Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
foolishly downloaded something in the process of wanting another application and ever since then it's been havoc. at first a few minor popups when running IE...getting noticably slower...task manager not opening...IE showing a different address when opened but homepage was still the same as it's always been. i've ran AVG, Adaware, SpyBot S&D, windows defender...i finally got Norton and it says to have fixed everything but it just got worse. a little triangle on my toolbar talks about "security alert: spyware found" wanting to "click this balloon to remove spyware" ... two security icons on my desktop ... getting a popup about "critical system warning" ..

it's just rediculous now. have completed all the steps beside the online scan..it would take days on dialup.

any help would be appreciated

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2007-11-16 08:26:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2007-11-16 13:27:39 UTC - RP272 - Deckard's System Scanner Restore Point
69: 2007-11-16 12:29:14 UTC - RP271 - Removed MSXML 4.0 SP2 (KB927978)
68: 2007-11-16 12:27:49 UTC - RP270 - Removed MSXML 4.0 SP2 (KB936181)
67: 2007-11-16 12:21:58 UTC - RP269 - Configured PC-Doctor 5 for Windows
66: 2007-11-16 10:40:16 UTC - RP268 - System Checkpoint


-- First Restore Point --
1: 2007-11-04 02:11:21 UTC - RP203 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 384 MiB (512 MiB recommended).
System Drive C: has 8.38 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-16 08:33:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=US&language=en&PURCH_DT_MONTH=12&PURCH_DT_DAY=14&PURCH_DT_YEAR=2005&PROD_SERIAL_ID=CNH53937WT&application=305&modelID=ED898AA&LF=blue
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C73C224-B0E9-4CAC-9E94-DD99526306D3} - (no file)
O2 - BHO: (no name) - {200B3A0C-C092-4F77-82E3-97CACEFD734B} - (no file)
O2 - BHO: (no name) - {28291589-1F68-43B0-88BE-8B662A3721ED} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\absrsvum.dll
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\qomjgeb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O2 - BHO: {3f0bb8c2-667f-7728-caa4-ead131cd450c} - {c054dc13-1dae-4aac-8277-f7662c8bb0f3} - C:\WINDOWS\system32\xstqisak.dll
O2 - BHO: (no name) - {CBB52840-746A-4C18-A916-21C5109B4727} - C:\WINDOWS\system32\ddayx.dll
O2 - BHO: (no name) - {E39BCA64-F759-40DC-A5DD-99C555ACB4DF} - (no file)
O2 - BHO: (no name) - {F17FF312-664B-4291-9F0C-FAFC4309F344} - (no file)
O2 - BHO: (no name) - {f6fa70ff-0661-43e9-811a-27e93656783c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\absrsvum.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [10bc8001] rundll32.exe "C:\WINDOWS\system32\lysgjbpj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.flexartist.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5156/mcfscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: absrsvum - C:\WINDOWS\system32\absrsvum.dll
O20 - Winlogon Notify: qomjgeb - C:\WINDOWS\system32\qomjgeb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tpwpnbpj.exe /service
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


--
End of file - 13745 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe %1
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R4 AVG Anti-Spyware Driver - c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (file missing)
R4 AvgAsCln (AVG Anti-Spyware Clean Driver) - c:\windows\system32\drivers\avgascln.sys (file missing)

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 mam4410c - c:\windows\system32\drivers\mam4410c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410m - c:\windows\system32\drivers\mam4410m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410u - c:\windows\system32\drivers\mam4410u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 XIRLINK (Veo Mobile/Advanced Web Camera) - c:\windows\system32\drivers\ucdnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S2 DomainService - c:\windows\system32\tpwpnbpj.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys NC100 Fast Ethernet Adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\3&61AAA01&0&40
Manufacturer: Linksys
Name: Linksys NC100 Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\3&61AAA01&0&40
Service: AN983

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\69236C11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\69236C11D800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-11-16 07:41:24 418 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-11-13 21:42:18 470 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2007-10-16 and 2007-11-16 -----------------------------

2007-11-16 08:00:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 08:00:25 0 d-------- C:\WINDOWS\LastGood
2007-11-16 07:40:23 0 d-------- C:\WINDOWS\pss
2007-11-15 04:52:50 85056 --a------ C:\WINDOWS\system32\lysgjbpj.dll
2007-11-15 04:49:52 79936 --a------ C:\WINDOWS\system32\xstqisak.dll
2007-11-15 04:44:52 71232 --a------ C:\WINDOWS\system32\ylebbjct.exe <Not Verified; ; DDC>
2007-11-14 15:04:50 79424 --a------ C:\WINDOWS\system32\uejfpkla.dll
2007-11-14 15:01:57 85056 -----n--- C:\WINDOWS\system32\xqulwreg.dll
2007-11-14 14:53:28 71232 --a------ C:\WINDOWS\system32\eoasuhmf.exe <Not Verified; ; DDC>
2007-11-13 21:37:09 32 --ahs---- C:\WINDOWS\system32\{51013A85-FD59-4261-B24C-284B43C8C9E0}.dat
2007-11-13 21:37:09 32 --ahs---- C:\WINDOWS\{79268332-8605-453C-9D08-83009BA3E21D}.dat
2007-11-13 21:36:33 14 --a------ C:\WINDOWS\system32\SR2.dat
2007-11-13 21:32:44 0 d-------- C:\Program Files\Symantec
2007-11-13 21:32:17 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-12 21:46:44 81472 --a------ C:\WINDOWS\system32\spcbpmqs.dll
2007-11-12 21:39:11 71232 --a------ C:\WINDOWS\system32\baslaely.exe <Not Verified; ; DDC>
2007-11-12 21:23:43 144480 --a------ C:\WINDOWS\system32\absrsvum.dll
2007-11-12 21:23:21 144480 --a------ C:\WINDOWS\system32\ijlydkhd.dll
2007-11-12 21:20:21 81472 --a------ C:\WINDOWS\system32\ihijqmna.dll
2007-11-12 21:17:22 89664 --a------ C:\WINDOWS\system32\aqlojhle.dll
2007-11-12 21:15:09 71232 --a------ C:\WINDOWS\system32\nlrikscv.exe <Not Verified; ; DDC>
2007-11-11 22:27:44 71232 --a------ C:\WINDOWS\system32\kobvmecf.exe <Not Verified; ; DDC>
2007-11-10 22:30:42 81472 --a------ C:\WINDOWS\system32\xjteyvcw.dll
2007-11-10 22:26:07 71232 --a------ C:\WINDOWS\system32\allmogqk.exe <Not Verified; ; DDC>
2007-11-10 15:41:06 81472 --a------ C:\WINDOWS\system32\ktvpuvjg.dll
2007-11-10 15:38:42 71232 --a------ C:\WINDOWS\system32\alwkbgcr.exe <Not Verified; ; DDC>
2007-11-10 13:50:53 85056 --a------ C:\WINDOWS\system32\nifxstbw.dll
2007-11-10 13:41:55 81472 --a------ C:\WINDOWS\system32\kfrglxds.dll
2007-11-10 13:36:49 71232 --a------ C:\WINDOWS\system32\yxurqoyc.exe
2007-11-09 23:52:04 88128 --a------ C:\WINDOWS\system32\hhohfayj.dll
2007-11-09 23:49:04 77888 --a------ C:\WINDOWS\system32\wkodopbh.dll
2007-11-09 23:46:55 71232 --a------ C:\WINDOWS\system32\myqsnmly.exe
2007-11-09 21:50:06 77888 --a------ C:\WINDOWS\system32\kqrlsmoq.dll
2007-11-09 21:41:06 71232 --a------ C:\WINDOWS\system32\ttproeuw.exe
2007-11-09 06:41:57 318560 --a------ C:\WINDOWS\system32\awvvu.dll
2007-11-09 01:56:20 77888 --a------ C:\WINDOWS\system32\ndxtwclu.dll
2007-11-08 13:47:18 80448 --a------ C:\WINDOWS\system32\cqsgofwl.dll
2007-11-08 13:40:01 71232 --a------ C:\WINDOWS\system32\pajxmchp.exe
2007-11-08 11:06:33 80448 --a------ C:\WINDOWS\system32\rcsvhtxq.dll
2007-11-08 11:02:24 71232 --a------ C:\WINDOWS\system32\mlimcxcx.exe
2007-11-08 10:49:38 71232 --a------ C:\WINDOWS\system32\njasvgge.exe
2007-11-07 23:38:17 0 d-------- C:\Program Files\Best_Security_Tips
2007-11-07 23:37:50 0 d-------- C:\Program Files\Morpheus Turbo Accelerator
2007-11-07 23:20:36 71232 --a------ C:\WINDOWS\system32\vsmgyrsx.exe
2007-11-07 22:51:01 0 d-------- C:\Program Files\MorpheusBar
2007-11-07 21:54:59 71232 --a------ C:\WINDOWS\system32\txeiqlak.exe
2007-11-07 14:03:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-07 13:59:15 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-07 09:44:01 71232 --a------ C:\WINDOWS\system32\hrexhcth.exe <Not Verified; ; DDC>
2007-11-07 09:35:50 71232 --a------ C:\WINDOWS\system32\nskdkmje.exe <Not Verified; ; DDC>
2007-11-06 18:48:30 87104 -----n--- C:\WINDOWS\system32\dnliebcg.dll
2007-11-06 18:42:30 71232 --a------ C:\WINDOWS\system32\gmyxofiv.exe <Not Verified; ; DDC>
2007-11-06 12:50:04 496680 ---hs---- C:\WINDOWS\system32\xyadd.ini2
2007-11-05 19:23:41 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2007-11-05 19:21:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 19:06:10 0 d-------- C:\WINDOWS\McAfee.com
2007-11-05 18:50:19 269 --a------ C:\Documents and Settings\HP_Owner\5758.bat
2007-11-05 18:49:52 83008 --a------ C:\WINDOWS\system32\uttaabla.dll
2007-11-05 18:45:28 85568 --a------ C:\WINDOWS\system32\njngadka.dll
2007-11-05 18:40:06 269 --a------ C:\Documents and Settings\HP_Owner\1997.bat
2007-11-05 18:39:47 36864 --a------ C:\Documents and Settings\HP_Owner\winlogo.exe <Not Verified; w00t; popopop676767popopopo>
2007-11-04 20:19:58 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-04 19:20:26 269 --a------ C:\WINDOWS\system32\4434.bat
2007-11-04 18:22:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 18:18:06 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\True Sword
2007-11-04 18:17:21 0 d-------- C:\Program Files\True Sword 4
2007-11-04 16:36:11 78912 --a------ C:\WINDOWS\system32\osurftrk.dll
2007-11-04 16:31:31 269 --a------ C:\WINDOWS\system32\7234.bat
2007-11-04 16:31:09 269 --a------ C:\Documents and Settings\HP_Owner\2659.bat
2007-11-03 21:41:05 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Morpheus
2007-11-03 21:28:03 0 d-------- C:\Program Files\SoftwareRevenue.org
2007-11-03 21:12:59 269 --a------ C:\WINDOWS\system32\8302.bat
2007-11-03 21:11:51 457028 ---hs---- C:\WINDOWS\system32\xyadd.bak2
2007-11-03 21:08:52 0 d-------- C:\Program Files\ValuSoft
2007-11-03 18:39:28 452691 ---hs---- C:\WINDOWS\system32\xyadd.bak1
2007-11-03 18:38:21 8126464 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2007-11-03 18:36:27 319584 --a------ C:\WINDOWS\system32\ddayx.dll
2007-11-03 18:31:58 84 --a------ C:\n.bat
2007-11-03 18:31:49 269 --a------ C:\WINDOWS\system32\5598.bat
2007-11-03 18:31:48 0 --a------ C:\z.dat
2007-11-03 18:31:41 133120 --a------ C:\z.exe
2007-11-03 18:31:19 35328 --a------ C:\WINDOWS\system32\qomjgeb.dll
2007-11-03 18:31:08 0 d-------- C:\WINDOWS\system32\oTt04e
2007-11-03 18:31:08 0 d-------- C:\Temp
2007-11-03 18:31:03 36864 --a------ C:\WINDOWS\system32\winlogo.exe <Not Verified; w00t; popopop676767popopopo>
2007-11-03 18:30:57 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-11-02 15:24:39 0 d-------- C:\SystemRoot
2007-10-23 20:37:32 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\MGI


-- Find3M Report ---------------------------------------------------------------

2007-11-16 07:26:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-15 04:45:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-10 23:07:26 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Aim
2007-11-10 17:37:18 0 d-------- C:\Program Files\Semagic
2007-11-07 23:48:02 0 d-------- C:\Program Files\Morpheus
2007-11-04 20:19:58 0 d-------- C:\Program Files\Common Files
2007-11-04 20:19:45 0 d-------- C:\Program Files\Yahoo!
2007-10-09 19:17:40 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-08-18 10:53:15 43179 --a------ C:\Documents and Settings\HP_Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2007-08-18 10:45:37 2876 --a------ C:\Documents and Settings\HP_Owner\Application Data\PatchUpdate_InstantShareJPG.log
2007-08-18 10:44:48 3681 --a------ C:\Documents and Settings\HP_Owner\Application Data\PatchUpdate_IZClosingDiscError.log


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C73C224-B0E9-4CAC-9E94-DD99526306D3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200B3A0C-C092-4F77-82E3-97CACEFD734B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28291589-1F68-43B0-88BE-8B662A3721ED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
11/12/2007 09:23 PM 144480 --a------ C:\WINDOWS\system32\absrsvum.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
11/03/2007 06:31 PM 35328 --a------ C:\WINDOWS\system32\qomjgeb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c054dc13-1dae-4aac-8277-f7662c8bb0f3}]
11/15/2007 04:49 AM 79936 --a------ C:\WINDOWS\system32\xstqisak.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBB52840-746A-4C18-A916-21C5109B4727}]
11/03/2007 06:36 PM 319584 --a------ C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E39BCA64-F759-40DC-A5DD-99C555ACB4DF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F17FF312-664B-4291-9F0C-FAFC4309F344}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6fa70ff-0661-43e9-811a-27e93656783c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\absrsvum.dll [11/12/2007 09:23 PM 144480]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [05/26/2005 01:01 PM C:\WINDOWS\system32\SiSPower.dll]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 01:35 AM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 12:34 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 08:12 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/10/2005 08:05 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 07:58 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/10/2006 12:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [10/08/2004 10:52 AM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [10/08/2004 11:31 AM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [10/08/2004 11:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 07:15 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/14/2002 07:29 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [11/14/2002 07:29 PM]
"10bc8001"="C:\WINDOWS\system32\lysgjbpj.dll" [11/15/2007 04:52 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [03/05/2005 11:19 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\qomjgeb.dll [11/03/2007 06:31 PM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\absrsvum]
absrsvum.dll 11/12/2007 09:23 PM 144480 C:\WINDOWS\system32\absrsvum.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjgeb]
qomjgeb.dll 11/03/2007 06:31 PM 35328 C:\WINDOWS\system32\qomjgeb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayx.dll




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7357 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-16 08:36:38 ------------
 

Attachments

·
Registered
Joined
·
3,025 Posts
Hi and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download combofix from here

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply

--------------------------------------------------------------

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

--------------------------------------------------------------

Run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Please reply back with the following logs:

C:\ComboFix.txt
Main.txt
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top