Internet Explorer Ad Pop Ups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

fmcasado

Thread Starter
Joined
Nov 8, 2007
Messages
2
Hi Guys, lately I have experienced many pop ups on Internet Explorer. I believe I downloaded a virus from somewhere. I ran Hijackthis and the log file generated was the one that I am posting here. I really appreciate some help from the pros. Thanks Fmcasado :(

Check this out:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:57 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CPQHKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watchtower.org/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetKbd] SetKbd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CPQAPP] CPQHKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [8468a5c5] rundll32.exe "C:\WINDOWS\system32\ollwhpiq.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-606747145-484763869-839522115-1004\..\Run: [RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-606747145-484763869-839522115-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-606747145-484763869-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/download/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172650009718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145290300250
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/4.7.2.1/hbtools.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F61CD2F3-39CA-43E2-95B2-35D3EDA9B2D8}: NameServer = 196.3.81.5,196.3.81.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14391 bytes
 

fmcasado

Thread Starter
Joined
Nov 8, 2007
Messages
2
ComboFix 07-11-08.1 - Finees M. Casado 2007-11-09 9:01:00.1 - NTFSx86

Running from: C:\Documents and Settings\Finees M. Casado\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Program Files\HbTools
C:\Program Files\HbTools\HbTools.log
C:\Program Files\Temporary
C:\svchost.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\avksdlhp.dllbox
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bdeeg.tmp
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\h1
C:\WINDOWS\system32\ooiyathg.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\spwousxj.dllbox
C:\WINDOWS\system32\v8
C:\WINDOWS\system32\v8\taldrvr11.exe
C:\z.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWSAPAGENT
-------\DomainService
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-09 08:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 08:46 77,888 --a------ C:\WINDOWS\system32\spclhgde.dll
2007-11-09 08:40 88,128 --a------ C:\WINDOWS\system32\wbdrjsoa.dll
2007-11-09 08:33 145,004 --a------ C:\WINDOWS\system32\gbwgpkgb.dll
2007-11-08 23:50 80,448 --a------ C:\WINDOWS\system32\loyhmtyx.dll
2007-11-08 23:44 86,080 --a------ C:\WINDOWS\system32\tvudmhew.dll
2007-11-08 23:37 145,004 --a------ C:\WINDOWS\system32\yafmsatd.dll
2007-11-08 21:46 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-08 19:43 80,448 --a------ C:\WINDOWS\system32\lsgkrcfa.dll
2007-11-08 19:40 144,974 --a------ C:\WINDOWS\system32\metgqgpl.dll
2007-11-07 00:38 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 00:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 00:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 00:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 00:38 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-06 22:48 87,104 --a------ C:\WINDOWS\system32\lqhewufi.dll
2007-11-06 22:21 87,104 --a------ C:\WINDOWS\system32\lieovjgq.dll
2007-11-06 21:45 87,104 --a------ C:\WINDOWS\system32\qwxupbjp.dll
2007-11-06 21:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-06 18:41 4,270 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-06 17:41 101,417,964 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-11-06 13:36 35,328 --a------ C:\WINDOWS\system32\ddcawtu.dll
2007-11-06 12:14 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-05 11:46 83,008 --a------ C:\WINDOWS\system32\ketrtukb.dll
2007-11-04 20:59 78,912 --a------ C:\WINDOWS\system32\uymwokvn.dll
2007-11-04 20:53 786 --a------ C:\6926.bat
2007-11-04 18:28 78,912 --a------ C:\WINDOWS\system32\rxdsctdg.dll
2007-11-04 18:28 786 --a------ C:\4154.bat
2007-11-04 17:53 78,912 --a------ C:\WINDOWS\system32\lplvyugl.dll
2007-11-04 17:27 786 --a------ C:\5924.bat
2007-11-04 12:05 86,080 --a------ C:\WINDOWS\system32\dqqeyuav.dll
2007-11-04 12:05 78,912 --a------ C:\WINDOWS\system32\qkhibama.dll
2007-11-04 12:02 786 --a------ C:\3649.bat
2007-11-04 11:54 78,912 --a------ C:\WINDOWS\system32\bjbnsddr.dll
2007-11-04 11:51 786 --a------ C:\8918.bat
2007-11-04 11:37 78,912 --a------ C:\WINDOWS\system32\efvkdbgj.dll
2007-11-04 11:31 786 --a------ C:\3791.bat
2007-11-04 10:43 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-04 09:28 78,912 --a------ C:\WINDOWS\system32\kesapewl.dll
2007-11-04 09:24 786 --a------ C:\3975.bat
2007-11-04 04:14 78,912 --a------ C:\WINDOWS\system32\tfsaeewp.dll
2007-11-04 01:59 786 --a------ C:\6999.bat
2007-11-04 01:37 786 --a------ C:\4815.bat
2007-11-04 01:17 786 --a------ C:\1876.bat
2007-11-03 23:30 786 --a------ C:\5123.bat
2007-11-03 23:10 35,328 --a------ C:\WINDOWS\system32\opnligh.dll
2007-11-03 23:09 786 --a------ C:\6885.bat
2007-11-03 22:40 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-11-03 22:27 <DIR> d-------- C:\Program Files\Norton 360
2007-11-03 22:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-03 22:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-03 22:20 786 --a------ C:\8300.bat
2007-11-03 22:02 786 --a------ C:\8790.bat
2007-11-03 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-11-03 20:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-03 18:55 786 --a------ C:\7667.bat
2007-11-03 18:36 <DIR> d-------- C:\76de8f1f8275696cb509a009004dd9
2007-11-03 16:04 786 --a------ C:\1304.bat
2007-11-03 13:19 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 13:16 35,328 --a------ C:\WINDOWS\system32\gebyvts.dll
2007-11-03 13:16 82 --a------ C:\n.bat
2007-11-03 13:16 0 --a------ C:\z.dat
2007-11-03 13:15 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-03 13:15 <DIR> d-------- C:\TEMP\mZOr
2007-11-03 13:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 12:53 <DIR> d-------- C:\Program Files\Native Instruments
2007-10-31 12:19 <DIR> d-------- C:\Program Files\Adams Business Forms
2007-10-23 09:34 <DIR> d-------- C:\Program Files\Microsoft USB Flash Drive Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-09 03:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-09 03:46 --------- d-----w C:\Program Files\iTunes
2007-11-09 03:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 23:27 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\LimeWire
2007-11-05 16:58 --------- d-----w C:\Program Files\SP
2007-11-05 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 16:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-04 16:10 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\Symantec
2007-11-04 07:08 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-04 07:08 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-04 07:08 --------- d-----w C:\Program Files\Symantec
2007-11-04 03:56 --------- d-----w C:\Program Files\InterVideo
2007-11-04 00:35 --------- d-----w C:\Program Files\LimeWire
2007-10-21 01:24 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 16:03 34,328 ----a-w C:\Documents and Settings\Finees M. Casado\Application Data\GDIPFONTCACHEV1.DAT
2007-10-12 14:17 --------- d-----w C:\Program Files\Java
2007-10-08 00:19 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-10-06 01:11 --------- d-----w C:\Program Files\Yahoo!
2007-10-06 01:10 --------- d-----w C:\Program Files\XviD
2007-10-06 01:02 --------- d-----w C:\Program Files\Google
2007-10-06 01:00 --------- d-----w C:\Program Files\DOCSIS Configurator
2007-10-06 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-10-06 00:52 --------- d-----w C:\Program Files\ScanSoft
2007-10-06 00:41 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\Aim
2007-10-06 00:08 --------- d-----w C:\Program Files\Intuit
2007-10-06 00:08 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-05 23:52 --------- d-----w C:\Documents and Settings\Finees M. Casado\Application Data\Skype
2007-10-05 23:44 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2007-10-05 23:43 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-05 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-05 17:15 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-05 16:52 --------- d-----w C:\Program Files\MobiMate
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-01-10 16:15 839,686 ----a-w C:\WINDOWS\Fonts\Crack.exe
2005-09-10 00:55 4,588,454 ----a-w C:\Program Files\setup.exe
2005-09-10 00:55 37,766,164 -c--a-w C:\Program Files\Data1.cab
2005-09-10 00:55 35 -c--a-w C:\Program Files\SCSSDist.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2236FBF7-8431-45D9-348D-764DB1FB3655}]
C:\Program Files\Microsoft Office\lawuge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-03 13:16 35328 --a------ C:\WINDOWS\system32\gebyvts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{caaf589c-706e-4cc9-bc0c-b251ea3710c2}]
2007-11-09 08:47 77888 --a------ C:\WINDOWS\system32\spclhgde.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 14:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 14:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SetKbd"="SetKbd.exe" [2003-01-22 10:20 C:\WINDOWS\SetKbd.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-10-22 23:15]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 15:38]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 01:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"nwiz"="nwiz.exe" [2004-03-12 16:57 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-12 16:57]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-18 12:18]
"CPQAPP"="CPQHKey.exe" [2003-01-22 16:33 C:\WINDOWS\CPQHKey.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 C:\WINDOWS\system32\bthprops.cpl]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"8468a5c5"="C:\WINDOWS\system32\wbdrjsoa.dll" [2007-11-09 08:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\gebyvts.dll [2007-11-03 13:16 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avksdlhp]
avksdlhp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvts]
gebyvts.dll 2007-11-03 13:16 35328 C:\WINDOWS\system32\gebyvts.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccuWeatherDesktopAlerts]
C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad7f7d8d-80e8-11db-81a5-000398de806d}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caf6c697-7f75-11dc-824e-000398de806d}]
\Shell\AutoRun\command - F:\UFDLaunch.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 17:06:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 09:15:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\[email protected]???? ?|?B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 9:21:25 - machine was rebooted
.
--- E O F ---
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top