Tech Support Forum banner
Cancel

Incredible amounts of system and internet pop-ups

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
S

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I've been getting an enormous amount of pop-ups from the following:
www.savetheinformation.com - spyware warnings
"your computer is infected with adware or spyware"
Security alert" Spyware found - infected with PSW.X-Vir trojan
Security alert - a black door trojan has been found etc. etc.
System Alert: [email protected]
Warning - [email protected] is a virus adds values to register keys...

I've also attached the Panda Activescan file to look at as well. Please let me know what I'll need to kill this crap, I've got SpyBot, Trend Micro-PCillin, BPS Spyware on my system, but to no avail.

Thanks for the help, these pop-ups are driving me nuts...

The Hijack this log is:
Deckard's System Scanner v20071014.68
Run by Chris Wilson on 2007-11-30 17:04:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chris Wilson.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:50 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\mrofinu572.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mail Connector\PwpUpdtr.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\MCROSO~1\csrss.exe
C:\Program Files\BPS Remover\BPSRem.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Chris Wilson\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris Wilson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vsh8/en-u...fid=332-05&installtype=force&systempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\byxwurr.dll
O2 - BHO: (no name) - {4F1B4E56-A6F2-41C4-8444-BA037E543805} - C:\WINDOWS\system32\pmnli.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6FB0A6C7-4253-4C78-B523-FFDEB937DBB6} - C:\Program Files\Movie Maker\hokepote83122.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8803D7D6-6516-4DBD-B3F8-FB3E046438C8} - C:\Program Files\Movie Maker\hokepote4444.dll
O2 - BHO: (no name) - {8a26ebc9-be90-47f0-81b4-14ed7fdc9123} - C:\WINDOWS\system32\lnelvew.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91F4A041-148C-3F0E-DE2F-38E671810B97} - C:\WINDOWS\system32\ukg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qwbogflc.dll
O2 - BHO: {8d321320-8ddd-db09-0344-b6e0492594aa} - {aa495294-0e6b-4430-90bd-ddd8023123d8} - C:\WINDOWS\system32\voeldbow.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qwbogflc.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [\\WMCOFFICE\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\WMCOFFICE\EPSON Stylus Photo R300 Series" /O13 "LPT2:LK95B1A2" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on DESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P46 "Auto EPSON Stylus Photo R300 Series on DESKTOP" /O18 "\\DESKTOP\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on WMCSERVER] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P48 "Auto EPSON Stylus Photo R300 Series on WMCSERVER" /O20 "\\WMCSERVER\EPSONSty" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [b09cdd6c] rundll32.exe "C:\WINDOWS\system32\lyfiyexl.dll",b
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TeamOnPwpUpdater-RMPwpCli] "C:\Program Files\Mail Connector\PwpUpdtr.exe" RMPwpCli
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\MCROSO~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [BPS Remover] C:\Program Files\BPS Remover\SpyRem.exe
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to AD Black List - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\PROGRA~1\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\PROGRA~1\AVANTB~1\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byxwurr - C:\WINDOWS\SYSTEM32\byxwurr.dll
O20 - Winlogon Notify: qwbogflc - C:\WINDOWS\SYSTEM32\qwbogflc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GoToMyPC - Expertcity - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Chris/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 14792 bytes

-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-30 16:52:51 0 d-------- C:\Program Files\SpywareBlaster
2007-11-30 15:51:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-30 15:25:50 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-30 15:25:50 10752 --a------ C:\WINDOWS\system32\md5.dll <Not Verified; ; MD5 Maker>
2007-11-30 15:25:49 0 d-------- C:\Program Files\BPS Remover
2007-11-30 15:06:33 0 d-------- C:\Documents and Settings\Chris Wilson\Application Data\Talkback
2007-11-30 12:33:13 41724 ---hs---- C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2007-11-29 23:07:00 77888 --a------ C:\WINDOWS\system32\voeldbow.dll
2007-11-29 23:04:20 85056 --a------ C:\WINDOWS\system32\lyfiyexl.dll
2007-11-29 23:04:19 145984 --a------ C:\WINDOWS\system32\qwbogflc.dll
2007-11-29 23:03:58 145984 --a------ C:\WINDOWS\system32\qeatdjej.dll
2007-11-29 23:03:55 71232 --a------ C:\WINDOWS\system32\bjffhxuq.exe <Not Verified; ; DDC>
2007-11-29 10:42:46 0 d-------- C:\Documents and Settings\Chris Wilson\Application Data\GlobalSCAPE
2007-11-29 10:42:44 0 d-------- C:\Program Files\GlobalSCAPE
2007-11-29 10:42:43 0 d-------- C:\Program Files\Mail Connector
2007-11-29 10:42:43 0 d-------- C:\Program Files\EnglishOtto
2007-11-29 10:42:42 0 d-------- C:\WINDOWS\system32\M?crosoft
2007-11-29 10:42:42 0 d-------- C:\Program Files\Outerinfo
2007-11-29 10:42:42 0 d-------- C:\Documents and Settings\Chris Wilson\Application Data\ultra
2007-11-29 10:42:40 0 d-------- C:\Program Files\Viewpoint
2007-11-29 10:42:38 0 d-------- C:\Program Files\WebCyberCoach
2007-11-28 16:50:16 35840 -ra------ C:\WINDOWS\mrofinu572.exe
2007-11-28 10:26:01 0 d--hs---- C:\WINDOWS\CSC
2007-11-27 17:27:34 3932160 --a------ C:\Documents and Settings\Chris Wilson\ntuser.dat
2007-11-27 17:27:13 2 --a------ C:\WINDOWS\system32\wtsisu.exe
2007-11-27 17:27:06 0 d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-11-27 17:26:59 60928 --a------ C:\WINDOWS\system32\ukg.dll
2007-11-27 17:26:35 482181 --ahs---- C:\WINDOWS\system32\ilnmp.ini2
2007-11-27 17:26:13 333408 --a------ C:\WINDOWS\system32\pmnli.dll
2007-11-27 17:26:12 35840 --a------ C:\WINDOWS\17PHolmes572.exe
2007-11-27 17:26:07 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2007-11-27 17:25:47 38912 --a------ C:\WINDOWS\system32\awtttur.dll
2007-11-27 17:22:07 38912 --a------ C:\WINDOWS\system32\fccccda.dll
2007-11-27 17:22:03 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-11-27 17:21:22 171520 --a------ C:\WINDOWS\system32\lnelvew.dll
2007-11-27 17:21:18 0 d-------- C:\WINDOWS\system32\m8
2007-11-27 17:21:18 0 d-------- C:\WINDOWS\system32\j2
2007-11-27 17:21:18 0 d-------- C:\WINDOWS\system32\d1
2007-11-27 17:21:18 0 d-------- C:\WINDOWS\system32\c1
2007-11-27 17:21:07 38912 --a------ C:\WINDOWS\system32\byxwurr.dll
2007-11-27 17:21:06 0 d-------- C:\Temp
2007-11-19 16:53:48 145920 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2007-11-15 13:41:16 0 d-------- C:\Documents and Settings\Chris Wilson\Application Data\InstallShield
2007-11-01 06:24:00 229376 --a------ C:\WINDOWS\b128.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-30 17:04:34 0 d-------- C:\Program Files\Trend Micro
2007-11-30 17:01:25 0 d-------- C:\Program Files\Plaxo
2007-11-30 16:03:15 0 d-------- C:\Program Files\iTunes
2007-11-30 16:02:50 0 d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-11-30 15:06:07 0 d-------- C:\Documents and Settings\Chris Wilson\Application Data\Mozilla
2007-11-30 12:46:49 0 d-------- C:\Program Files\Apple Software Update
2007-11-30 12:33:13 0 d-------- C:\Program Files\Common Files
2007-11-30 06:46:34 6320 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-30 06:46:33 88 -r-hs---- C:\WINDOWS\system32\61859B33D4.sys
2007-11-30 06:44:11 0 d-------- C:\Program Files\ESPOnline
2007-11-29 12:10:34 0 d-------- C:\Program Files\Movie Maker
2007-11-29 10:42:44 0 d-------- C:\Program Files\GemMaster
2007-11-29 10:42:43 0 d-------- C:\Program Files\NetWaiting
2007-11-28 10:31:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-31 15:20:49 0 d-------- C:\Program Files\SecondLife
2007-10-29 15:21:52 145920 ---hs---- C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
2007-10-10 08:53:54 184320 --a------ C:\WINDOWS\b111.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
11/27/2007 05:21 PM 38912 --a------ C:\WINDOWS\system32\byxwurr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F1B4E56-A6F2-41C4-8444-BA037E543805}]
11/27/2007 05:26 PM 333408 --a------ C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FB0A6C7-4253-4C78-B523-FFDEB937DBB6}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Movie Maker\hokepote83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8803D7D6-6516-4DBD-B3F8-FB3E046438C8}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Movie Maker\hokepote4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a26ebc9-be90-47f0-81b4-14ed7fdc9123}]
11/27/2007 05:21 PM 171520 --a------ C:\WINDOWS\system32\lnelvew.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91F4A041-148C-3F0E-DE2F-38E671810B97}]
11/01/2007 08:44 AM 60928 --a------ C:\WINDOWS\system32\ukg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
11/29/2007 11:04 PM 145984 --a------ C:\WINDOWS\system32\qwbogflc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa495294-0e6b-4430-90bd-ddd8023123d8}]
11/29/2007 11:07 PM 77888 --a------ C:\WINDOWS\system32\voeldbow.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\qwbogflc.dll [11/29/2007 11:04 PM 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/23/2005 12:20 AM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 08:56 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 10:05 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 04:12 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [03/25/2006 09:14 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 08:20 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 05:47 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 06:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/25/2006 09:21 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 08:20 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [02/21/2003 01:33 AM]
"\\WMCOFFICE\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"GoToMyPC"="C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" [10/29/2003 04:50 PM]
"Auto EPSON Stylus Photo R300 Series on DESKTOP"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"@"="" []
"Auto EPSON Stylus Photo R300 Series on WMCSERVER"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"runner1"="C:\WINDOWS\mrofinu572.exe" [11/28/2007 04:50 PM]
"b09cdd6c"="C:\WINDOWS\system32\lyfiyexl.dll" [11/29/2007 11:04 PM]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 06:39 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"TeamOnPwpUpdater-RMPwpCli"="C:\Program Files\Mail Connector\PwpUpdtr.exe" [07/14/2006 01:26 PM]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [11/16/2006 12:42 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/28/2007 05:37 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Uaol"="C:\WINDOWS\system32\MCROSO~1\csrss.exe" [11/27/2007 05:26 PM]
"BPS Remover"="C:\Program Files\BPS Remover\SpyRem.exe" []
"BPS Spyware Remover"="C:\Program Files\BPS Remover\BPSRem.exe" [11/20/2007 10:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [3/25/2006 9:14:45 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [1/18/2007 4:18:02 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/25/2006 9:12:55 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [7/18/2005 3:17:57 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\byxwurr.dll [11/27/2007 05:21 PM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwurr]
byxwurr.dll 11/27/2007 05:21 PM 38912 C:\WINDOWS\system32\byxwurr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qwbogflc]
qwbogflc.dll 11/29/2007 11:04 PM 145984 C:\WINDOWS\system32\qwbogflc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2c9cd72-83a0-11db-9788-00038a000015}]
AutoRun\command- F:\system\viewer\Viewer.exe
View your videos\command- F:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f323cf8a-bebe-11da-9765-00038a000015}]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-30 17:05:19 ------------
 

Attachments

S

· Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
Guys, I really need some help here! My computer is constantly getting these pop-ups, and I'm a sole proprietor of a business which is losing money because I have to field these stupid things. now, I can't use micro-pccillin, nor can I upgrade it. I've found 4 trojans, and I still get pops.

Please let me know how to handle ASAP.

Thanks,
 
T

· Registered
Joined
·
5,277 Posts
#3 ·
Hello Splitter923 and welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

==============================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean the infection is gone.

===============================

Download ComboFix from Here or here

**Save it to your desktop**Do not run just yet,we will shortly

=================================

Print or copy/paste these instructions to notepad then Disconnect from the internet

================================



Go to
→ Run → paste in the single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==================================

You forgot to post the extra.txt from Deckard System Scanner(DSS)this log can be found at:

C:\Deckard\System Scanner\extra.txt

==================================

Reconnect to the internet and post the required logs

==================================
Logs Required
C:\Combofix.txt
Hijackthis log
C:\Deckard\System Scanner\extra.txt<-----Attached
 
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
TheBruce1
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top