Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups Containing Porn And General Operating Issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 doughc

doughc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 June 2008 - 10:52 PM

My computer will accumulate pop-ups containing porn and spyware stuff when left alone for more than 5 minutes. I am not sure how to fix the problem! It also is causing my computer to freeze up one in a while and other things.

Deckard's System Scanner v20071014.68
Run by Student on 2008-06-25 16:18:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-06-25 21:18:50 UTC - RP507 - Deckard's System Scanner Restore Point
54: 2008-06-25 11:04:35 UTC - RP506 - System Checkpoint
53: 2008-06-24 10:04:32 UTC - RP505 - System Checkpoint
52: 2008-06-23 09:04:31 UTC - RP504 - System Checkpoint
51: 2008-06-22 08:04:30 UTC - RP503 - System Checkpoint


-- First Restore Point --
1: 2008-04-17 15:17:09 UTC - RP453 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 84% (more than 75%).


-- HijackThis (run as Student.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:26 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\yuvpbyey.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\iebtm.exe
C:\DOCUME~1\Student\LOCALS~1\Temp\qttask.exe
C:\Program Files\Web Technologies\wcm.exe
C:\Program Files\Web Technologies\iebtmm.exe
C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Student\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Student.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.digitrain.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=qpecayvw.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\STUDENT\Application Data\Mozilla\Profiles\default\rhz6eb6c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\STUDENT\Application Data\Mozilla\Profiles\default\rhz6eb6c.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {17EBE169-7CE9-453D-A392-C7D8B28EE39E} - C:\Program Files\WindowsUpdate\hokes4444.dll
O2 - BHO: (no name) - {4B444D49-3514-483C-856F-0FE69E90A750} - C:\Program Files\Outlook Express\komevof777444.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7e69d092-73dd-451d-bcac-e44f09eb226c} - C:\WINDOWS\system32\wckjbqt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EF858EB-D270-40C7-A67F-D42EFC4AAC17} - C:\Program Files\WindowsUpdate\hokes83122.dll
O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll (file missing)
O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bprsmxdj.dll (file missing)
O2 - BHO: 238044 helper - {C0F371D7-926D-4700-B65E-63BFF1197205} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\DOCUME~1\Student\LOCALS~1\Temp\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.4\webbuying.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorergate.com/redirect.php (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Student\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://baka-aho.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123261636360
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163778902835
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDBBA19C-8D04-4AE0-AD63-F1DB30C16D43}: NameServer = 66.28.0.45,66.28.0.61
O20 - Winlogon Notify: bprsmxdj - bprsmxdj.dll (file missing)
O22 - SharedTaskScheduler: chicot - {c27abdde-8a43-4a7f-81c0-3fc3c952284f} - C:\WINDOWS\system32\sgntu.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yuvpbyey.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10561 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070715-043322-176 O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Student\Application Data\Microsoft\Windows\rayiou.exe
backup-20070715-043322-396 O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.8\webbuying.exe
backup-20070715-043322-479 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070715-044725-195 O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
backup-20070715-044725-298 O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
backup-20070715-044725-569 O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
backup-20070715-044725-800 O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
backup-20070715-044725-832 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20070716-220804-201 O20 - Winlogon Notify: cbaya - C:\WINDOWS\system32\cbaya.dll (file missing)
backup-20070716-220804-332 O2 - BHO: (no name) - {F24096C7-6EF5-416D-8906-A9F81E2D352E} - C:\WINDOWS\system32\cbaya.dll (file missing)
backup-20070716-220804-427 O20 - Winlogon Notify: rqrrpon - rqrrpon.dll (file missing)
backup-20070716-220804-509 O2 - BHO: 0 - {6314D498-1A69-40AD-4A92-511406D9F2DB} - C:\Program Files\Windows Media Player\lavumad175.dll (file missing)
backup-20070716-220804-532 O4 - Startup: www.thesims.com.url
backup-20070716-220804-599 O4 - HKCU\..\Run: [Suel] "C:\WINDOWS\system32\RACLE~1\nslookup.exe" -vt yazb
backup-20070716-220804-695 O2 - BHO: (no name) - {36982041-4BB9-463B-9FB8-7BED80A5966F} - C:\Program Files\WindowsUpdate\hokes83122.dll (file missing)
backup-20070716-220804-728 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20070716-220804-752 O2 - BHO: (no name) - {286f0666-48c2-4041-aba8-59eee2b24359} - C:\WINDOWS\system32\wckjbqt.dll
backup-20070716-220804-973 O2 - BHO: (no name) - {164A3AD8-8537-AF9F-1A12-8C8DBB2780EC} - C:\WINDOWS\system32\vwluxlgr.dll (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 pavdrv (Panda Antivirus Filter Driver for x86) - c:\windows\system32\drivers\pavdrv51.sys <Not Verified; Panda Software International; Panda Residents>
R3 W8335XP (IEEE 802.11g Wireless Cardbus/PCI Adapter HW51) - c:\windows\system32\drivers\mrv8000c.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>

S3 catchme - c:\docume~1\student\locals~1\temp\catchme.sys (file missing)
S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\yuvpbyey.exe /service <Not Verified; ; DDC>
R2 Panda Software Controller - "c:\program files\panda software\panda antivirus 2007\psctrls.exe" <Not Verified; Panda Software International; Panda Corporative Solutions>
R2 PAVSRV (Panda anti-virus service) - "c:\program files\panda software\panda antivirus 2007\pavsrv51.exe" <Not Verified; Panda Software International; Panda residents>
R2 PSIMSVC (Panda IManager Service) - "c:\program files\panda software\panda antivirus 2007\psimsvc.exe" <Not Verified; Panda Software International; Panda Interface Manager>

S3 MSControlService (Microsoft cache control) - c:\windows\system32\windows


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-24 22:59:39 366 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-06-24 17:00:01 452 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-06-20 21:56:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-21 00:28:38 0 d-------- C:\Program Files\XoftSpySE
2008-06-20 23:26:26 0 d-------- C:\Program Files\Spyware Doctor
2008-06-20 23:26:26 0 d-------- C:\Documents and Settings\Student\Application Data\PC Tools
2008-06-20 10:49:18 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 10:49:04 0 d-------- C:\Program Files\AntiSpyCheck 2.1
2008-06-20 10:48:58 0 d-------- C:\WINDOWS\system32\238044
2008-06-20 10:48:44 0 d-------- C:\Program Files\Web Technologies


-- Find3M Report ---------------------------------------------------------------

2008-06-17 22:00:34 13312 --a-s---- C:\WINDOWS\system32\sgntu.dll
2008-05-25 11:42:39 0 d-------- C:\Documents and Settings\Student\Application Data\Adobe
2008-05-22 21:51:11 136627 --a------ C:\WINDOWS\POTA777444.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17EBE169-7CE9-453D-A392-C7D8B28EE39E}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\WindowsUpdate\hokes4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B444D49-3514-483C-856F-0FE69E90A750}]
02/27/2008 08:54 PM 217088 --a------ C:\Program Files\Outlook Express\komevof777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e69d092-73dd-451d-bcac-e44f09eb226c}]
09/27/2007 09:34 PM 171520 --a------ C:\WINDOWS\system32\wckjbqt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EF858EB-D270-40C7-A67F-D42EFC4AAC17}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\WindowsUpdate\hokes83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9989F1F6-70DE-4244-AC9F-6672983681A0}]
C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A49E097A-D6EF-4B2F-8B0F-1230E998587F}]
06/22/2008 10:06 AM 8192 --a------ C:\Program Files\Web Technologies\iebt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINDOWS\system32\bprsmxdj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0F371D7-926D-4700-B65E-63BFF1197205}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B}"= C:\Program Files\Web Technologies\iebr.dll [06/20/2008 10:48 AM 87552]

[-HKEY_CLASSES_ROOT\CLSID\{F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\DOCUME~1\Student\LOCALS~1\Temp\qttask.exe" []
"Salestart"="C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" [09/12/2007 08:15 PM]
"AntiSpyCheck 2.1"="C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" [06/19/2008 10:28 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 04:17 PM]
"WebBuying"="C:\Program Files\Web Buying\v1.8.4\webbuying.exe" []
"WinAble"="C:\Program Files\WinAble\winable.exe" [09/27/2007 09:37 PM]
"AUTORUN_VAL"="C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe" [06/19/2008 10:28 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 5:44:06 AM]
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [5/25/2007 11:24:03 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [12/14/2004 8:53:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"some"=C:\Program Files\Web Technologies\wcs.exe
"start"=C:\Program Files\Web Technologies\iebtm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c27abdde-8a43-4a7f-81c0-3fc3c952284f}"= C:\WINDOWS\system32\sgntu.dll [06/17/2008 10:00 PM 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 07/14/2006 01:46 PM 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bprsmxdj]
bprsmxdj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli qpecayvw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-25 16:27:44 ------------

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:55 AM

Posted 26 June 2008 - 04:36 PM

Hi,

First of all... I see you have Panda Antivirus installed. Did you purchase it? Or is it still a trial? Because a lot of malware present here should be detected and removed by Panda though. That's why I think your version of Panda is outdated. Please let me know in your next reply as this is important.

Also, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:55 AM

Posted 11 July 2008 - 02:50 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users