Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having Trouble With Tesslar A Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Twolf

Twolf

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 April 2008 - 08:15 PM

Getting PITA pop-up ads. Not alot of slow down but the pop up ads are bad enough. CA anti-spyware (built-in to Y! toolbar) picks up Tesslar A but can't do anything about it. AVG nor Ad-aware are even picking it up. Log files are as followed:

Deckard's System Scanner v20071014.68
Run by Twolf on 2008-04-18 21:04:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Twolf.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:59 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Twolf\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Twolf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.255.70.99:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} - C:\WINDOWS\system32\tuvttur.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7DBF2CEA-2093-4BAC-8187-F656401FE543} - C:\Program Files\Internet Explorer\hokelo83122.dll (file missing)
O2 - BHO: (no name) - {8E42C895-D53F-4177-9900-6F2EA6B62476} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {9B455770-8DFE-4E11-84A7-7B6DD4D393F9} - C:\Program Files\Internet Explorer\hokelo4444.dll (file missing)
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\fccyyaw.dll (file missing)
O2 - BHO: 0 - {E56A82E3-C541-4A52-1C87-D9627F433557} - C:\Program Files\Windows Media Player\lavufane.dll (file missing)
O2 - BHO: (no name) - {E7040127-0640-4E1F-B099-A1F8709B5FB4} - C:\WINDOWS\system32\qoMggDVO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Policies\Explorer\Run: [w] %SystemRoot%\WinRaR.exe
O4 - HKCU\..\Policies\Explorer\Run: [wm] %SystemRoot%\winlogor.exe
O4 - HKCU\..\Policies\Explorer\Run: [mm] %SystemRoot%\sourro.exe
O4 - HKCU\..\Policies\Explorer\Run: [zx] %SystemRoot%\winadr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D46A198-8511-4FD0-A7A0-3D91EF6CF29D}: NameServer = 85.255.114.75,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F3F545-C712-4338-9EAB-992C9E0925CD}: NameServer = 85.255.114.75,85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.75 85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D46A198-8511-4FD0-A7A0-3D91EF6CF29D}: NameServer = 85.255.114.75,85.255.112.212
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.75 85.255.112.212
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D46A198-8511-4FD0-A7A0-3D91EF6CF29D}: NameServer = 85.255.114.75,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.75 85.255.112.212
O20 - Winlogon Notify: fccyyaw - fccyyaw.dll (file missing)
O20 - Winlogon Notify: ljJASjHW - ljJASjHW.dll (file missing)
O20 - Winlogon Notify: nnnnmli - nnnnmli.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
O20 - Winlogon Notify: qomnmjj - qomnmjj.dll (file missing)
O20 - Winlogon Notify: tuvttur - tuvttur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10059 bytes

-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-18 20:16:47 0 d-------- C:\Program Files\Trend Micro
2008-04-16 23:00:11 0 d-------- C:\WINDOWS\Erroror
2008-04-16 22:46:17 0 d-------- C:\WINDOWS\profiles
2008-04-16 22:44:51 0 d-------- C:\Program Files\Sega Saturn
2008-04-14 21:12:04 0 d--h----- C:\WINDOWS\PIF
2008-04-14 21:06:45 0 d-------- C:\Program Files\Alcohol Soft
2008-04-14 21:03:12 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 00:25:27 20480 --a------ C:\WINDOWS\quit.exe
2008-04-14 00:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-13 21:55:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-13 21:55:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-13 21:54:52 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-13 21:54:52 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-13 21:54:52 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-13 21:54:52 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-13 21:54:52 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-13 21:54:52 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-13 21:54:52 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-13 21:54:52 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-13 21:54:52 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-13 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-13 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-13 21:54:52 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-13 21:54:52 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-13 21:54:52 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-13 21:52:54 0 d-------- C:\WINDOWS\CSC
2008-04-13 20:47:03 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-13 20:46:57 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-13 20:06:27 0 d-------- C:\WINDOWS\CAVTemp
2008-04-13 14:33:30 269818 --ahs---- C:\WINDOWS\system32\OVDggMoq.ini2
2008-04-13 14:28:29 86144 --a------ C:\WINDOWS\system32\drivers\avgtdii.sys
2008-04-13 14:28:27 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-13 14:28:27 0 d-------- C:\WINDOWS\system32\iFi
2008-04-13 14:28:27 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-13 14:28:27 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-13 14:28:27 0 d-------- C:\WINDOWS\system32\axV
2008-04-13 14:28:23 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-06 23:29:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-06 19:25:50 0 d-------- C:\Documents and Settings\Twolf\Application Data\Yahoo!
2008-04-06 19:25:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-06 19:24:48 0 d-------- C:\Program Files\Yahoo!
2008-04-02 22:15:21 0 d-------- C:\Documents and Settings\Twolf\Application Data\Nero
2008-04-02 22:10:51 0 d-------- C:\Program Files\Nero
2008-04-02 22:10:51 0 d-------- C:\Program Files\Common Files\Nero
2008-04-02 22:10:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 22:08:30 0 d-------- C:\WINDOWS\RegisteredPackages
2008-03-30 17:16:44 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-29 22:15:06 0 d-------- C:\Documents and Settings\Twolf\Application Data\Xfire
2008-03-29 22:15:04 0 d-------- C:\Program Files\Xfire
2008-03-29 15:09:02 0 d-------- C:\WINDOWS\system32\Adobe
2008-03-23 00:12:39 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2008-03-22 23:46:28 0 d-------- C:\Program Files\Common Files\HP
2008-03-22 23:43:33 0 d-------- C:\Program Files\HP


-- Find3M Report ---------------------------------------------------------------

2008-04-16 22:44:43 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-13 21:48:45 0 d-------- C:\Documents and Settings\Twolf\Application Data\AVG7
2008-04-13 20:47:03 0 d-------- C:\Program Files\Common Files
2008-04-12 17:24:33 0 d-------- C:\Program Files\PokerStars
2008-04-11 15:52:29 0 d-------- C:\Program Files\World of Warcraft
2008-04-06 23:29:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-03 14:57:11 0 d-------- C:\Documents and Settings\Twolf\Application Data\dvdcss
2008-04-02 22:03:57 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-23 18:04:26 0 d-------- C:\Program Files\Outspark
2008-02-19 18:27:43 0 d-------- C:\Program Files\AIM6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}]
C:\WINDOWS\system32\tuvttur.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF2CEA-2093-4BAC-8187-F656401FE543}]
C:\Program Files\Internet Explorer\hokelo83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E42C895-D53F-4177-9900-6F2EA6B62476}]
C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B455770-8DFE-4E11-84A7-7B6DD4D393F9}]
C:\Program Files\Internet Explorer\hokelo4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCD53738-C4F9-414A-A03C-C7405A4AC844}]
C:\WINDOWS\system32\fccyyaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E56A82E3-C541-4A52-1C87-D9627F433557}]
C:\Program Files\Windows Media Player\lavufane.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7040127-0640-4E1F-B099-A1F8709B5FB4}]
C:\WINDOWS\system32\qoMggDVO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [12/26/2007 02:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [12/26/2007 02:24 AM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [12/26/2007 02:24 AM C:\WINDOWS\ALCMTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2004 12:45 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2004 12:41 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/13/2007 09:46 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 12:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/15/2007 05:35 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 12:41 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"IESet"=IExplorer.dll .dbt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01
"NoInstrumentation"=1 (0x1)
"NoStartMenuSubFolders"=1 (0x1)
"NoFavoritesMenu"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"=%SystemRoot%\WinRaR.exe
"wm"=%SystemRoot%\winlogor.exe
"mm"=%SystemRoot%\sourro.exe
"zx"=%SystemRoot%\winadr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DCD53738-C4F9-414A-A03C-C7405A4AC844}"= C:\WINDOWS\system32\fccyyaw.dll [ ]
"{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\system32\tuvttur.dll [ ]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\ljJASjHW.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdknw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyyaw]
fccyyaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJASjHW]
ljJASjHW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnmli]
nnnnmli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjj]
C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmjj]
qomnmjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvttur]
tuvttur.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMggDVO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc761f73b]
Rundll32.exe "C:\WINDOWS\system32\lsnknjyv.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gekdopcA]
C:\WINDOWS\gekdopcA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{deb867aa-b6ff-6b7d-69a5-0dac39df52ae}.dll" DllInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
C:\WINDOWS\system32\drivers\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\ferbkctk.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wszzufme]
"C:\Program Files\W?nSxS\?xplorer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- End of Deckard's System Scanner: finished at 2008-04-18 21:05:21 ------------

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 26 April 2008 - 10:48 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
______________________________

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -
  • Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so we may continue cleansing the system -

- the Combofix log (C:\ComboFix.txt)
- the CCleaner Uninstall List (install.txt)
- a new HijackThis log
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 April 2008 - 12:31 PM

Do you still need help?
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#4 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 02 May 2008 - 07:52 AM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users