOWS\System32\afyckfli.exe
2007-06-01 21:00:26 2580 --a------ C:\WINDOWS\System32\nwqobhyk.exe
2007-06-01 20:17:09 2580 --a------ C:\WINDOWS\System32\wwtmolbs.exe
2007-06-01 19:36:31 2580 --a------ C:\WINDOWS\System32\skqqujgh.exe
2007-06-01 17:28:41 125460 --a------ C:\WINDOWS\System32\ytcfurqq.dll
2007-06-01 17:25:42 2580 --a------ C:\WINDOWS\System32\klesoybj.exe
2007-06-01 17:16:32 2580 --a------ C:\WINDOWS\System32\ricmivfd.exe
2007-06-01 13:25:31 2580 --a------ C:\WINDOWS\System32\wiwwuwbg.exe
2007-05-31 18:33:15 50745 --a------ C:\WINDOWS\System32\vsulkxdq.dll
2007-05-31 04:15:18 1620821 ---hs---- C:\WINDOWS\System32\wyadd.ini2
2007-05-31 01:32:02 50740 --a------ C:\WINDOWS\System32\hdvbemmf.dll
2007-05-31 01:30:06 1612093 ---hs---- C:\WINDOWS\System32\wyadd.bak2
2007-05-30 13:58:26 0 --a------ C:\WINDOWS\update.exe
2007-05-30 00:14:05 76412 --a------ C:\WINDOWS\System32\dorbwkwt.dll
2007-05-30 00:11:05 50745 --a------ C:\WINDOWS\System32\diivvrdp.dll
2007-05-30 00:05:38 1570776 ---hs---- C:\WINDOWS\System32\wyadd.bak1
2007-05-30 00:05:04 353 ---hs---- C:\WINDOWS\System32\jlkkj.ini2
2007-05-30 00:04:52 263220 -----n--- C:\WINDOWS\System32\ddayw.dll
2007-05-30 00:04:51 263220 ---hs---- C:\WINDOWS\System32\jkklj.dll
2007-05-29 23:59:42 34816 --a------ C:\WINDOWS\rau001978.exe
2007-05-29 23:59:42 20480 --a------ C:\WINDOWS\offun.exe <Not Verified; microsoft; Uninstaller>
2007-05-29 23:59:42 65536 --a------ C:\WINDOWS\dls0523pmw.exe
2007-05-29 23:59:42 791920 -r-hs---- C:\WINDOWS\apnggquA.exe <Not Verified; System Service; System Monitor Service>
2007-05-29 23:59:41 46592 --a------ C:\WINDOWS\apnggqu.exe
2007-05-29 23:59:40 40183 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2007-05-29 23:59:38 0 d-------- C:\WINDOWS\System32\TQ0
2007-05-29 23:59:38 0 d-------- C:\WINDOWS\System32\T6
2007-05-29 23:59:38 0 d-------- C:\WINDOWS\System32\T4
2007-05-29 23:59:38 0 d-------- C:\WINDOWS\System32\T3
2007-05-29 23:59:38 0 d-------- C:\WINDOWS\System32\pog
2007-05-29 23:59:30 0 d-------- C:\WINDOWS\System32\T1QaSQ
2007-05-29 23:59:28 29206 --a------ C:\WINDOWS\System32\tuvwwxw.dll
2007-05-29 23:18:24 19968 --a------ C:\WINDOWS\System32\mwqvaaaa.exe
2007-05-29 23:18:21 73728 --a------ C:\WINDOWS\System32\pyldjnap.exe
2007-05-29 23:18:20 1046 --a------ C:\WINDOWS\System32\dimpsiuq.exe
2007-05-29 11:40:33 2912 --a------ C:\Microsoft.com <MICROS~1.COM>
2007-05-28 20:36:17 10 --a------ C:\WINDOWS\1351865829
2007-05-28 20:21:08 36864 --a------ C:\WINDOWS\System32\Explorer.exe <Not Verified; Microsoft; 3fgsd>
2007-05-28 20:17:23 32768 --a------ C:\WINDOWS\System32\mp43.exe <Not Verified; Microsoft; 4dfa>
2007-05-28 20:17:23 32768 --a------ C:\WINDOWS\NOTEDAD.EXE <Not Verified; Microsoft; 4dfa>
2007-05-28 20:05:16 72320 --a------ C:\WINDOWS\System32\drivers\core.sys
2007-05-28 19:50:31 2 --a------ C:\WINDOWS\System32\winticomsv.exe
2007-05-28 19:50:29 60928 --a------ C:\WINDOWS\System32\wao.dll
2007-05-28 19:50:29 0 d-------- C:\Program Files\Outerinfo
2007-05-28 19:50:29 0 d-------- C:\Program Files\??stem
2007-05-28 19:50:16 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2007-05-28 19:50:15 0 d-------- C:\Program Files\Common Files\M?crosoft
2007-05-28 19:36:02 0 d-------- C:\WINDOWS\qqrw
2007-05-28 19:36:02 0 d-------- C:\Program Files\Common Files\qqrw
2007-05-26 16:35:58 0 d-------- C:\Documents and Settings\daniel\Application Data\s?stem
2007-05-26 16:35:46 40960 --a------ C:\WINDOWS\retadpu11.exe <Not Verified; ; retadpu Application>


-- Find3M Report ---------------------------------------------------------------

2007-06-04 16:07:39 0 d-------- C:\Program Files\AIM95
2007-06-04 15:56:55 292 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
2007-06-04 15:56:55 292 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
2007-06-04 15:26:15 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-04 15:26:11 0 d-------- C:\Program Files\DAEMON Tools
2007-06-04 15:10:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 19:12:58 0 d-------- C:\Program Files\World of Warcraft
2007-06-03 14:30:08 0 d-------- C:\Program Files\Lavasoft
2007-05-28 04:28:47 0 d-------- C:\Program Files\Pcsx2
2007-05-28 04:19:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-26 14:43:38 0 d--h----- C:\Documents and Settings\daniel\Application Data\Move Networks
2007-05-15 03:42:47 0 d-------- C:\Program Files\PeerGuardian2
2007-05-14 01:23:16 0 d-------- C:\Program Files\WC3Banlist
2007-05-14 01:19:37 0 d-------- C:\Program Files\DivX
2007-04-23 11:11:00 146944 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2007-04-16 23:49:54 0 d-------- C:\Program Files\GALA-NET
2007-04-16 23:38:18 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-16 15:10:00 124142 --a------ C:\WINDOWS\b136.exe
2007-04-15 14:49:40 0 d-------- C:\Documents and Settings\daniel\Application Data\Macromedia


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02477257-6346-4CE7-B7D6-5DF26741DC39} C:\WINDOWS\System32\ddayw.dll
{141704A8-3B8A-4D52-9FB8-E4018B7FE66e} C:\WINDOWS\System32\dksiuhqm.dll [x]
{2432F099-F8E2-43C9-B765-3AF002FFC6A7} C:\WINDOWS\System32\tuvwwxw.dll
{4B646AFB-9341-4330-8FD1-C32485AEE619} C:\WINDOWS\System32\vsulkxdq.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{952C4C35-82D6-D25C-DD08-FDADA997209B} C:\WINDOWS\System32\wao.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll
{CD3447D4-CA39-4377-8084-30E86331D74C} C:\WINDOWS\System32\hdvbemmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"runner1"="C:\\WINDOWS\\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832213329D26033AAC"
"{ZN}"="C:\\Documents and Settings\\daniel\\Local Settings\\Temp\\TICHD003.exe CHD003"
"apnggquA"="C:\\WINDOWS\\apnggquA.exe"
"MbarInstall"="C:\\DOCUME~1\\daniel\\LOCALS~1\\Temp\\installfile2.exe"
"RelevantKnowledge"="c:\\windows\\system32\\rlvknlg.exe -boot"
"ApachInc"="rundll32.exe \"C:\\WINDOWS\\System32\\rfkoedxu.dll\",realset"
"IESet"="IExplorer.dll .dbt"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Ssla"="\"C:\\PROGRA~1\\COMMON~1\\MCROSO~1\\msiexec.exe\" -vt yazb"
"Qgmpr"="\"C:\\Program Files\\??stem\\l?gonui.exe\""
"IESet"="IExplorer.dll .dbt"
"IESet"="IExplorer.dll .dbt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IESet"="IExplorer.dll .dbt"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"IESet"="IExplorer.dll .dbt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="dfrgsrv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2432F099-F8E2-43C9-B765-3AF002FFC6A7}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwxw

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"PROMon.exe"="PROMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Post-it® Software Notes Lite.lnk"
"backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\3M\\PSNLite\\PsnLite.exe -RegRun"
"item"="Post-it® Software Notes Lite"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Support Center.lnk"
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VERIZO~1\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSVR32"
"hkey"="HKLM"
"command"="REGSVR32.EXE /S CTASIO.DLL"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDVDDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1126907971\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaGateway"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Gateway\\MediaGateway.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SBDrvDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sivsfc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Odhm"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xbel\\Odhm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=dword:00000002
"Symantec Core LC"=dword:00000002
"SBService"=dword:00000002
"SAVScan"=dword:00000003
"Pml Driver HPZ12"=dword:00000002
"NVSvc"=dword:00000002
"NProtectService"=dword:00000002
"navapsvc"=dword:00000002
"LxrJD31s"=dword:00000002
"ewido security suite control"=dword:00000002
"Creative Service for CDROM Access"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002
"btwdins"=dword:00000002
"rpcapd"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-05 at 03:12:33 ---------
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-06-2007, 10:56 PM   #3 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
Hi Mr.Spookie,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

This is a very heavily infected system. We’ll have to peck at this slowly so as not to damage your system any further. Kinda like a delicate surgery.

OK, let’s do this first.

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon. Read the disclaimer and click "OK".
  • Click on the "Scan" button.
  • Place a checkmark next to the following entries:

    .bat
    .com
    .hlp
    .ini
    .reg
    .txt

  • Click the "Fix" button.
  • Re-scan and save a logfile. By default, it will save as daft.txt.
  • Post the contents of that logfile with your next post.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-07-2007, 02:28 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
hey thanks for the reply and no problem about the delay, there are other ppl that needs help and im happy to wait. i followed the instructions u gave me and daft.exe didnt realy have nething in its log but ill post it just incase.

Daft:

DAFT Log saved on 2007-06-07 13:03:33
-----------------------------------------------------------------------
All associations okay!

Combofix.txt:

ComboFix 07-06-3B - Running from: "C:\Program Files\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\diivvrdp.dll
C:\WINDOWS\system32\dorbwkwt.dll
C:\WINDOWS\system32\hcutsien.dll
C:\WINDOWS\system32\hdvbemmf.dll
C:\WINDOWS\system32\jhoxnwua.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\nkmjckvj.dll
C:\WINDOWS\system32\nnvlyfxl.dll
C:\WINDOWS\system32\vsulkxdq.dll
C:\WINDOWS\system32\ytcfurqq.dll
C:\WINDOWS\SYSTEM32\wyadd.bak1
C:\WINDOWS\SYSTEM32\wyadd.bak2
C:\WINDOWS\SYSTEM32\wyadd.ini
C:\WINDOWS\SYSTEM32\wyadd.ini2
C:\WINDOWS\SYSTEM32\wyadd.tmp
C:\WINDOWS\SYSTEM32\jlkkj.ini
C:\WINDOWS\SYSTEM32\jlkkj.ini2
C:\WINDOWS\SYSTEM32\lxfylvnn.ini
C:\WINDOWS\SYSTEM32\wyadd.bak1
C:\WINDOWS\SYSTEM32\wyadd.bak2
C:\WINDOWS\SYSTEM32\wyadd.ini
C:\WINDOWS\SYSTEM32\wyadd.ini2
C:\WINDOWS\SYSTEM32\wyadd.tmp
C:\WINDOWS\SYSTEM32\wyadd.bak1
C:\WINDOWS\SYSTEM32\wyadd.bak2
C:\WINDOWS\SYSTEM32\wyadd.ini
C:\WINDOWS\SYSTEM32\wyadd.ini2
C:\WINDOWS\SYSTEM32\wyadd.tmp
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\tuvwwxw.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



-- Purity Folders:
C:\DOCUME~1\daniel\APPLIC~1\PPATCH~1
C:\DOCUME~1\daniel\APPLIC~1\SSTEM~1
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters\Connection error, please check your internet connection!
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters\filter.drv
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters\IExpl32d.exe
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters\MSIEHelper.dll
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters\prx475b.dll
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\Filters\prx482b.dll
C:\DOCUME~1\daniel\LOCALS~1\APPLIC~1.\Microsoft\Internet Explorer\prndrv.dll
C:\DOCUME~1\daniel\MYDOCU~1\YSTEM~1
C:\install.log
C:\Program Files\Common Files\MBOLS~1
C:\Program Files\Common Files\MCROSO~1
C:\Program Files\Common Files\SEMBLY~1
C:\Program Files\Common Files\STEM32~1
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\YSTEM3~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\STEM~1
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\tn3
C:\WINDOWS\b136.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\itpb_3.exe
C:\WINDOWS\notedad.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\opera6.ini
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\start.exe
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\hd_dirs.cfg
C:\WINDOWS\system32\drivers\hd_files.cfg
C:\WINDOWS\system32\drivers\hd_proc.cfg
C:\WINDOWS\system32\drivers\hd_rkeys.cfg
C:\WINDOWS\system32\drivers\hd_rvals.cfg
C:\WINDOWS\system32\drivers\hd_self.cfg
C:\WINDOWS\system32\drivers\hflt_ipf.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\IExplorer.dll .dbt
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T3\dlltk67.exe
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T4\d5ll.exe
C:\WINDOWS\update.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_HFLT_IPF
-------\LEGACY_NET_AGENT
-------\LEGACY_NM
-------\LEGACY_SFSYNC02
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\hflt_ipf
-------\Net Agent
-------\nm
-------\sfsync02
-------\Windows Overlay Components


((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))


2007-06-07 13:09 0 --a------ C:\WINDOWS\SYSTEM32\sfsync02.dll
2007-06-07 13:00 60,928 --a------ C:\WINDOWS\SYSTEM32\opfbo.dll
2007-06-07 12:59 58,420 --a------ C:\WINDOWS\SYSTEM32\nkxlkmqh.dll
2007-06-06 13:14 262,144 --a------ C:\WINDOWS\SYSTEM32\rlxf.dll
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\TQ0
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\T6
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\T1QaSQ
2007-06-06 02:29 8,912,896 --a------ C:\DOCUME~1\daniel\ntuser.dat
2007-06-05 12:37 14,868 --a------ C:\WINDOWS\SYSTEM32\ojjbnbgf.exe
2007-06-05 12:37 10,752 --a------ C:\WINDOWS\SYSTEM32\j1261235.dll
2007-06-05 03:15 45,056 --a------ C:\command.exe
2007-06-05 00:05 <DIR> d-------- C:\Deckard
2007-06-04 23:51 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-04 23:50 <DIR> d-------- C:\ie-spyad
2007-06-04 23:45 2,580 --a------ C:\WINDOWS\SYSTEM32\vbobkvvj.exe
2007-06-04 23:37 10,240 --a------ C:\WINDOWS\icqfuxgh.exe
2007-06-04 23:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-04 16:04 131,124 --a------ C:\WINDOWS\SYSTEM32\rfkoedxu.dll
2007-06-04 16:01 2,580 --a------ C:\WINDOWS\SYSTEM32\qomaqnhm.exe
2007-06-04 10:03 2,580 --a------ C:\WINDOWS\SYSTEM32\gidthvbn.exe
2007-06-04 01:49 2,580 --a------ C:\WINDOWS\SYSTEM32\aptpwiya.exe
2007-06-03 14:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-03 14:44 2,580 --a------ C:\WINDOWS\SYSTEM32\yosiaqcx.exe
2007-06-03 14:40 <DIR> d-------- C:\DOCUME~1\daniel\APPLIC~1\Lavasoft
2007-06-03 14:10 2,580 --a------ C:\WINDOWS\SYSTEM32\fvsybulj.exe
2007-06-03 14:04 2,580 --a------ C:\WINDOWS\SYSTEM32\ppeomfna.exe
2007-06-03 13:48 926,241 --a------ C:\WINDOWS\SYSTEM32\model.dat
2007-06-03 13:48 729,088 --a------ C:\WINDOWS\SYSTEM32\LDPackage.dll
2007-06-03 13:48 53,248 --a------ C:\WINDOWS\SYSTEM32\silc_dll.dll
2007-06-03 13:48 2,580 --a------ C:\WINDOWS\SYSTEM32\fuammoyl.exe
2007-06-03 12:57 2,580 --a------ C:\WINDOWS\SYSTEM32\mmispnlf.exe
2007-06-03 12:47 2,580 --a------ C:\WINDOWS\SYSTEM32\wslumokx.exe
2007-06-03 12:43 2,580 --a------ C:\WINDOWS\SYSTEM32\rbccucbj.exe
2007-06-03 12:40 220,349 --a------ C:\WINDOWS\itpb_4.exe
2007-06-02 23:28 2,580 --a------ C:\WINDOWS\SYSTEM32\jiisvsca.exe
2007-06-02 11:09 2,580 --a------ C:\WINDOWS\SYSTEM32\ysuqyreo.exe
2007-06-02 11:00 2,580 --a------ C:\WINDOWS\SYSTEM32\afyckfli.exe
2007-06-01 21:00 2,580 --a------ C:\WINDOWS\SYSTEM32\nwqobhyk.exe
2007-06-01 20:17 2,580 --a------ C:\WINDOWS\SYSTEM32\wwtmolbs.exe
2007-06-01 19:36 2,580 --a------ C:\WINDOWS\SYSTEM32\skqqujgh.exe
2007-06-01 17:25 2,580 --a------ C:\WINDOWS\SYSTEM32\klesoybj.exe
2007-06-01 17:16 2,580 --a------ C:\WINDOWS\SYSTEM32\ricmivfd.exe
2007-06-01 13:25 2,580 --a------ C:\WINDOWS\SYSTEM32\wiwwuwbg.exe
2007-05-29 23:59 791,920 -r-hs---- C:\WINDOWS\apnggquA.exe
2007-05-29 23:59 46,592 --a------ C:\WINDOWS\apnggqu.exe
2007-05-29 23:18 73,728 --a------ C:\WINDOWS\SYSTEM32\pyldjnap.exe
2007-05-29 23:18 19,968 --a------ C:\WINDOWS\SYSTEM32\mwqvaaaa.exe
2007-05-29 23:18 1,046 --a------ C:\WINDOWS\SYSTEM32\dimpsiuq.exe
2007-05-29 11:40 2,912 --a------ C:\Microsoft.com
2007-05-28 19:50 2 --a------ C:\WINDOWS\SYSTEM32\winticomsv.exe
2007-05-28 19:36 <DIR> d-------- C:\WINDOWS\qqrw
2007-05-28 19:36 <DIR> d-------- C:\Program Files\Common Files\qqrw


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-07 20:12:23 292 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
2007-06-07 20:12:23 292 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
2007-06-06 09:41:27 -------- d-----w C:\Program Files\World of Warcraft
2007-06-06 09:32:11 -------- d-----w C:\Program Files\Pcsx2
2007-06-04 23:07:39 -------- d-----w C:\Program Files\AIM95
2007-06-04 22:26:15 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-04 22:26:11 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-04 22:10:43 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 21:30:08 -------- d-----w C:\Program Files\Lavasoft
2007-05-28 11:19:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 21:43:38 -------- d--h--w C:\DOCUME~1\daniel\APPLIC~1\Move Networks
2007-05-15 10:42:47 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-14 08:23:16 -------- d-----w C:\Program Files\WC3Banlist
2007-05-14 08:19:37 -------- d-----w C:\Program Files\DivX
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-17 06:49:54 -------- d-----w C:\Program Files\GALA-NET
2007-04-17 06:38:18 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-07-14 19:31:20 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-17 16:34]
{C77D4A33-D882-D25E-8C08-FDADA9972891}=C:\WINDOWS\System32\opfbo.dll [2007-05-21 06:59]
{E12BFF69-38A7-406e-A8EF-2738107A7831}=C:\WINDOWS\System32\nkxlkmqh.dll [2007-06-07 12:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 07:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"{ZN}"="C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\TICHD003.exe" [2007-05-29 23:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ssla"="C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe" []
"Qgmpr"="C:\Program Files\??stem\l?gonui.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=dfrgsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge]
C:\WINDOWS\System32\rlls.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=C:\WINDOWS\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1126907971\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
C:\Program Files\Media Gateway\MediaGateway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sivsfc]
C:\Program Files\Xbel\Odhm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"NProtectService"=2 (0x2)
"navapsvc"=2 (0x2)
"LxrJD31s"=2 (0x2)
"ewido security suite control"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"btwdins"=2 (0x2)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"PROMon.exe"=PROMon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-02 03:12:15 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-06-07 20:05:44 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-07 06:00:00 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-07 20:05:00 C:\WINDOWS\tasks\Uninstall Expiration Reminder.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 13:14:06
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-07 13:15:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-07 13:15

--- E O F ---
HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:25:52 PM, on 6/7/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C77D4A33-D882-D25E-8C08-FDADA9972891} - C:\WINDOWS\System32\opfbo.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\System32\nkxlkmqh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{ZN}] C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\TICHD003.exe CHD003
O4 - HKCU\..\Run: [Ssla] "C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Qgmpr] "C:\Program Files\??stem\l?gonui.exe"
O4 - Startup: TA_Start.lnk = C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\TICHD003.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\System32\rlls.dll (file missing)
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 01:26 AM   #5 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
Hi Mr.Spookie,

OK, let’s do this next.

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download the Suspicious File Packer from Safer-Networking.Org and unzip (extract) it to your desktop.

Then please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".

Please run the Suspicious File Packer:
  • Double-click on SFP.exe to run it.
  • Please copy the following lines into the "Step 1: Paste Text" window:

    C:\WINDOWS\SYSTEM32\sfsync02.dll
    C:\WINDOWS\SYSTEM32\opfbo.dll
    C:\WINDOWS\SYSTEM32\nkxlkmqh.dll
    C:\WINDOWS\SYSTEM32\rlxf.dll
    C:\WINDOWS\SYSTEM32\ojjbnbgf.exe
    C:\WINDOWS\SYSTEM32\j1261235.dll
    C:\command.exe
    C:\WINDOWS\SYSTEM32\vbobkvvj.exe
    C:\WINDOWS\icqfuxgh.exe
    C:\WINDOWS\SYSTEM32\rfkoedxu.dll
    C:\WINDOWS\SYSTEM32\qomaqnhm.exe
    C:\WINDOWS\SYSTEM32\gidthvbn.exe
    C:\WINDOWS\SYSTEM32\aptpwiya.exe
    C:\WINDOWS\SYSTEM32\yosiaqcx.exe
    C:\WINDOWS\SYSTEM32\fvsybulj.exe
    C:\WINDOWS\SYSTEM32\ppeomfna.exe
    C:\WINDOWS\SYSTEM32\LDPackage.dll
    C:\WINDOWS\SYSTEM32\silc_dll.dll
    C:\WINDOWS\SYSTEM32\fuammoyl.exe
    C:\WINDOWS\SYSTEM32\mmispnlf.exe
    C:\WINDOWS\SYSTEM32\wslumokx.exe
    C:\WINDOWS\SYSTEM32\rbccucbj.exe
    C:\WINDOWS\SYSTEM32\jiisvsca.exe
    C:\WINDOWS\SYSTEM32\ysuqyreo.exe
    C:\WINDOWS\SYSTEM32\afyckfli.exe
    C:\WINDOWS\SYSTEM32\nwqobhyk.exe
    C:\WINDOWS\SYSTEM32\wwtmolbs.exe
    C:\WINDOWS\SYSTEM32\skqqujgh.exe
    C:\WINDOWS\SYSTEM32\klesoybj.exe
    C:\WINDOWS\SYSTEM32\ricmivfd.exe
    C:\WINDOWS\SYSTEM32\wiwwuwbg.exe
    C:\WINDOWS\SYSTEM32\pyldjnap.exe
    C:\WINDOWS\SYSTEM32\mwqvaaaa.exe
    C:\WINDOWS\SYSTEM32\dimpsiuq.exe
    C:\WINDOWS\SYSTEM32\winticomsv.exe

  • Then click "Continue".
  • When SFP has finished packing the file, please reboot normally into Windows.
  • Please send the created .cab file on your desktop (named "requested-files[Date/Time].cab") to:

    http://www.bleepingcomputer.com/submit-malware.php?channel=4

  • Please include a link to your thread at TSF in your message.
  • You can then delete the requested-files.cab file from your desktop once you have sent it to the above recipients.


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {C77D4A33-D882-D25E-8C08-FDADA9972891} - C:\WINDOWS\System32\opfbo.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\System32\nkxlkmqh.dll
O4 - HKLM\..\Run: [{ZN}] C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\TICHD003.exe CHD003
O4 - HKCU\..\Run: [Ssla] "C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Qgmpr] "C:\Program Files\??stem\l?gonui.exe"
O4 - Startup: TA_Start.lnk = C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\TICHD003.exe
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\System32\rlls.dll (file missing)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    Code:
    File::
C:\WINDOWS\SYSTEM32\sfsync02.dll
C:\WINDOWS\SYSTEM32\opfbo.dll
C:\WINDOWS\SYSTEM32\nkxlkmqh.dll
C:\WINDOWS\SYSTEM32\rlxf.dll
C:\WINDOWS\SYSTEM32\ojjbnbgf.exe
C:\WINDOWS\SYSTEM32\j1261235.dll
C:\command.exe
C:\WINDOWS\SYSTEM32\vbobkvvj.exe
C:\WINDOWS\icqfuxgh.exe
C:\WINDOWS\SYSTEM32\rfkoedxu.dll
C:\WINDOWS\SYSTEM32\qomaqnhm.exe
C:\WINDOWS\SYSTEM32\gidthvbn.exe
C:\WINDOWS\SYSTEM32\aptpwiya.exe
C:\WINDOWS\SYSTEM32\yosiaqcx.exe
C:\WINDOWS\SYSTEM32\fvsybulj.exe
C:\WINDOWS\SYSTEM32\ppeomfna.exe
C:\WINDOWS\SYSTEM32\LDPackage.dll
C:\WINDOWS\SYSTEM32\silc_dll.dll
C:\WINDOWS\SYSTEM32\fuammoyl.exe
C:\WINDOWS\SYSTEM32\mmispnlf.exe
C:\WINDOWS\SYSTEM32\wslumokx.exe
C:\WINDOWS\SYSTEM32\rbccucbj.exe
C:\WINDOWS\itpb_4.exe
C:\WINDOWS\SYSTEM32\jiisvsca.exe
C:\WINDOWS\SYSTEM32\ysuqyreo.exe
C:\WINDOWS\SYSTEM32\afyckfli.exe
C:\WINDOWS\SYSTEM32\nwqobhyk.exe
C:\WINDOWS\SYSTEM32\wwtmolbs.exe
C:\WINDOWS\SYSTEM32\skqqujgh.exe
C:\WINDOWS\SYSTEM32\klesoybj.exe
C:\WINDOWS\SYSTEM32\ricmivfd.exe
C:\WINDOWS\SYSTEM32\wiwwuwbg.exe
C:\WINDOWS\apnggquA.exe
C:\WINDOWS\apnggqu.exe
C:\WINDOWS\SYSTEM32\pyldjnap.exe
C:\WINDOWS\SYSTEM32\mwqvaaaa.exe
C:\WINDOWS\SYSTEM32\dimpsiuq.exe
C:\Microsoft.com
C:\WINDOWS\SYSTEM32\winticomsv.exe
C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
C:\WINDOWS\System32\rlls.dll
C:\WINDOWS\System32\dfrgsrv.exe
C:\WINDOWS\dfrgsrv.exe
C:\dfrgsrv.exe

Folder::
C:\PROGRA~1\COMMON~1\MCROSO~1
  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.





  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download CCleaner (freeware) and save it to your desktop:
  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the "Windows" tab.
  4. Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  5. Then, click the "Applications" tab:
    • CHECK everything there.
  6. Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  7. Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  8. When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #3 in the latest anti-virus test here:
http://www.virus.gr/english/fullxml/...p?id=85&mnu=85

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.
  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:





  • Then please update the program and run a scan on "My Computer". Allow it to neutralize all that it finds.
  • When done, launch Active Virus Shield's main window.





  • Click the "Scan" button on the left, and then click "Detected".





  • In the ensuing window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.

Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from the ComboFix scan located at C:\ComboFix.txt.
  2. The log from the Active Virus Shield scan.
  3. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 06-09-2007 at 01:28 AM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 03:43 AM   #6 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
I did everything up till Active Virus Sheild because i actually have Norton Antivirus 2004 Professional. Sorry for the mishap but i had it off for some reason and i dont remember how long ago i turned it off. I hope this didnt mess anything up and if we have to start all over then im sorry i wasted ur time. I turned it back on and updated it but if u think i should use AVS instead then ill change it. Well heres the other 2 logs

Combofix:

Command switches used :: ""C:\Documents and Settings\daniel\Desktop\ComboFix-Do.txt""


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\command.exe
C:\Microsoft.com
C:\WINDOWS\apnggqu.exe
C:\WINDOWS\apnggquA.exe
C:\WINDOWS\icqfuxgh.exe
C:\WINDOWS\itpb_4.exe
C:\WINDOWS\SYSTEM32\afyckfli.exe
C:\WINDOWS\SYSTEM32\aptpwiya.exe
C:\WINDOWS\SYSTEM32\dimpsiuq.exe
C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
C:\WINDOWS\SYSTEM32\fuammoyl.exe
C:\WINDOWS\SYSTEM32\fvsybulj.exe
C:\WINDOWS\SYSTEM32\gidthvbn.exe
C:\WINDOWS\SYSTEM32\j1261235.dll
C:\WINDOWS\SYSTEM32\jiisvsca.exe
C:\WINDOWS\SYSTEM32\klesoybj.exe
C:\WINDOWS\SYSTEM32\LDPackage.dll
C:\WINDOWS\SYSTEM32\mmispnlf.exe
C:\WINDOWS\SYSTEM32\mwqvaaaa.exe
C:\WINDOWS\SYSTEM32\nwqobhyk.exe
C:\WINDOWS\SYSTEM32\ojjbnbgf.exe
C:\WINDOWS\SYSTEM32\ppeomfna.exe
C:\WINDOWS\SYSTEM32\pyldjnap.exe
C:\WINDOWS\SYSTEM32\qomaqnhm.exe
C:\WINDOWS\SYSTEM32\rbccucbj.exe
C:\WINDOWS\SYSTEM32\rfkoedxu.dll
C:\WINDOWS\SYSTEM32\ricmivfd.exe
C:\WINDOWS\SYSTEM32\rlxf.dll
C:\WINDOWS\SYSTEM32\sfsync02.dll
C:\WINDOWS\SYSTEM32\silc_dll.dll
C:\WINDOWS\SYSTEM32\skqqujgh.exe
C:\WINDOWS\SYSTEM32\vbobkvvj.exe
C:\WINDOWS\SYSTEM32\winticomsv.exe
C:\WINDOWS\SYSTEM32\wiwwuwbg.exe
C:\WINDOWS\SYSTEM32\wslumokx.exe
C:\WINDOWS\SYSTEM32\wwtmolbs.exe
C:\WINDOWS\SYSTEM32\yosiaqcx.exe
C:\WINDOWS\SYSTEM32\ysuqyreo.exe


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-07 13:15 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\TQ0
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\T6
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\T1QaSQ
2007-06-06 02:29 8,912,896 --a------ C:\DOCUME~1\daniel\ntuser.dat
2007-06-05 00:05 <DIR> d-------- C:\Deckard
2007-06-04 23:51 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-04 23:50 <DIR> d-------- C:\ie-spyad
2007-06-04 23:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-03 14:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-03 14:40 <DIR> d-------- C:\DOCUME~1\daniel\APPLIC~1\Lavasoft
2007-06-03 13:48 926,241 --a------ C:\WINDOWS\SYSTEM32\model.dat
2007-05-28 19:36 <DIR> d-------- C:\WINDOWS\qqrw
2007-05-28 19:36 <DIR> d-------- C:\Program Files\Common Files\qqrw


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-06 09:41:27 -------- d-----w C:\Program Files\World of Warcraft
2007-06-06 09:32:11 -------- d-----w C:\Program Files\Pcsx2
2007-06-04 23:07:39 -------- d-----w C:\Program Files\AIM95
2007-06-04 22:26:15 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-04 22:26:11 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-04 22:10:43 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 21:30:08 -------- d-----w C:\Program Files\Lavasoft
2007-05-28 11:19:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 21:43:38 -------- d--h--w C:\DOCUME~1\daniel\APPLIC~1\Move Networks
2007-05-15 10:42:47 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-14 08:23:16 -------- d-----w C:\Program Files\WC3Banlist
2007-05-14 08:19:37 -------- d-----w C:\Program Files\DivX
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-17 06:49:54 -------- d-----w C:\Program Files\GALA-NET
2007-04-17 06:38:18 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-07-14 19:31:20 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-17 16:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 07:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=dfrgsrv.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=C:\WINDOWS\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1126907971\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
C:\Program Files\Media Gateway\MediaGateway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sivsfc]
C:\Program Files\Xbel\Odhm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"NProtectService"=2 (0x2)
"navapsvc"=2 (0x2)
"LxrJD31s"=2 (0x2)
"ewido security suite control"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"btwdins"=2 (0x2)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"PROMon.exe"=PROMon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-09 03:37:55 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-06-09 04:05:31 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-07 06:00:00 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-09 05:05:00 C:\WINDOWS\tasks\Uninstall Expiration Reminder.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 01:57:43
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 1:58:24
C:\ComboFix-quarantined-files.txt ... 2007-06-09 01:58
C:\ComboFix2.txt ... 2007-06-07 13:15

--- E O F ---

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:34:12 PM, on 5/29/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\retadpu11.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\PROGRA~1\COMMON~1\qqrw\qqrwm.exe
C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe
C:\Program Files\??stem\l?gonui.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\qqrw\qqrwa.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\Explorer.exe
C:\Documents and Settings\daniel\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {952C4C35-82D6-D25C-DD08-FDADA997209B} - C:\WINDOWS\System32\wao.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [qqrw] C:\PROGRA~1\COMMON~1\qqrw\qqrwm.exe
O4 - HKCU\..\Run: [Ssla] "C:\PROGRA~1\COMMON~1\MCROSO~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Qgmpr] "C:\Program Files\??stem\l?gonui.exe"
O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] dfrgsrv.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

--
End of file - 5157 bytes

Im also haveing this problem when i open my browser it doesnt detect a proxy server so i have to change the connection setting to auto-detect everytime i open a new window. other than that everything is looking alot better and again im sorry for the mistake i did i hope u can forgive me.
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 04:48 AM   #7 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
Hi Mr.Spookie,

Quote:
I did everything up till Active Virus Sheild because i actually have Norton Antivirus 2004 Professional. Sorry for the mishap but i had it off for some reason and i dont remember how long ago i turned it off. I hope this didnt mess anything up and if we have to start all over then im sorry i wasted ur time. I turned it back on and updated it but if u think i should use AVS instead then ill change it.
Naw, no need to uninstall Norton. It is an acceptable AV to have on any system.

No worries, the fact that Norton was turned off doesn’t affect anything. Let’s do an online scan later on to make sure we’re not leaving anything behind, shall we?


Quote:
Im also haveing this problem when i open my browser it doesnt detect a proxy server so i have to change the connection setting to auto-detect everytime i open a new window
Hmm, I’m not familiar with proxy server settings, other than the fact that you could set the configurations in your browser settings. We’ll look into this once we have cleared all the malware, OK?

Let’s do this next.

Please download CCleaner (freeware) and save it to your desktop:
  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the "Windows" tab.
  4. Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  5. Then, click the "Applications" tab:
    • CHECK everything there.
  6. Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  7. Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  8. When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  1. Click on "Kaspersky Online Scanner".
  2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on "Next".
  5. Now click on "Scan Settings".
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  7. Click "OK".
  8. Now under select a target to scan:
    • Select "My Computer".
  9. This program will start and scan your system.
  10. The scan will take a while so be patient and let it run.
  11. Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  12. Save the file to your desktop.
  13. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from the Kaspersky scan.
  2. A new ComboFix log.
  3. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 06-09-2007 at 04:52 AM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 05:08 AM   #8 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
hey sorry again but i made another mistake, i found out y i didnt have norton on. When i try to update it, it comes up with a license error so i decided not to use it anymore. (i hope i dont get in trouble for this) i uninstalled it and now im scanning with the AVS and continueing on with ur last instuctions. This is before i came back to this site and when i came back decideing to edit my last reply i found that u responded already, sorry. so im gonna leave this scan on and go to sleep and post the report u wanted wen i wake up.
Last edited by Mr.Spookie; 06-09-2007 at 05:15 AM.
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 05:28 AM   #9 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
No worries, Mr.Spookie.

You'll find that AVS is a much better product than Norton. If might not have all the bells and whistles, but normal users like you and me don't need the bells and whistles anyway. And, AVS is free.

Catch up with you tomorrow, then.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 04:39 PM   #10 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
here is part of my log please tell me if u need the rest because it is really long:

99% - Scan My Computer
----------------------
Scanned: 318533
Detected: 324
Untreated: 324
Start time: 6/9/2007 3:08:23 AM
Duration: 03:49:26
Finish time: 6/9/2007 6:57:49 AM


Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0026619.exe/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0026620.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0026626.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.PurityScan.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027582.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027664.exe
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027665.dll
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027708.exe/whInstaller.exe
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027708.exe/webhdll.dll
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027708.exe/whiehlpr.dll
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027712.exe
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027716.dll
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027717.dll
detected: Trojan program Trojan-Downloader.Win32.PurityScan.dx File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP272\A0027785.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP273\A0029042.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP273\A0029083.dll/Virtumonde/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP273\A0029084.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP273\A0029187.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Proxy.Win32.Privoxy-based.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031319.exe
detected: adware not-a-virus:AdWare.Win32.BookedSpace.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031650.exe
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.n File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031651.exe/UPX
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.l File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031652.exe/UPX
detected: adware not-a-virus:AdWare.Win32.BookedSpace.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031653.exe
detected: adware not-a-virus:AdWare.Win32.Rond.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031655.dll
detected: adware not-a-virus:AdWare.Win32.Rond.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031656.exe
detected: adware not-a-virus:AdWare.Win32.Rond.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031657.exe
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031658.exe/stream/data0004
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eh File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031659.exe/stream/data0002/data0002/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031659.exe/stream/data0004
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031660.exe/stream/data0002
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031660.exe/stream/data0005
detected: adware not-a-virus:AdWare.Win32.WebHancer.390 File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031660.exe/stream/data0006
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031660.exe/stream/data0008
detected: adware not-a-virus:AdWare.Win32.BookedSpace.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031661.exe
detected: adware not-a-virus:AdWare.Win32.BookedSpace.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031663.dll
detected: adware not-a-virus:AdWare.Win32.BookedSpace.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031664.dll
detected: adware not-a-virus:AdWare.Win32.BookedSpace.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031665.dll
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0031667.dll
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033743.dll
detected: Trojan program Trojan-Downloader.Win32.Small.buy File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033745.exe/stream/data0002/UPX
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033745.exe/stream/data0004
detected: Trojan program Trojan-Proxy.Win32.Dlena.cs File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033747.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033817.dll/Virtumonde/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033818.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP274\A0033830.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0034963.dll
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0034984.dll
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0034985.dll
detected: Trojan program Trojan-Clicker.Win32.Small.mw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0034994.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0034996.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035014.exe/data0002/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035017.exe
detected: adware not-a-virus:AdWare.Win32.PurityScan.fk File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035018.exe/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035019.exe
detected: Trojan program Trojan-Downloader.Win32.VB.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035025.exe/data0005
detected: Trojan program Trojan.VBS.Runner.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035029.vbs
detected: adware not-a-virus:AdWare.Win32.SaveNow.bj File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035030.exe
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035032.exe/data.rar\installfile1.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035049.exe
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035050.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035059.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035061.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035064.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035066.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035126.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035144.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035145.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035146.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035149.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035150.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035152.exe
detected: adware not-a-virus:AdWare.Win32.RK.k File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035154.exe
detected: adware not-a-virus:AdWare.Win32.SaveNow.bj File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035155.exe/data.rar\installfile2.exe
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035155.exe/data.rar\Compinst1.exe
detected: adware not-a-virus:AdWare.Win32.Relevant.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035156.exe/data0002
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035157.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035165.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035166.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035167.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035168.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035169.exe
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035170.dll
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035171.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035173.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035175.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035177.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kb File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035178.dll
detected: Trojan program Trojan.Win32.BHO.bd File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035210.dll/Virtumonde/PE_Patch.UPX/UPX
detected: malware SpamTool.Win32.Agent.am File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035214.dll
detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035216.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kb File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035217.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035219.dll/PE_Patch.PECompact
detected: Trojan program Trojan-Downloader.Win32.Zlob.bqw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035222.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.mu File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035224.exe/PE_Patch/TeLock
detected: Trojan program Trojan-Downloader.Win32.PurityScan.af File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035226.exe/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Dropper.Win32.Agent.bfr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035227.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.brf File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035228.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.BHO.ab File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035229.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.mu File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035230.exe/UPX
detected: Trojan program Trojan-Downloader.Win32.VB.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035231.exe
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035233.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Rootkit.Win32.Agent.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035242.sys
detected: Trojan program Trojan-Spy.Win32.Small.ez File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035243.dll
detected: adware not-a-virus:AdWare.Win32.ShopNav.m File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035244.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.brk File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035245.exe
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035246.exe
detected: Trojan program Trojan-Downloader.Win32.VB.ahq File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035253.EXE
detected: Trojan program Trojan-Downloader.Win32.VB.ahq File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035254.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.bfr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035256.exe/stream/data0002
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035256.exe/stream/data0004
detected: adware not-a-virus:AdWare.Win32.PurityScan.fk File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035261.exe/data0002/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.bu File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035261.exe/data0003
detected: adware not-a-virus:AdWare.Win32.PurityScan.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035262.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035263.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eh File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035265.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.f File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035266.exe/UPX
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.r File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035267.exe/UPX
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035272.exe/stream/data0002/UPX
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035272.exe/stream/data0004
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP277\A0035287.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035295.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035345.exe/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035346.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035351.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.PurityScan.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035352.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035445.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.Rond.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035796.dll
detected: adware not-a-virus:AdWare.Win32.Rond.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035797.exe
detected: adware not-a-virus:AdWare.Win32.Rond.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035798.exe
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035799.exe/stream/data0004
detected: adware not-a-virus:AdWare.Win32.RK.k File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035854.exe
detected: Trojan program Trojan-Downloader.Win32.VB.ahq File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035857.exe
detected: Trojan program Trojan-Downloader.Win32.VB.ahq File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0035858.EXE
detected: adware not-a-virus:AdWare.Win32.PurityScan.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036900.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eh File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036915.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036917.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036919.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.fk File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036920.exe/data0002/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.bu File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036920.exe/data0003
detected: adware not-a-virus:AdWare.Win32.ShopNav.m File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036923.exe
detected: Trojan program Trojan-Spy.Win32.Small.ez File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036924.dll
detected: malware SpamTool.Win32.Agent.am File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036925.dll
detected: Trojan program Trojan-Dropper.Win32.Agent.bfr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036927.exe
detected: Trojan program Trojan.Win32.BHO.ab File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036928.exe
detected: Trojan program Rootkit.Win32.Agent.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036941.sys
detected: adware not-a-virus:AdWare.Win32.Relevant.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036944.exe/data0002
detected: Trojan program Trojan-Downloader.Win32.Zlob.bqw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036946.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.bfr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036947.exe/stream/data0002
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036947.exe/stream/data0004
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kb File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036949.dll
detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036950.dll
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036951.dll
detected: Trojan program Trojan.Win32.BHO.bd File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036952.dll/Virtumonde/PE_Patch.UPX/UPX
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036953.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036954.dll/PE_Patch.PECompact
detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036955.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036956.dll/Virtumonde/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kb File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036957.dll
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036958.dll
detected: Trojan program Rootkit.Win32.Agent.eq File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036966.sys
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036968.dll/PE_Patch.PECompact
detected: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036969.dll
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0036971.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037124.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan.Win32.BHO.bd File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037125.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Clicker.Win32.Small.mw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037137.dll
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037139.exe
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037140.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037141.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037142.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037143.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037144.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037145.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037146.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037147.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037150.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037151.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037152.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037153.exe
detected: adware not-a-virus:AdWare.Win32.SaveNow.bj File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037154.exe/data.rar\installfile2.exe
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037154.exe/data.rar\Compinst1.exe/data.rar\installfile1.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037155.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037156.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037157.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037158.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037159.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037160.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037161.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037162.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037163.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.mu File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037165.exe/PE_Patch/TeLock
detected: virus Packed.Win32.Morphine.a (modification) File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037166.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.brk File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP278\A0037167.exe
detected: Trojan program Trojan-Downloader.Win32.Zlob.jx File: C:\!KillBox\dfrgsrv.exe/PE_Patch/UPack
detected: adware not-a-virus:AdWare.Win32.InstaFinder.a File: C:\!KillBox\InstaFinder_inst245.exe/stream
detected: Trojan program Trojan-Downloader.Win32.Keenval.f File: C:\!KillBox\remove.exe/data0002/data0003
detected: Trojan program Trojan-Downloader.Win32.PurityScan.w File: C:\!KillBox\svchost.exe/UPX
detected: malware Exploit.HTML.Mht (modification) File: C:\Deckard\System Scanner\main.txt
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\Compinst1.exe/data.rar\installfile1.exe
detected: adware not-a-virus:AdWare.Win32.SaveNow.bj File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\installfile2.exe
detected: Trojan program Trojan.VBS.Runner.o File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\Microsoft.vbs
detected: Trojan program Trojan-Downloader.Win32.VB.fn File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\Tam01065.exe/data0005
detected: virus Packed.Win32.Morphine.a (modification) File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\temp.frD5FE
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\TICHD003.exe
detected: adware not-a-virus:AdWare.Win32.PurityScan.fk File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\UE.exe/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\VitunUrpo.exe
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\Deckard\System Scanner\20070605030521\backup\DOCUME~1\daniel\LOCALS~1\Temp\yazzlesnet.exe/data0002/PE_Patch.PECompact/PecBundle/PECompact
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\opfbo.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan.Win32.BHO.bd File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\nkxlkmqh.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Clicker.Win32.Small.mw File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\j1261235.dll
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\vbobkvvj.exe
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\icqfuxgh.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\rfkoedxu.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\qomaqnhm.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\gidthvbn.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\aptpwiya.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\yosiaqcx.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\fvsybulj.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\ppeomfna.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\fuammoyl.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\mmispnlf.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\wslumokx.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\rbccucbj.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\jiisvsca.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\ysuqyreo.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\afyckfli.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\nwqobhyk.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\wwtmolbs.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\skqqujgh.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\klesoybj.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\ricmivfd.exe
detected: Trojan program Trojan.Win32.Agent.anr File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\wiwwuwbg.exe
detected: virus Packed.Win32.Morphine.a (modification) File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\pyldjnap.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.brk File: C:\Documents and Settings\daniel\Desktop\requested-files[2007-06-09_01_40].cab\C:\WINDOWS\SYSTEM32\mwqvaaaa.exe
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.r File: C:\Program Files\Common Files\qqrw\qqrwl.exe/UPX
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.f File: C:\Program Files\Common Files\qqrw\qqrwp.exe/UPX
detected: malware Exploit.HTML.Mht (modification) File: C:\Program Files\HijackThis\hijackthis.log
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\Program Files\HijackThis\backups\backup-20070609-015234-754.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan.Win32.BHO.bd File: C:\Program Files\HijackThis\backups\backup-20070609-015235-799.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\Program Files\Mozilla Firefox\qq.exe/data0002/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.brf File: C:\Program Files\Mozilla Firefox\vv.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.ShopNav.m File: C:\QooBox\Quarantine\C\DOCUME~1\daniel\LOCALS~1\APPLIC~1\Microsoft\Internet Explorer\Filters\IExpl32d.exe.vir
detected: Trojan program Trojan-Spy.Win32.Small.ez File: C:\QooBox\Quarantine\C\DOCUME~1\daniel\LOCALS~1\APPLIC~1\Microsoft\Internet Explorer\Filters\MSIEHelper.dll.vir
detected: malware SpamTool.Win32.Agent.am File: C:\QooBox\Quarantine\C\DOCUME~1\daniel\LOCALS~1\APPLIC~1\Microsoft\Internet Explorer\Filters\prx475b.dll.vir
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eh File: C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1122OinAdmin.exe.vir/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.PurityScan.af File: C:\QooBox\Quarantine\C\Program Files\Common Files\MCROSO~1\msiexec.exe/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.fk File: C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.bu File: C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0003
detected: adware not-a-virus:AdWare.Win32.PurityScan.fn File: C:\QooBox\Quarantine\C\Program Files\STEM~1\l?gonui.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Dropper.Win32.Agent.mu File: C:\QooBox\Quarantine\C\WINDOWS\apnggqu.exe.vir/PE_Patch/TeLock
detected: Trojan program Trojan-Dropper.Win32.Agent.bfr File: C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0002
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0004
detected: Trojan program Trojan-Downloader.Win32.Zlob.bqw File: C:\QooBox\Quarantine\C\WINDOWS\dls0523pmw.exe.vir
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\QooBox\Quarantine\C\WINDOWS\icqfuxgh.exe.vir
detected: adware not-a-virus:AdWare.Win32.Relevant.a File: C:\QooBox\Quarantine\C\WINDOWS\itpb_3.exe.vir/data0002
detected: adware not-a-virus:AdWare.Win32.SaveNow.bj File: C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar\installfile2.exe
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar\Compinst1.exe/data.rar\installfile1.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.bls File: C:\QooBox\Quarantine\C\WINDOWS\retadpu11.exe.vir/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\afyckfli.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aptpwiya.exe.vir
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddayw.dll.vir/PE_Patch.PECompact
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kb File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\diivvrdp.dll.vir
detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dorbwkwt.dll.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fuammoyl.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fvsybulj.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gidthvbn.exe.vir
detected: virus Packed.Win32.Morphine.a (modification) File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hcutsien.dll.vir
detected: Trojan program Trojan.Win32.BHO.bd File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hdvbemmf.dll.vir/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Clicker.Win32.Small.mw File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\j1261235.dll.vir
detected: virus Packed.Win32.Morphine.a (modification) File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jhoxnwua.dll.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jiisvsca.exe.vir
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkklj.dll.vir/PE_Patch.PECompact
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\klesoybj.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mmispnlf.exe.vir
detected: Trojan program Trojan-Downloader.Win32.Agent.brk File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mwqvaaaa.exe.vir
detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nkmjckvj.dll.vir
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nnvlyfxl.dll.vir/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nwqobhyk.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ppeomfna.exe.vir
detected: virus Packed.Win32.Morphine.a (modification) File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pyldjnap.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qomaqnhm.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rbccucbj.exe.vir
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rfkoedxu.dll.vir/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ricmivfd.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\skqqujgh.exe.vir
detected: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tuvwwxw.dll.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vbobkvvj.exe.vir
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kb File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vsulkxdq.dll.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wiwwuwbg.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wslumokx.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wwtmolbs.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yosiaqcx.exe.vir
detected: Trojan program Trojan.Win32.Agent.anr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ysuqyreo.exe.vir
detected: virus Packed.Win32.Morphine.a (modification) File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ytcfurqq.dll.vir
detected: Trojan program Rootkit.Win32.Agent.eq File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\core.sys.vir
detected: Trojan program Rootkit.Win32.Agent.eg File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\hflt_ipf.sys.vir
detected: Trojan program Trojan.Win32.BHO.ab File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T3\dlltk67.exe.vir
detected: Trojan program Trojan-Dropper.Win32.Agent.bfr File: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T4\d5ll.exe.vir
detected: Trojan program Trojan-Downloader.Win32.Zlob.jx File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037525.exe/PE_Patch/UPack
detected: adware not-a-virus:AdWare.Win32.InstaFinder.a File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037526.exe/stream
detected: Trojan program Trojan-Downloader.Win32.Keenval.f File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037527.exe/data0002/data0003
detected: Trojan program Trojan-Downloader.Win32.PurityScan.w File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037528.exe/UPX
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037529.exe/data.rar\installfile1.exe
detected: adware not-a-virus:AdWare.Win32.SaveNow.bj File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037530.exe
detected: Trojan program Trojan.VBS.Runner.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037531.vbs
detected: Trojan program Trojan-Downloader.Win32.VB.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037532.exe/data0005
detected: adware not-a-virus:AdWare.Win32.ZenoSearch.o File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037533.exe
detected: adware not-a-virus:AdWare.Win32.PurityScan.fk File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037534.exe/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.Small.emw File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037535.exe
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037536.exe/data0002/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.r File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037538.exe/UPX
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.f File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037539.exe/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.ak File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037540.dll/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan.Win32.BHO.bd File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037541.dll/Virtumonde/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037542.exe/data0002/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.brf File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037543.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Downloader.Win32.PurityScan.af File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037544.exe/PE_Patch.UPX/UPX
detected: adware not-a-virus:AdWare.Win32.PurityScan.fn File: C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP279\A0037545.exe/PE_Patch.PECompact/PecBundle/PECompact
detected: Trojan program Trojan-Downloader.Win32.TSUpdate.o File: C:\WINDOWS\b103.exe/stream/data0002/UPX
detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\WINDOWS\b103.exe/stream/data0004
detected: Trojan program Trojan-Downloader.Win32.Zlob.jz File: C:\WINDOWS\SYSTEM32\ldBECB.tmp
detected: Trojan program Trojan-Downloader.Win32.VB.fn File: C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.brf File: C:\WINDOWS\SYSTEM32\T6\dlwr.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Dropper.Win32.Agent.mu File: C:\WINDOWS\SYSTEM32\TQ0\dl52.exe/UPX
Last edited by Mr.Spookie; 06-09-2007 at 04:42 PM.
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 10:14 PM   #11 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
Hi Mr.Spookie,

Run Active Virus Shield and let it "Neutralize all" all the malware that it finds.

You don't have to paste the log for me to see once you have done the above.

How are things running now? Any persistent problem or suspicious behaviour on your machine that I should know about?

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-10-2007, 01:35 PM   #12 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
everything seems to be fine, nothing out of the ordinary
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-10-2007, 10:12 PM   #13 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
Hi Mr.Spookie,

I'm glad to hear that things are running better now.

Please let me see one last HijackThis log and one last ComboFix log before I pronounce your system clean of malware.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-11-2007, 10:18 PM   #14 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 9:16:31 PM, on 6/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe

ComboFix:

ComboFix 07-06-3B - Running from: "C:\Documents and Settings\daniel\Desktop\"


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-09 02:54 9,504 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2007-06-09 02:54 3,121,696 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-06-09 02:21 292 --a------ C:\WINDOWS\SYSTEM32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
2007-06-09 02:21 292 --a------ C:\WINDOWS\SYSTEM32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.dat
2007-06-09 02:00 <DIR> d-------- C:\Program Files\CCleaner
2007-06-07 13:15 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\TQ0
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\T6
2007-06-06 02:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\T1QaSQ
2007-06-06 02:29 8,912,896 --a------ C:\DOCUME~1\daniel\ntuser.dat
2007-06-05 00:05 <DIR> d-------- C:\Deckard
2007-06-04 23:51 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-04 23:50 <DIR> d-------- C:\ie-spyad
2007-06-04 23:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-03 14:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-03 14:40 <DIR> d-------- C:\DOCUME~1\daniel\APPLIC~1\Lavasoft
2007-06-03 13:48 926,241 --a------ C:\WINDOWS\SYSTEM32\model.dat
2007-05-28 19:36 <DIR> d-------- C:\WINDOWS\qqrw
2007-05-28 19:36 <DIR> d-------- C:\Program Files\Common Files\qqrw


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-09 09:57:08 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-09 09:57:07 -------- d-----w C:\Program Files\Symantec
2007-06-09 09:51:06 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-09 09:02:56 -------- d-----w C:\Program Files\ewido anti-malware
2007-06-06 09:41:27 -------- d-----w C:\Program Files\World of Warcraft
2007-06-06 09:32:11 -------- d-----w C:\Program Files\Pcsx2
2007-06-04 23:07:39 -------- d-----w C:\Program Files\AIM95
2007-06-04 22:26:11 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-04 22:10:43 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 21:30:08 -------- d-----w C:\Program Files\Lavasoft
2007-05-28 11:19:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 21:43:38 -------- d--h--w C:\DOCUME~1\daniel\APPLIC~1\Move Networks
2007-05-15 10:42:47 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-14 08:23:16 -------- d-----w C:\Program Files\WC3Banlist
2007-05-14 08:19:37 -------- d-----w C:\Program Files\DivX
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-17 06:49:54 -------- d-----w C:\Program Files\GALA-NET
2007-04-17 06:38:18 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-07-14 19:31:20 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 07:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=dfrgsrv.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=C:\WINDOWS\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1126907971\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
C:\Program Files\Media Gateway\MediaGateway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sivsfc]
C:\Program Files\Xbel\Odhm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"NProtectService"=2 (0x2)
"navapsvc"=2 (0x2)
"LxrJD31s"=2 (0x2)
"ewido security suite control"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"btwdins"=2 (0x2)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"PROMon.exe"=PROMon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-12 00:05:14 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-07 06:00:00 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-12 00:05:00 C:\WINDOWS\tasks\Uninstall Expiration Reminder.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 21:14:49
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 21:15:36
C:\ComboFix-quarantined-files.txt ... 2007-06-11 21:15
C:\ComboFix2.txt ... 2007-06-09 01:58
C:\ComboFix3.txt ... 2007-06-07 13:15

--- E O F ---
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-11-2007, 11:17 PM   #15 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
Hi Mr.Spookie,

Just some loose ends to tie up, and then we can let you go home.

To create a new system restore point:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Click "Create A Restore Point" then click "Next". Give it a name and then click "Create".
  • When the confirmation screen shows the restore point has been created click "Close".
  • Then go to Start -> Run and type in (or copy and paste):

    cleanmgr.

  • Click "OK".
  • Disk Cleanup will open and start calculating the amount of space that can be freed.
  • Once that’s finished it will open the Disk Cleanup options screen, click the "More Options" tab.
  • Click "Clean Up" in the "System Restore" section and choose "Yes" at the confirmation window.

This will remove all previous restore points except the newly created one.


NEXT:

Your version of Sun Java is out-of-date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older Java version components and update:
  • CLICK HERE to download the offline installer.
    • Select "Java Runtime Environment (JRE) 6u1" and click the "Download" button to the right.
    • Check the box that says "Accept License Agreement".
    • Click on the link to download "Windows Offline Installation, Multi-language".
    • Save the file to your desktop.
  • Next, uninstall your currently installed version from Add/Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version it leaves the older versions still installed, complete with previous vulnerabilities.
  • Examples of older versions in Add/Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
    • Java(TM) SE Runtime Environment 6
  • Reboot your system.
  • Install the new version by double-clicking on the file you downloaded.


NEXT:

Everything looks great --- your HijackThis log appears to be clean.

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there. Your current versions are out-of-date. I cannot stress enough how important this is.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Test your Firewall and make sure it is working properly.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read Switching from IE to Firefox.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware 2007 Free
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware 2007 and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • AVG Anti-Spyware Free
    This is an excellent FREE scanner to look for trojans and other nasties that might be residing in your system.
    User Manual: How to use!

  • SUPERAntiSpyware
    This is another excellent FREE scanner to look for nasties that might be lurking in your system. SUPERAntiSpyware and AVG Anti-Spyware compliment each other very well.
    Quick Guide: How to use!

  • I suggest you perform an online virus scan once in a while because what one virus scanner can't find, another one maybe can:
    BitDefender Online Scanner
    F-Secure Online Scanner
    Panda ActiveScan
    Dr.Web CureIt <-- This is not really an online scanner, as it is a standalone utility. You need to download a new copy for updated virus definitions, but it can be run in Safe Mode, unlike the online scanners above.

Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck!


Please respond one more time and let me know you received this post, so that it can be marked as resolved, unless you have other problems.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 06-11-2007 at 11:18 PM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-12-2007, 05:10 AM   #16 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: windows xp


Re: popups by outerinfo and system errors
k cool thnks for ur help, i really appreciated it
Mr.Spookie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-12-2007, 05:48 AM   #17 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: popups by outerinfo and system errors
You're most welcome.

~~~
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:11 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85