1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer Ad Pop Ups

Discussion in 'Virus & Other Malware Removal' started by fmcasado, Nov 8, 2007.

Thread Status:
Not open for further replies.
  1. fmcasado

    fmcasado Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    2
    Hi Guys, lately I have experienced many pop ups on Internet Explorer. I believe I downloaded a virus from somewhere. I ran Hijackthis and the log file generated was the one that I am posting here. I really appreciate some help from the pros. Thanks Fmcasado :(

    Check this out:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:54:57 PM, on 11/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TSIRCSRV.EXE
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\TSI32\tsircusr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\CPQHKey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watchtower.org/
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SetKbd] SetKbd.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CPQAPP] CPQHKey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [8468a5c5] rundll32.exe "C:\WINDOWS\system32\ollwhpiq.dll",b
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-606747145-484763869-839522115-1004\..\Run: [RecordNow!] (User '?')
    O4 - HKUS\S-1-5-21-606747145-484763869-839522115-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
    O4 - HKUS\S-1-5-21-606747145-484763869-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
    O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/download/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172650009718
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145290300250
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/4.7.2.1/hbtools.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F61CD2F3-39CA-43E2-95B2-35D3EDA9B2D8}: NameServer = 196.3.81.5,196.3.81.132
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 14391 bytes
     
  2. fmcasado

    fmcasado Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    2
    ComboFix 07-11-08.1 - Finees M. Casado 2007-11-09 9:01:00.1 - NTFSx86

    Running from: C:\Documents and Settings\Finees M. Casado\Desktop\ComboFix.exe
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Program Files\HbTools
    C:\Program Files\HbTools\HbTools.log
    C:\Program Files\Temporary
    C:\svchost.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\temp\tn3
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\a1
    C:\WINDOWS\system32\avksdlhp.dllbox
    C:\WINDOWS\system32\bdeeg.bak1
    C:\WINDOWS\system32\bdeeg.bak2
    C:\WINDOWS\system32\bdeeg.ini
    C:\WINDOWS\system32\bdeeg.ini2
    C:\WINDOWS\system32\bdeeg.tmp
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\g2
    C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\h1
    C:\WINDOWS\system32\ooiyathg.dllbox
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\r2
    C:\WINDOWS\system32\spwousxj.dllbox
    C:\WINDOWS\system32\v8
    C:\WINDOWS\system32\v8\taldrvr11.exe
    C:\z.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NWSAPAGENT
    -------\DomainService
    -------\NwSapAgent


    ((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
    .

    2007-11-09 08:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-09 08:46 77,888 --a------ C:\WINDOWS\system32\spclhgde.dll
    2007-11-09 08:40 88,128 --a------ C:\WINDOWS\system32\wbdrjsoa.dll
    2007-11-09 08:33 145,004 --a------ C:\WINDOWS\system32\gbwgpkgb.dll
    2007-11-08 23:50 80,448 --a------ C:\WINDOWS\system32\loyhmtyx.dll
    2007-11-08 23:44 86,080 --a------ C:\WINDOWS\system32\tvudmhew.dll
    2007-11-08 23:37 145,004 --a------ C:\WINDOWS\system32\yafmsatd.dll
    2007-11-08 21:46 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-08 19:43 80,448 --a------ C:\WINDOWS\system32\lsgkrcfa.dll
    2007-11-08 19:40 144,974 --a------ C:\WINDOWS\system32\metgqgpl.dll
    2007-11-07 00:38 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-07 00:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-07 00:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-07 00:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-07 00:38 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-06 22:48 87,104 --a------ C:\WINDOWS\system32\lqhewufi.dll
    2007-11-06 22:21 87,104 --a------ C:\WINDOWS\system32\lieovjgq.dll
    2007-11-06 21:45 87,104 --a------ C:\WINDOWS\system32\qwxupbjp.dll
    2007-11-06 21:19 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-06 18:41 4,270 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-06 17:41 101,417,964 --a------ C:\SYM_REGISTRY_BACKUP.reg
    2007-11-06 13:36 35,328 --a------ C:\WINDOWS\system32\ddcawtu.dll
    2007-11-06 12:14 <DIR> d-------- C:\Program Files\Alwil Software
    2007-11-05 11:46 83,008 --a------ C:\WINDOWS\system32\ketrtukb.dll
    2007-11-04 20:59 78,912 --a------ C:\WINDOWS\system32\uymwokvn.dll
    2007-11-04 20:53 786 --a------ C:\6926.bat
    2007-11-04 18:28 78,912 --a------ C:\WINDOWS\system32\rxdsctdg.dll
    2007-11-04 18:28 786 --a------ C:\4154.bat
    2007-11-04 17:53 78,912 --a------ C:\WINDOWS\system32\lplvyugl.dll
    2007-11-04 17:27 786 --a------ C:\5924.bat
    2007-11-04 12:05 86,080 --a------ C:\WINDOWS\system32\dqqeyuav.dll
    2007-11-04 12:05 78,912 --a------ C:\WINDOWS\system32\qkhibama.dll
    2007-11-04 12:02 786 --a------ C:\3649.bat
    2007-11-04 11:54 78,912 --a------ C:\WINDOWS\system32\bjbnsddr.dll
    2007-11-04 11:51 786 --a------ C:\8918.bat
    2007-11-04 11:37 78,912 --a------ C:\WINDOWS\system32\efvkdbgj.dll
    2007-11-04 11:31 786 --a------ C:\3791.bat
    2007-11-04 10:43 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-11-04 09:28 78,912 --a------ C:\WINDOWS\system32\kesapewl.dll
    2007-11-04 09:24 786 --a------ C:\3975.bat
    2007-11-04 04:14 78,912 --a------ C:\WINDOWS\system32\tfsaeewp.dll
    2007-11-04 01:59 786 --a------ C:\6999.bat
    2007-11-04 01:37 786 --a------ C:\4815.bat
    2007-11-04 01:17 786 --a------ C:\1876.bat
    2007-11-03 23:30 786 --a------ C:\5123.bat
    2007-11-03 23:10 35,328 --a------ C:\WINDOWS\system32\opnligh.dll
    2007-11-03 23:09 786 --a------ C:\6885.bat
    2007-11-03 22:40 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-11-03 22:27 <DIR> d-------- C:\Program Files\Norton 360
    2007-11-03 22:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-03 22:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-11-03 22:20 786 --a------ C:\8300.bat
    2007-11-03 22:02 786 --a------ C:\8790.bat
    2007-11-03 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
    2007-11-03 20:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-11-03 18:55 786 --a------ C:\7667.bat
    2007-11-03 18:36 <DIR> d-------- C:\76de8f1f8275696cb509a009004dd9
    2007-11-03 16:04 786 --a------ C:\1304.bat
    2007-11-03 13:19 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-03 13:16 35,328 --a------ C:\WINDOWS\system32\gebyvts.dll
    2007-11-03 13:16 82 --a------ C:\n.bat
    2007-11-03 13:16 0 --a------ C:\z.dat
    2007-11-03 13:15 <DIR> d-------- C:\WINDOWS\system32\Mz18r
    2007-11-03 13:15 <DIR> d-------- C:\TEMP\mZOr
    2007-11-03 13:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-03 12:53 <DIR> d-------- C:\Program Files\Native Instruments
    2007-10-31 12:19 <DIR> d-------- C:\Program Files\Adams Business Forms
    2007-10-23 09:34 <DIR> d-------- C:\Program Files\Microsoft USB Flash Drive Manager

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-09 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-09 03:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-11-09 03:46 --------- d-----w C:\Program Files\iTunes
    2007-11-09 03:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-06 23:27 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\LimeWire
    2007-11-05 16:58 --------- d-----w C:\Program Files\SP
    2007-11-05 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-05 16:56 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-11-04 16:10 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\Symantec
    2007-11-04 07:08 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-04 07:08 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-04 07:08 --------- d-----w C:\Program Files\Symantec
    2007-11-04 03:56 --------- d-----w C:\Program Files\InterVideo
    2007-11-04 00:35 --------- d-----w C:\Program Files\LimeWire
    2007-10-21 01:24 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-13 16:03 34,328 ----a-w C:\Documents and Settings\Finees M. Casado\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-12 14:17 --------- d-----w C:\Program Files\Java
    2007-10-08 00:19 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
    2007-10-06 01:11 --------- d-----w C:\Program Files\Yahoo!
    2007-10-06 01:10 --------- d-----w C:\Program Files\XviD
    2007-10-06 01:02 --------- d-----w C:\Program Files\Google
    2007-10-06 01:00 --------- d-----w C:\Program Files\DOCSIS Configurator
    2007-10-06 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
    2007-10-06 00:52 --------- d-----w C:\Program Files\ScanSoft
    2007-10-06 00:41 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\Aim
    2007-10-06 00:08 --------- d-----w C:\Program Files\Intuit
    2007-10-06 00:08 --------- d-----w C:\Program Files\Common Files\Intuit
    2007-10-05 23:52 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\Skype
    2007-10-05 23:44 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
    2007-10-05 23:43 --------- d-----w C:\Program Files\Common Files\muvee Technologies
    2007-10-05 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
    2007-10-05 17:15 --------- d-----w C:\Program Files\Common Files\Scanner
    2007-10-05 16:52 --------- d-----w C:\Program Files\MobiMate
    2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-01-10 16:15 839,686 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2005-09-10 00:55 4,588,454 ----a-w C:\Program Files\setup.exe
    2005-09-10 00:55 37,766,164 -c--a-w C:\Program Files\Data1.cab
    2005-09-10 00:55 35 -c--a-w C:\Program Files\SCSSDist.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2236FBF7-8431-45D9-348D-764DB1FB3655}]
    C:\Program Files\Microsoft Office\lawuge.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
    2007-11-03 13:16 35328 --a------ C:\WINDOWS\system32\gebyvts.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{caaf589c-706e-4cc9-bc0c-b251ea3710c2}]
    2007-11-09 08:47 77888 --a------ C:\WINDOWS\system32\spclhgde.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 14:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 14:08]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "SetKbd"="SetKbd.exe" [2003-01-22 10:20 C:\WINDOWS\SetKbd.exe]
    "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-10-22 23:15]
    "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 15:38]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 01:32]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "nwiz"="nwiz.exe" [2004-03-12 16:57 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-12 16:57]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
    "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-18 12:18]
    "CPQAPP"="CPQHKey.exe" [2003-01-22 16:33 C:\WINDOWS\CPQHKey.exe]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 C:\WINDOWS\system32\bthprops.cpl]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
    "8468a5c5"="C:\WINDOWS\system32\wbdrjsoa.dll" [2007-11-09 08:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RecordNow!"="" []
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\gebyvts.dll [2007-11-03 13:16 35328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avksdlhp]
    avksdlhp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvts]
    gebyvts.dll 2007-11-03 13:16 35328 C:\WINDOWS\system32\gebyvts.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccuWeatherDesktopAlerts]
    C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
    C:\WINDOWS\Fonts\svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]



    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad7f7d8d-80e8-11db-81a5-000398de806d}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caf6c697-7f75-11dc-824e-000398de806d}]
    \Shell\AutoRun\command - F:\UFDLaunch.exe

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-05 17:06:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-09 09:15:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\[email protected]???? ?|?B???????????????B? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-09 9:21:25 - machine was rebooted
    .
    --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649619

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice