Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Popups Galore Even When Using Firefox Only


  • This topic is locked This topic is locked
2 replies to this topic

#1 sr34chi

sr34chi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 19 April 2008 - 10:53 PM

main.txt
=====
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-19 23:40:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-04-20 03:40:55 UTC - RP257 - Deckard's System Scanner Restore Point
80: 2008-04-19 07:51:06 UTC - RP256 - System Checkpoint
79: 2008-04-18 07:13:11 UTC - RP255 - System Checkpoint
78: 2008-04-17 07:00:22 UTC - RP254 - Software Distribution Service 3.0
77: 2008-04-16 07:00:26 UTC - RP253 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-15 15:39:12 UTC - RP177 - Installed Windows XP KB899587.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 23:42:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\BRSVC01A.EXE
C:\WINDOWS\system32\BRSS01A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\?racle\n?tepad.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\System32\jkkjihh.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\RACLE~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Ydoskm] C:\WINDOWS\?racle\n?tepad.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: jkkjihh - C:\WINDOWS\system32\jkkjihh.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


--
End of file - 6499 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdromm - c:\windows\system32\drivers\cdromm.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 15:04:11 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 23:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 23:30:07 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 23:30:03 0 d-------- C:\WINDOWS\LastGood
2008-04-15 14:36:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 12:39:48 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-15 12:39:47 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-15 12:39:47 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-15 12:39:39 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-15 12:39:39 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-15 12:28:04 0 d-------- C:\WUTemp
2008-04-15 12:27:27 1043 --a------ C:\WINDOWS\mozver.dat
2008-04-15 12:26:39 2629 --a------ C:\lYNu.exe
2008-04-15 12:16:10 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-15 11:25:11 0 d-------- C:\WINDOWS\peernet
2008-04-15 11:25:10 0 d-------- C:\WINDOWS\provisioning
2008-04-15 11:22:35 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-15 11:12:46 0 d-------- C:\WINDOWS\EHome
2008-04-14 18:10:54 0 d-------- C:\Program Files\Symantec
2008-04-14 18:10:36 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-14 18:10:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-13 22:19:15 0 d-------- C:\WINDOWS\?ppPatch
2008-04-10 21:27:15 0 d-------- C:\WINDOWS\?racle
2008-04-10 21:27:07 0 d-------- C:\WINDOWS\?racle
2008-04-10 21:22:03 0 d-------- C:\Documents and Settings\Owner\Application Data\WinTouch
2008-04-10 21:17:00 0 d-------- C:\Program Files\JavaCore
2008-04-10 21:11:59 0 d-------- C:\Program Files\nvcoi
2008-04-10 21:06:58 0 d-------- C:\Program Files\Temporary
2008-04-10 21:06:58 0 d-------- C:\Program Files\CPV
2008-04-06 17:36:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-06 17:35:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 17:29:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-06 17:28:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-06 17:27:11 0 d-------- C:\Program Files\Picasa2
2008-04-06 17:27:03 0 d-------- C:\WINDOWS\system32\runtime
2008-04-06 17:26:37 0 d-------- C:\Program Files\Norton Security Scan
2008-04-06 17:25:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-06 17:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-06 17:24:29 0 d-------- C:\Program Files\Google
2008-04-06 12:28:05 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-06 12:27:58 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-06 12:27:47 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-06 12:26:44 0 d-------- C:\WINDOWS\Internet Logs
2008-04-06 04:47:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-06 04:47:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-05 23:58:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-05 23:43:09 0 d-------- C:\Program Files\QdrDrive
2008-04-05 23:42:47 36352 --a------ C:\WINDOWS\system32\hgGwXrPg.dll
2008-04-05 23:42:17 364988 --ahs---- C:\WINDOWS\system32\nmllm.ini2
2008-04-05 23:42:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-05 23:32:42 0 d-------- C:\WINDOWS\?icrosoft
2008-04-05 23:32:24 86144 --a------ C:\WINDOWS\system32\drivers\cdromm.sys
2008-04-05 23:32:22 0 d-------- C:\WINDOWS\system32\??pPatch
2008-04-05 23:32:22 0 d-------- C:\WINDOWS\system32\wii
2008-04-05 23:32:22 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-05 23:32:22 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-05 23:32:22 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-05 23:32:19 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-05 23:32:18 0 d-------- C:\Temp
2008-04-05 01:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-04-04 10:06:55 10240 --a------ C:\WINDOWS\system32\000070.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-15 15:34:36 0 d-------- C:\Program Files\Common Files
2008-04-15 14:25:55 0 d-------- C:\Program Files\Messenger
2008-04-15 11:25:12 0 d-------- C:\Program Files\Movie Maker
2008-04-15 11:22:00 0 d-------- C:\Program Files\Windows NT
2008-04-10 21:22:10 10 --a------ C:\Program Files\.autoreg <AUTORE~1>
2008-04-09 18:15:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-06 17:36:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-05 07:59:17 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-19 23:26:20 0 d-------- C:\Program Files\QuickTime
2008-02-19 23:24:37 0 d-------- C:\Program Files\OLYMPUS
2008-02-19 23:23:52 0 d-------- C:\Program Files\MSXML 4.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}]
C:\WINDOWS\System32\jkkjihh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [06/19/2002 08:14 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [06/19/2002 08:05 PM]
"QuickTime Task"="C:\program files\quicktime\qttask.exe" [09/01/2006 04:57 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/06/2008 05:25 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/04/2005 12:42 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/15/2005 01:28 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [09/11/2007 07:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/06/2008 05:24 PM]
"Aida"="C:\WINDOWS\RACLE~1\scanregw.exe" [04/10/2008 09:27 PM]
"Ydoskm"="C:\WINDOWS\?racle\n?tepad.exe" []

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE [4/13/2004 6:03:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/6/2008 5:24:32 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}"= C:\WINDOWS\System32\jkkjihh.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjihh]
jkkjihh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - HTTPFILTER



-- End of Deckard's System Scanner: finished at 2008-04-19 23:44:41 ------------




extra.txt
=====
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.00GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1022.48 MiB / 580.88 MiB
Pagefile Memory (total/avail): 2461.35 MiB / 2146.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.87 GiB total, 44.91 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST360015A - 55.9 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 55.87 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP-OFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DESKTOP-OFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DESKTOP-OFFICE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\CPV\CPV8.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\CPV\"" /f
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Intel® Extreme Graphics Driver Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\setup.exe" -inteluninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
nvcoi --> "C:\Program Files\nvcoi\nvcoi.exe" -uninstall
OLYMPUS Master 2 --> MsiExec.exe /X{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spell Checker For OE 2.1 --> C:\Program Files\Common Files\Microsoft Shared\proof\Uninstal.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}


-- Application Event Log -------------------------------------------------------

Event Record #/Type824 / Error
Event Submitted/Written: 04/19/2008 11:43:14 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Owner\LOCALS~1\Temp\xrun.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type823 / Error
Event Submitted/Written: 04/19/2008 11:43:14 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Downloader in File: C:\Documents and Settings\Owner\Local Settings\Temp\xrun.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type822 / Error
Event Submitted/Written: 04/19/2008 11:43:14 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Owner\LOCALS~1\Temp\xrun.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Event Record #/Type821 / Error
Event Submitted/Written: 04/19/2008 11:42:41 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Owner\LOCALS~1\Temp\xpre.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type820 / Error
Event Submitted/Written: 04/19/2008 11:42:40 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Downloader in File: C:\Documents and Settings\Owner\Local Settings\Temp\xpre.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1887 / Error
Event Submitted/Written: 04/19/2008 11:43:05 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type1882 / Warning
Event Submitted/Written: 04/19/2008 10:44:54 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1878 / Error
Event Submitted/Written: 04/19/2008 10:39:00 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type1835 / Warning
Event Submitted/Written: 04/19/2008 05:26:52 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type1816 / Warning
Event Submitted/Written: 04/17/2008 04:48:56 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-04-19 23:44:41 ------------

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 25 April 2008 - 02:25 PM

Hi

I see you've run the Kaspersky Online Scanner, please post the log ...

Then please do this :-

Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 20 May 2008 - 04:09 PM

Due to lack of feedback this topic is now closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users