Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » please help with pop ups!!!!!

[Pending] HJT Logs - please help with pop ups!!!!! posted in the Security & Safety forums; ok i am getting pop ups over and over again. i just bought this computer from a friend and am using windows xp pro. i dont belive it is a ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 4 1 2 3 4 >
  #1  
Old 06-24-2008
Bronze Member
My PC
 
Join Date: Jun 2008
Posts: 25
PC Experience: Some Experience
khaosmage - See this Members User comments on their Profile page
Exclamation please help with pop ups!!!!!
ok i am getting pop ups over and over again. i just bought this computer from a friend and am using windows xp pro. i dont belive it is a virus or spyware. i think it is malware.?. here is the logs from the scan.

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 502.11 MiB / 231.86 MiB
Pagefile Memory (total/avail): 1227.45 MiB / 565.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.89 MiB
C: is Fixed (NTFS) - 74.53 GiB total, 67.93 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BEVS-22RST0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
AV: Norton 360 v2007 (SYMANTEC Corperation)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"="C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\home.KHAOS\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KHAOS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\home.KHAOS
LOGONSERVER=\\KHAOS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HOME~1.KHA\LOCALS~1\Temp
TMP=C:\DOCUME~1\HOME~1.KHA\LOCALS~1\Temp
USERDOMAIN=KHAOS
USERNAME=home
USERPROFILE=C:\Documents and Settings\home.KHAOS
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Neymore (admin)
home.KHAOS (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
DVD X Player 4.0 Professional --> "C:\Program Files\DVD X Studios\DVD X Player 4.0 Professional\unins000.exe"
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\home.KHAOS\Desktop\HiJackThis\HijackThis. exe" /uninstall
isoHunt Toolbar --> C:\PROGRA~1\isoHunt\UNWISE.EXE C:\PROGRA~1\isoHunt\INSTALL.LOG
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users.WINDOWS\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Broadband Drivers --> MsiExec.exe /X{44AFDB86-1509-4CDC-9B2E-1C73B2DEE5F0}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------
Event Record #/Type962 / Error
Event Submitted/Written: 06/23/2008 08:31:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type961 / Error
Event Submitted/Written: 06/23/2008 08:31:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type918 / Error
Event Submitted/Written: 06/23/2008 08:03:00 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Event Record #/Type917 / Error
Event Submitted/Written: 06/23/2008 08:03:00 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemo bj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type836 / Error
Event Submitted/Written: 06/23/2008 01:30:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module shell32.dll, version 6.0.2900.2180, fault address 0x0003aa7b.
Processing media-specific event for [explorer.exe!ws!]

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type1223 / Error
Event Submitted/Written: 06/23/2008 08:29:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1220 / Error
Event Submitted/Written: 06/23/2008 08:27:26 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
avgio
avipbb
eeCtrl
Fips
intelppm
SRTSPX
ssmdrv
SYMTDI
Event Record #/Type1219 / Error
Event Submitted/Written: 06/23/2008 08:26:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1214 / Error
Event Submitted/Written: 06/23/2008 08:22:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1213 / Error
Event Submitted/Written: 06/23/2008 08:22:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

-- End of Deckard's System Scanner: finished at 2008-06-23 22:27:50 ------------



main.txt


Deckard's System Scanner v20071014.68
Run by home on 2008-06-23 22:25:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-24 02:25:38 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as home.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:21 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\DOCUME~1\HOME~1.KHA\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\home.KHAOS\Desktop\dss.exe
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
C:\DOCUME~1\HOME~1.KHA\Desktop\HIJACK~1\home.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: {725b5ff7-ba27-ae5b-7a14-e87efd567b00} - {00b765df-e78e-41a7-b5ea-72ab7ff5b527} - C:\WINDOWS\system32\mpuohsmr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\urqOIcDU.dll (file missing)
O2 - BHO: (no name) - {CD00F7AF-D8DA-4CF8-A787-801E7570B163} - C:\WINDOWS\system32\vtUkLccc.dll (file missing)
O2 - BHO: (no name) - {FC399D28-5657-4240-B0F7-6E348667ECEE} - C:\WINDOWS\system32\ddcBSiif.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a4a13345] rundll32.exe "C:\WINDOWS\system32\sebvyxtp.dll",b
O4 - HKLM\..\Run: [BMa79200d9] Rundll32.exe "C:\WINDOWS\system32\quqxvsvw.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A544C1-D113-41B1-BC3E-E46649F9ACC6}: NameServer = 69.78.96.14 66.174.95.44
O20 - Winlogon Notify: urqOIcDU - urqOIcDU.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7496 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 NWADI (NWADI Bus Enumerator) - c:\windows\system32\drivers\nwadienum.sys <Not Verified; Novatel Wireless Inc; NWADI Bus Enumerator>
R3 NWUSBModem (Novatel Wireless USB Modem Driver) - c:\windows\system32\drivers\nwusbmdm.sys <Not Verified; Novatel Wireless Inc.; Novatel Wireless USB Modem/Serial Device Driver>
R3 NWUSBPort (Novatel Wireless USB Status Port Driver) - c:\windows\system32\drivers\nwusbser.sys <Not Verified; Novatel Wireless Inc.; Novatel Wireless USB Modem/Serial Device Driver>
S3 avfwim (AvFw Packet Filter Miniport) - c:\windows\system32\drivers\avfwim.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_01101025&REV_03\3&B1B FB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_01101025&REV_03\3&B1B FB68&0&10
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_01101025&REV_03\3&B1B FB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_01101025&REV_03\3&B1B FB68&0&11
Service:
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_10250110& REV_1007\4&37C55033&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_10250110& REV_1007\4&37C55033&0&0101
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_01101025&REV_14\4&192 AC53F&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_01101025&REV_14\4&192 AC53F&0&00E0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&6B1 6D5B&0&18F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&6B1 6D5B&0&18F0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&6B1 6D5B&0&4AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&6B1 6D5B&0&4AF0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01101025&REV_02\3&B1B FB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01101025&REV_02\3&B1B FB68&0&FB
Service:

-- Files created between 2008-05-23 and 2008-06-23 -----------------------------
2008-06-23 21:51:37 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\WinRAR
2008-06-23 20:14:41 0 d--hs---- C:\WINDOWS\CSC
2008-06-22 21:35:01 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Sun
2008-06-22 00:07:50 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Talkback
2008-06-22 00:07:23 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Mozilla
2008-06-21 20:25:14 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Macromedia
2008-06-21 20:23:52 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Adobe
2008-06-21 20:23:40 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Google
2008-06-21 20:21:37 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Smith Micro
2008-06-21 17:19:09 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Symantec
2008-06-21 17:18:53 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Real
2008-06-21 17:18:18 0 d------c- C:\Documents and Settings\home.KHAOS\Application Data\Identities
2008-06-21 17:17:57 0 dr-h---c- C:\Documents and Settings\home.KHAOS\SendTo
2008-06-21 17:17:57 0 dr-h---c- C:\Documents and Settings\home.KHAOS\Recent
2008-06-21 17:17:57 0 d--h---c- C:\Documents and Settings\home.KHAOS\PrintHood
2008-06-21 17:17:57 0 d--h---c- C:\Documents and Settings\home.KHAOS\NetHood
2008-06-21 17:17:57 0 dr-----c- C:\Documents and Settings\home.KHAOS\My Documents
2008-06-21 17:17:57 0 d--h---c- C:\Documents and Settings\home.KHAOS\Local Settings
2008-06-21 17:17:57 0 dr-----c- C:\Documents and Settings\home.KHAOS\Favorites
2008-06-21 17:17:57 0 d------c- C:\Documents and Settings\home.KHAOS\Desktop
2008-06-21 17:17:57 0 d--hs--c- C:\Documents and Settings\home.KHAOS\Cookies
2008-06-21 17:17:57 0 dr-h---c- C:\Documents and Settings\home.KHAOS\Application Data
2008-06-21 17:17:56 0 d--h---c- C:\Documents and Settings\home.KHAOS\Templates
2008-06-21 17:17:56 0 dr-----c- C:\Documents and Settings\home.KHAOS\Start Menu
2008-06-21 17:17:56 2883584 --ah----- C:\Documents and Settings\home.KHAOS\NTUSER.DAT
2008-06-21 16:37:59 0 d------c- C:\N360_BACKUP
2008-06-21 16:25:51 0 d------c- C:\Program Files\Norton 360
2008-06-21 16:19:55 0 d------c- C:\Documents and Settings\Neymore\Application Data\Symantec
2008-06-20 19:45:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-20 18:18:24 0 d------c- C:\Program Files\Avira
2008-06-20 16:31:43 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2008-06-20 16:31:43 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2008-06-20 16:31:43 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2008-06-20 16:31:43 0 d--h---c- C:\Documents and Settings\Administrator\Recent
2008-06-20 16:31:43 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2008-06-20 16:31:43 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-20 16:31:43 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2008-06-20 16:31:43 0 d------c- C:\Documents and Settings\Administrator\My Documents
2008-06-20 16:31:43 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2008-06-20 16:31:43 0 d------c- C:\Documents and Settings\Administrator\Favorites
2008-06-20 16:31:43 0 d------c- C:\Documents and Settings\Administrator\Desktop
2008-06-20 16:31:43 0 d---s--c- C:\Documents and Settings\Administrator\Cookies
2008-06-20 16:31:43 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2008-06-20 16:31:43 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-20 16:07:30 79872 --a----c- C:\WINDOWS\system32\sebvyxtp.dll
2008-06-20 16:04:28 99328 --a----c- C:\WINDOWS\system32\mpuohsmr.dll
2008-06-20 16:02:16 0 d------c- C:\Documents and Settings\Neymore\Application Data\Adobe
2008-06-20 16:02:07 90624 --a----c- C:\WINDOWS\system32\quqxvsvw.dll
2008-06-20 16:01:28 745420 --ahs---- C:\WINDOWS\system32\fiiSBcdd.ini2
2008-06-20 12:06:31 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-20 03:19:05 0 d------c- C:\Documents and Settings\Neymore\Application Data\Sun
2008-06-20 01:27:03 0 d------c- C:\Documents and Settings\Neymore\Application Data\Macromedia
2008-06-20 01:26:45 0 d--h---c- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-06-20 01:26:45 0 dr-----c- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-06-20 01:26:45 0 dr-h---c- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-06-20 01:26:45 0 d--h---c- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-06-20 01:26:45 0 d--h---c- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-06-20 01:26:45 0 d--h---c- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-06-20 01:26:45 0 d------c- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-06-20 01:26:45 0 dr-h---c- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-06-20 01:26:45 0 d------c- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-06-20 01:26:45 0 d------c- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-06-20 01:26:45 0 d---s--c- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-06-20 01:26:45 0 d--h---c- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-06-20 01:26:45 0 dr-----c- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-06-20 01:26:45 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-06-20 01:26:45 0 dr-----c- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-06-20 01:26:45 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-06-20 01:26:22 0 dr-h---c- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-06-20 01:26:22 0 d---s--c- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-06-20 01:26:22 0 dr-h---c- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-06-20 01:26:22 0 d---s--c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-06-19 21:30:46 0 d------c- C:\Documents and Settings\Neymore\Application Data\Paltalk
2008-06-19 21:24:23 58368 --a------ C:\WINDOWS\system32\khfGaBRl.dll
2008-06-19 18:40:28 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-06-19 18:33:51 58368 --a------ C:\WINDOWS\system32\vtUmJBQh.dll
2008-06-19 18:26:03 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-19 18:25:01 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-06-19 18:24:43 0 d------c- C:\Documents and Settings\Neymore\Application Data\acccore
2008-06-19 18:22:38 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2008-06-19 18:15:14 1199 --ahs---- C:\WINDOWS\system32\cccLkUtv.ini2
2008-06-19 18:08:54 0 d------c- C:\Documents and Settings\Neymore\Application Data\Talkback
2008-06-19 18:08:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-19 18:06:57 0 d------c- C:\Documents and Settings\Neymore\Application Data\Real
2008-06-19 18:05:49 0 d------c- C:\Documents and Settings\Neymore\Application Data\Mozilla
2008-06-19 17:14:08 0 d------c- C:\Program Files\Foxit Software
2008-06-19 17:12:37 0 d------c- C:\Documents and Settings\Neymore\Application Data\WinRAR
2008-06-19 16:17:04 0 d------c- C:\Documents and Settings\Neymore\Application Data\LimeWire
2008-06-19 16:15:15 0 d------c- C:\Program Files\Java
2008-06-19 15:44:57 0 d------c- C:\Documents and Settings\Neymore\Application Data\Google
2008-06-19 15:44:50 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-19 15:33:25 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-19 15:30:25 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-19 15:30:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-19 15:28:03 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-06-19 15:23:06 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-06-19 15:04:52 0 d--hs--c- C:\Documents and Settings\Neymore\UserData
2008-06-19 02:46:50 0 d------c- C:\Documents and Settings\Neymore\Application Data\Smith Micro
2008-06-19 02:43:59 0 d------c- C:\Documents and Settings\Neymore\Application Data\Identities
2008-06-19 02:43:49 0 d--h---c- C:\Documents and Settings\Neymore\Templates
2008-06-19 02:43:49 0 dr-----c- C:\Documents and Settings\Neymore\Start Menu
2008-06-19 02:43:49 0 dr-h---c- C:\Documents and Settings\Neymore\SendTo
2008-06-19 02:43:49 0 dr-h---c- C:\Documents and Settings\Neymore\Recent
2008-06-19 02:43:49 0 d--h---c- C:\Documents and Settings\Neymore\PrintHood
2008-06-19 02:43:49 3407872 --ah----- C:\Documents and Settings\Neymore\NTUSER.DAT
2008-06-19 02:43:49 0 d--h---c- C:\Documents and Settings\Neymore\NetHood
2008-06-19 02:43:49 0 dr-----c- C:\Documents and Settings\Neymore\My Documents
2008-06-19 02:43:49 0 d--h---c- C:\Documents and Settings\Neymore\Local Settings
2008-06-19 02:43:49 0 dr-----c- C:\Documents and Settings\Neymore\Favorites
2008-06-19 02:43:49 0 d------c- C:\Documents and Settings\Neymore\Desktop
2008-06-19 02:43:49 0 d--hs--c- C:\Documents and Settings\Neymore\Cookies
2008-06-19 02:43:49 0 d--h---c- C:\Documents and Settings\Neymore\Application Data
2008-06-19 02:43:49 0 d---s--c- C:\Documents and Settings\Neymore\Application Data\Microsoft
2008-06-19 02:42:24 0 d--h---c- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-06-19 02:42:24 0 d--hs--c- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-06-19 02:42:24 0 d------c- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-06-19 02:42:24 0 d---s--c- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-06-19 02:42:23 262144 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-06-19 02:42:07 262144 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-06-19 02:42:07 0 d--h---c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-06-19 02:42:07 0 d--hs--c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-06-19 02:42:07 0 d------c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-06-19 02:42:07 0 d---s--c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-06-19 02:37:51 225280 ---h---c- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-06-19 02:37:41 0 -rahs--c- C:\MSDOS.SYS
2008-06-19 02:37:41 0 -rahs--c- C:\IO.SYS
2008-06-19 02:37:41 0 --a----c- C:\CONFIG.SYS
2008-06-19 02:37:41 0 --a----c- C:\AUTOEXEC.BAT
2008-06-19 02:36:18 0 d--hs--c- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-06-19 02:33:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-16 11:57:26 0 d-------- C:\WINDOWS\pss
2008-06-16 09:51:49 0 d------c- C:\Program Files\Windows Sidebar
2008-06-16 09:50:34 0 d------c- C:\Program Files\Symantec
2008-06-16 09:50:34 0 d------c- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-16 09:49:48 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-06-16 08:02:50 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 04:53:53 0 d------c- C:\Program Files\Novatel Wireless
2008-06-15 06:29:25 0 d------c- C:\Documents and Settings\LocalService\Desktop
2008-06-15 06:29:15 0 d------c- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-15 06:25:33 0 d------c- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 16:00:42 0 d-------- C:\Program Files\VideoLAN
2008-06-12 15:35:39 0 d------c- C:\divx
2008-06-10 22:30:24 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-10 22:28:44 0 d-------- C:\Program Files\Yahoo!
2008-06-10 18:12:51 0 d------c- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-06-10 14:20:15 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-10 14:04:14 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-09 23:44:35 0 d------c- C:\Program Files\Common Files\xing shared
2008-06-09 23:44:26 0 d-------- C:\Program Files\Real
2008-06-09 23:44:24 0 d------c- C:\Program Files\Common Files\Real
2008-06-08 23:46:04 0 d------c- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-08 23:45:36 0 d------c- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-08 23:45:27 0 d------c- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-08 23:44:49 0 d------c- C:\Program Files\AIM6
2008-06-08 23:19:34 0 d------c- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-08 23:19:31 0 d------c- C:\Program Files\Common Files\AOL
2008-06-08 23:18:19 0 d------c- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-08 21:29:56 0 d-------- C:\Program Files\DVD X Studios
2008-06-08 20:06:23 0 d-------- C:\Program Files\SlySoft
2008-06-08 20:04:31 0 d------c- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-06-08 19:54:08 0 d-------- C:\WINDOWS\Sun
2008-06-08 19:50:27 0 d------c- C:\Program Files\Common Files\Java
2008-06-08 19:41:00 0 d-------- C:\Program Files\LimeWire
2008-06-08 19:29:04 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-08 19:28:23 0 d-------- C:\Program Files\Realtek
2008-06-08 19:28:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 19:19:20 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-08 19:19:12 0 d-------- C:\Program Files\Synaptics
2008-06-08 18:50:47 0 d------c- C:\Program Files\Conduit
2008-06-08 18:50:46 0 d-------- C:\Program Files\isoHunt
2008-06-02 09:52:06 0 d-------- C:\WINDOWS\system32\Lang

-- Find3M Report ---------------------------------------------------------------
2008-06-20 17:08:17 0 d-------- C:\Program Files\Google
2008-06-20 01:26:45 62 --ahs--c- C:\Documents and Settings\home.KHAOS\Application Data\desktop.ini
2008-06-19 15:31:27 0 d------c- C:\Program Files\Common Files
2008-06-08 19:19:06 0 d------c- C:\Program Files\Common Files\InstallShield
2008-05-16 19:20:02 0 d------c- C:\Program Files\Common Files\Adobe
2008-05-11 21:34:10 0 d-------- C:\Program Files\Verizon Wireless
2008-04-30 15:41:11 0 d-------- C:\Program Files\microsoft frontpage
2008-04-30 15:39:15 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-30 15:39:10 0 d-------- C:\Program Files\Online Services
2008-04-30 15:38:08 0 d------c- C:\Program Files\Common Files\MSSoap
2008-04-30 15:37:56 0 d-------- C:\Program Files\Movie Maker
2008-04-30 15:36:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-30 15:36:04 0 d-------- C:\Program Files\Windows NT
2008-04-30 08:30:30 0 d------c- C:\Program Files\Common Files\ODBC
2008-04-30 08:30:26 0 d------c- C:\Program Files\Common Files\SpeechEngines

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b765df-e78e-41a7-b5ea-72ab7ff5b527}]
06/20/2008 04:04 PM 99328 --a--c--- C:\WINDOWS\system32\mpuohsmr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/23/2008 10:08 PM 349552 --a--c--- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
06/19/2008 03:31 PM 116088 --a--c--- C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
06/15/2008 08:50 PM 1571864 --a------ C:\Program Files\isoHunt\tbisoH.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}]
C:\WINDOWS\system32\urqOIcDU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD00F7AF-D8DA-4CF8-A787-801E7570B163}]
C:\WINDOWS\system32\vtUkLccc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC399D28-5657-4240-B0F7-6E348667ECEE}]
C:\WINDOWS\system32\ddcBSiif.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 10:08 PM 349552]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= C:\Program Files\isoHunt\tbisoH.dll [06/15/2008 08:50 PM 1571864]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[-HKEY_CLASSES_ROOT\CLSID\{A6E4A4EB-D169-4E99-8988-250FCBAFE767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/19/2008 06:07 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/06/2007 08:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [01/28/2008 02:43 PM]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2008 02:50 PM C:\WINDOWS\RTHDCPL.exe]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 10:50 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 03:37 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 01:16 AM]
"a4a13345"="C:\WINDOWS\system32\sebvyxtp.dll" [06/20/2008 04:07 PM]
"BMa79200d9"="C:\WINDOWS\system32\quqxvsvw.dll " [06/20/2008 04:02 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [06/19/2008 03:44 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [05/29/2008 05:26 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{BE7E4CE1-8CBA-44A6-956F-462A667D3286}"= C:\WINDOWS\system32\urqOIcDU.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOIcDU]
urqOIcDU.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBSiif
*Newly Created Service* - COMHOST
*Newly Created Service* - WMDMPMSN

-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8743 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-06-23 22:27:50 ------------





ok you may also wish to know that befoe my friend gave me the computer he had reinstaled the windows xp pro. the user accounts i have made on it are SAFE MODE AND NEYMORE. BUT AS I WAS LOOKING AND SCANNING THROUGH THE PC I FOUND FILES THT ARE FROM HIS OLD INSTALL LIKE HIS PICTURES AND DOCUMENTS AND STUFF LIKE THAT I CAN'T VIEW THEM. BUT I CAN SEE THERE STILL ON THE PC. I TRY TO OPEN HEM BUT IT SAYS ACCESS IS DENIED AND TO CHECK TO SEE IF THE DISC IS NOT WRITE PROTECTED OR FULL. I ALSO WISH TO GET RID OF ALL HIS OTHER STUFF(SCRUB THE PC CLEAN OF ALL OTHER INSTALL STUFF AND PRE OWNED USER FILES). BUT TO KEEP ALL MY NOW ACCUMEULATED PICS AND STUFF. I DO STILL HVE HIS OLD XP PRO DISC IF I DO END UP NEEDING TO REINSTALL. THANX IN ADVANCE FOR THE HELP
  #2  
Old 06-24-2008
Bronze Member
My PC
 
Join Date: Jun 2008
Posts: 25
PC Experience: Some Experience
khaosmage - See this Members User comments on their Profile page
Default Re: please help with pop ups!!!!!
Also Know That When My Friend First Bought This Laptop Computer It Was Running Windows Vista.
  #3  
Old 06-24-2008
Bronze Member
My PC
 
Join Date: Jun 2008
Posts: 25
PC Experience: Some Experience
khaosmage - See this Members User comments on their Profile page
Exclamation Re: please help with pop ups!!!!!
ok they are recent. as for wether or not i did a clean install i want to say yes. (when i started the install and chose where to install it a message said that if i continue it would delete the previous windows install) and that i would loose all files and stuff like that(but to tell the truth i dont know for sure). as for when they pop up it seems to only be when i use IE. they pop up about 5 min after its open and keep popping back up(after they are closed) intermitantly.sometimes they even freez my system and force me to restart the pc. all of my desktop icons vanish. and when i press the windows key nothing happens. but i can still use task mannager.
  #4  
Old 06-24-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,107
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: please help with pop ups!!!!!
Among others,you have a Vundo infection..


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 06-24-2008
Bronze Member
My PC
 
Join Date: Jun 2008
Posts: 25
PC Experience: Some Experience
khaosmage - See this Members User comments on their Profile page
Default Re: please help with pop ups!!!!!
ok im going to try both. gonna do the short rout first and if i have no luck than i will go ahead and do the long one and put up the new reports when i am finnished


Last edited by khaosmage; 06-24-2008 at 06:14 AM. Reason: spelling
  #6  
Old 06-24-2008
Bronze Member
My PC
 
Join Date: Jun 2008
Posts: 25
PC Experience: Some Experience
khaosmage - See this Members User comments on their Profile page
Default Re: please help with pop ups!!!!!
oh the other guys messages are gone. was his info not reliable. well i guess its gonna be the long way. ok i'll put up the new reports as soon as i have them
  #7  
Old 06-24-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,107
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: please help with pop ups!!!!!
Originally Posted by khaosmage View Post
oh the other guys messages are gone. was his info not reliable. well i guess its gonna be the long way. ok i'll put up the new reports as soon as i have them
Only our security staff are allowed to comment/fix logs.


__________________
  • An Australian Member of
  • and
My real na