Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popads123


  • This topic is locked This topic is locked
3 replies to this topic

#1 littlebirdie

littlebirdie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 June 2008 - 04:30 PM

Every minute or so I get Firefox popping up and attempting to go to this address: <hxxp://www.popads123.com/venora/we-content.php?cid=7559&uid=3795644185783663656&rnd=1191> I then get the "server not found" message.

Very annoying.

Deckard's System Scanner v20071014.68
Run by James on 2008-06-07 11:17:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-06-07 21:17:47 UTC - RP29 - Deckard's System Scanner Restore Point
28: 2008-06-07 20:17:24 UTC - RP28 - Printer Driver Microsoft Office Document Image Writer Installed
27: 2008-06-07 17:02:08 UTC - RP27 - Removed Brother MFL-Pro Suite
26: 2008-06-07 07:29:12 UTC - RP26 - Software Distribution Service 3.0
25: 2008-06-06 20:11:32 UTC - RP25 - Printer Driver Brother PC-FAX Installed


-- First Restore Point --
1: 2008-06-03 04:33:31 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-07 11:19:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ati2evxx.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINNT\system32\PRISMSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINNT\system32\mqsvc.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\PRISMSVR.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\WINNT\mrofinu72.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\QdrModule\QdrModule17.exe
C:\WINNT\system32\mshta.exe
C:\WINNT\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\James\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.banneradsgalore.com/bc/123kah.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: banneradsgalore browser optimizer - {30ca2234-e346-65d7-fdcb-27dd9e079e2e} - C:\WINNT\system32\{2f13c6b7-8cfc-d4c0-fa8d-671668726a33}.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll
O2 - BHO: BeSideit IE Helper - {89CBB8EA-FA02-4f61-B997-0247E69F002B} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [{df73fae5-e439-2824-6c2b-b61482ef4e64}] C:\WINNT\System32\Rundll32.exe "C:\WINNT\system32\{2f13c6b7-8cfc-d4c0-fa8d-671668726a33}.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINNT\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrModule17] "C:\Program Files\QdrModule\QdrModule17.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.rr.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://supportcenter.rr.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab55200.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170626826640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\Program Files\Dell\OpenManage\Connector\Redist\wbemtool.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab55708.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Symantec
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINNT\system32\PRISMSVC.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


--
End of file - 10988 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\winnt\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 BrSerial (Brother Serial Driver) - c:\winnt\system32\drivers\brserial.sys <Not Verified; Brother Industries Ltd.; Brother MFL Pro>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\winnt\system32\drivers\lvprcmon.sys

S3 IPFilter ( Microsoft IntelliPoint Features Driver) - c:\winnt\system32\drivers\ipfilter.sys <Not Verified; Microsoft Corporation; Microsoft IntelliPoint>
S3 MTK (Media Technology Kernel Driver) - c:\winnt\system32\drivers\mtk.sys (file missing)
S3 usbhub20 (USB Hub Support) - c:\winnt\system32\drivers\usbhub20.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S4 Parallel (Parallel class driver) - c:\winnt\system32\drivers\parallel.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Inc; OpenManage Client Instrumentation>
R2 ISSVC (IS Service) - c:\program files\symantec client security\symantec client firewall\issvc.exe
R2 PRISMSVC - c:\winnt\system32\prismsvc.exe <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&3B1CAF2B&0&38F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&3B1CAF2B&0&38F0
Service: RT2500

Class GUID: {D07AF4AC-3BED-458D-9A68-380F23572661}
Description: Intel® Graphics Platform (SoftBIOS) Driver
Device ID: ROOT\INTELUNIFIEDDISPLAYDRIVER\0000
Manufacturer: Intel Corporation
Name: Intel® Graphics Platform (SoftBIOS) Driver
PNP Device ID: ROOT\INTELUNIFIEDDISPLAYDRIVER\0000
Service: {6080A529-897E-4629-A488-ABA0C29B635E}


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 16:55:11 366 --a------ C:\WINNT\Tasks\Symantec NetDetect.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 09:46:01 0 d-------- C:\Documents and Settings\James\Application Data\Sun
2008-06-07 08:19:40 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-06-07 08:18:07 0 d-------- C:\Documents and Settings\James\Application Data\Adobe
2008-06-07 08:17:55 0 d-------- C:\Documents and Settings\James\Application Data\Talkback
2008-06-07 08:11:13 0 d-------- C:\Documents and Settings\James\Application Data\Mozilla
2008-06-07 08:09:23 41984 --a------ C:\WINNT\mrofinu72.exe
2008-06-07 08:09:09 0 d-------- C:\Program Files\QdrModule
2008-06-07 08:07:18 13824 --a------ C:\586byi.exe
2008-06-07 07:45:37 0 d-------- C:\Documents and Settings\James\Application Data\Macromedia
2008-06-07 07:44:50 0 d-------- C:\Documents and Settings\James\Application Data\Identities
2008-06-07 07:44:18 0 d--h----- C:\Documents and Settings\James\Templates
2008-06-07 07:44:18 0 dr------- C:\Documents and Settings\James\Start Menu
2008-06-07 07:44:18 0 dr-h----- C:\Documents and Settings\James\SendTo
2008-06-07 07:44:18 0 dr-h----- C:\Documents and Settings\James\Recent
2008-06-07 07:44:18 0 d--h----- C:\Documents and Settings\James\PrintHood
2008-06-07 07:44:18 0 d--h----- C:\Documents and Settings\James\NetHood
2008-06-07 07:44:18 0 dr------- C:\Documents and Settings\James\My Documents
2008-06-07 07:44:18 0 d--h----- C:\Documents and Settings\James\Local Settings
2008-06-07 07:44:18 0 dr------- C:\Documents and Settings\James\Favorites
2008-06-07 07:44:18 0 d-------- C:\Documents and Settings\James\Desktop
2008-06-07 07:44:18 0 d---s---- C:\Documents and Settings\James\Cookies
2008-06-07 07:44:18 0 dr-h----- C:\Documents and Settings\James\Application Data
2008-06-07 07:44:18 0 d-------- C:\Documents and Settings\James\Application Data\Google
2008-06-07 07:44:17 786432 --ah----- C:\Documents and Settings\James\NTUSER.DAT
2008-06-06 21:58:21 229535 --a------ C:\WINNT\system32\000050.exe
2008-06-06 21:57:58 226613 --a------ C:\WINNT\system32\000060.exe
2008-06-04 22:44:47 0 d-------- C:\Program Files\VnrPack
2008-06-04 22:44:33 0 d-------- C:\Program Files\QdrDrive
2008-06-04 22:44:23 403794 --a------ C:\WINNT\469.exe
2008-06-04 22:44:22 0 d-------- C:\Program Files\ISM
2008-06-04 22:44:15 266607 --a------ C:\WINNT\ISMSetup Venora3 (aid=3 smiley).exe
2008-06-04 22:17:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\TweakNow WinSecret
2008-06-04 20:58:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-04 20:19:26 0 d-------- C:\Program Files\Registry Easy
2008-06-04 19:22:56 0 --a------ C:\WINNT\ativpsrm.bin
2008-06-04 19:19:16 593920 -----n--- C:\WINNT\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-04 19:17:51 0 d-------- C:\ATI
2008-06-03 21:09:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-03 20:03:13 0 d-------- C:\Program Files\Microsoft Games
2008-06-03 18:16:06 0 d-------- C:\WINNT\system32\ReinstallBackups
2008-06-03 18:15:24 53248 --a------ C:\WINNT\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-06-03 18:14:58 0 d-------- C:\Intel
2008-06-03 17:58:49 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-03 03:00:54 0 d-------- C:\WINNT\system32\PreInstall
2008-06-02 08:47:26 0 d-------- C:\WINNT\Prefetch
2008-06-02 08:47:24 290816 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-02 08:47:24 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-02 08:47:24 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-02 08:47:24 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-02 08:47:24 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-02 08:45:10 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-02 08:45:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-02 08:45:10 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-02 08:45:09 290816 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-02 08:45:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-02 08:35:29 0 d-------- C:\WINNT\system32\xircom
2008-06-02 08:35:02 0 d--h----- C:\WINNT\$hf_mig$
2008-06-02 08:31:15 0 d-------- C:\Program Files\Online Services
2008-06-02 08:30:10 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-02 08:30:05 0 d-------- C:\WINNT\srchasst
2008-06-02 08:29:48 0 d-------- C:\Program Files\Movie Maker
2008-06-02 08:29:38 0 d-------- C:\WINNT\system32\Restore
2008-06-02 08:27:10 0 d-------- C:\WINNT\system32\FxsTmp
2008-06-02 08:26:51 0 d-------- C:\Program Files\Messenger
2008-06-02 08:26:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-02 08:26:21 0 d-------- C:\WINNT\system32\MsDtc
2008-06-02 07:57:51 0 d-------- C:\WINNT\system32\CatRoot2
2008-06-02 07:43:54 0 d-------- C:\WINNT\setup.pss
2008-06-01 21:47:56 0 d-------- C:\WINNT\WinSxS
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\usmt
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\oobe
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\IME
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\icsxml
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\3com_dmi
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\3076
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\2052
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1054
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1042
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1041
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1037
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1033
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1031
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1028
2008-06-01 21:47:56 0 d-------- C:\WINNT\system32\1025
2008-06-01 21:47:56 0 d-------- C:\WINNT\Resources
2008-06-01 21:47:56 0 d-------- C:\WINNT\Provisioning
2008-06-01 21:47:56 0 d-------- C:\WINNT\PeerNet
2008-06-01 21:47:56 0 d-------- C:\WINNT\ehome
2008-05-26 02:30:28 364544 --a------ C:\WINNT\system32\{2f13c6b7-8cfc-d4c0-fa8d-671668726a33}.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-07 09:32:08 40 --a------ C:\WINNT\system32\profile.dat
2008-06-07 08:08:30 0 d-a------ C:\Program Files\Common Files
2008-06-07 07:02:16 0 d-------- C:\Program Files\Brother
2008-06-07 07:02:10 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-06 20:01:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-06 10:11:42 50 --a------ C:\WINNT\system32\BRIDF04A.dat
2008-06-05 18:50:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 21:49:28 0 d-------- C:\Program Files\Yahoo!
2008-06-04 21:49:27 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-04 21:46:36 0 d-------- C:\Program Files\RoadToBaghdad
2008-06-04 21:11:46 0 d-------- C:\Program Files\ZipGenius 6
2008-06-03 18:47:43 0 d-------- C:\Program Files\Intel
2008-06-02 18:31:35 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-02 08:27:58 22192 --a------ C:\WINNT\system32\emptyregdb.dat
2008-06-02 08:26:44 0 d-------- C:\Program Files\Windows NT
2008-06-02 07:58:46 62 --ahs---- C:\Documents and Settings\James\Application Data\desktop.ini
2008-06-02 07:44:59 1286004 --ah----- C:\WINNT\ShellIconCache
2008-03-19 11:30:22 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_990.dat
2008-03-12 09:09:50 180224 --a------ C:\WINNT\system32\Ncs2Setp.dll <Not Verified; Intel® Corporation; Intel® Network Configuration Services>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30ca2234-e346-65d7-fdcb-27dd9e079e2e}]
05/26/2008 02:30 AM 364544 --a------ C:\WINNT\system32\{2f13c6b7-8cfc-d4c0-fa8d-671668726a33}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83C35173-E029-42f1-9692-0341EE379A0D}]
04/30/2008 09:26 PM 147456 --a------ C:\Program Files\QdrDrive\QdrDrive16.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89CBB8EA-FA02-4f61-B997-0247E69F002B}]
04/15/2008 09:40 AM 147456 --a------ C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02/28/2006 02:00 AM C:\WINNT\system32\mobsync.exe]
"POINTER"="point32.exe" []
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [06/21/2005 11:48 PM]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [06/21/2005 11:44 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/04/2005 12:42 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [11/15/2005 01:28 PM]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"%%DELETE_VALUE%%"="CreateCD50" []
"{df73fae5-e439-2824-6c2b-b61482ef4e64}"="C:\WINNT\system32\{2f13c6b7-8cfc-d4c0-fa8d-671668726a33}.dll" [05/26/2008 02:30 AM]
"runner1"="C:\WINNT\mrofinu72.exe" [06/07/2008 08:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [02/28/2006 02:00 AM]
"QdrModule17"="C:\Program Files\QdrModule\QdrModule17.exe" [05/29/2008 12:25 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMGNA.DLL]
PRISMGNA.DLL 12/08/2004 12:41 PM 229465 C:\WINNT\system32\PRISMGNA.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Share-to-Web Namespace Daemon"=D:\Program Files\Hewlett-Packard\hpgs2wnd.exe
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
"LogitechCameraService(E)"=C:\WINNT\system32\ElkCtrl.exe /automation


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8617f872-3380-11dd-b498-806d6172696f}]
AutoRun\command- E:\SETUP.EXE /AUTORUN
configure\command- E:\SETUP.EXE
install\command- E:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-06-07 11:20:31 ------------

Deactivated link. ~ OB


Edited by Orange Blossom, 11 February 2013 - 01:10 AM.


BC AdBot (Login to Remove)

 


#2 littlebirdie

littlebirdie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 15 June 2008 - 04:06 PM

So I followed the instructions, posted my problem, and nothing???? What gives?

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:34 PM

Posted 19 June 2008 - 12:09 PM

Hello littlebirdie,


So I followed the instructions, posted my problem, and nothing???? What gives?


Sorry for the delay. We have over 300 logs backed up. :thumbsup:


Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:34 PM

Posted 24 June 2008 - 05:21 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users