|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
06-27-2008, 04:43 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 2
OS: Vista
|
Virus, probably Trojan... DLL? 'Virus detected' pop-ups
My computer is typing really slow as I write this, and this is the second time that I've tried to post this thread. My Firefox browser froze up last time, and I had to use Microsoft Task Manager to exit out of it.
Thank you so much to whoever reads this, I will try to provide as much detail as I possibly can so that you can help me. A couple of days ago, I tried to download a free 30-day trial version of Photoshop CS2. One of my friends kept pressuring me to find a website to use to generate a serial code that would allow me to have the full version. Unfortunately I gave in. I went on google and clicked on a website. I must have hit enter or something while I was on it, because it immediately started downloading its program onto my computer. :P Immediately after that , my computer started having pop-ups that said that a dangerous Trogan virus had found hits way onto my computer and that I should hit 'Okay' to go to the website to download antivirus software. However, the only buttons on the window were 'Yes' and 'No'. I immediately became suspicious and started searching google for a good anti-spyware program. I think that I ended up downloading Spymaster or something . It seemed to help for a while. However, a few hours later, the program with the pop-ups became active again, and the pop-ups were again present. Then I started getting messages that Windows Explorer was experiencing difficulties. At those times, I had to restart my computer. Then I restarted it in Safemode and did a System Restore to the time before I had installed the Photoshop trial. That didn't help. I followed the 5 steps in that post that said what to do. However, the Panda software didn't scan... Also, I cannot update windows, as I cannot get more than a single webpage into looking for it on IE before I am crippled by popups that won't let me do anything more in IE. Also, Firefox has several times where it has opened a new tab, unbidden, and a few of those looked like porn websites by the name oes in the URL. Well, this has been a really hard post to write, as I am about a paragraph ahead of the print on the screen and am currently waiting for it to catch up with me (that's how slow my computer is right now). Thanks for the reads this. Deckard's System Scanner v20071014.68 Run by Aliso on 2008-06-27 14:43:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 7: 2008-06-26 18:46:40 UTC - RP174 - Installed Adobe Photoshop CS2 6: 2008-06-26 07:01:17 UTC - RP173 - Windows Update 5: 2008-06-23 22:48:48 UTC - RP172 - Scheduled Checkpoint 4: 2008-06-21 18:32:28 UTC - RP171 - Installed Java(TM) 6 Update 5 3: 2008-06-21 08:02:57 UTC - RP170 - Scheduled Checkpoint -- First Restore Point -- 1: 2008-06-17 19:16:25 UTC - RP168 - Scheduled Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Aliso.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:47:56 PM, on 6/27/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\drivers\services.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Windows\system32\CTsvcCDA.exe C:\Windows\system32\dlcjcoms.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Windows\System32\rpcnet.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\STacSV.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\Explorer.exe C:\Users\Aliso\Desktop\dss.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Aliso.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myuw.washington.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Xena toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\Windows\system32\dani.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cBSiIBsr.dll,#1 O4 - HKLM\..\Run: [[system]] C:\Windows\system32\drivers\services.exe O4 - HKLM\..\Run: [winlogon] C:\Windows\system32\config\systemprofile\svchost.exe O4 - HKLM\..\Run: [calc.exe] C:\Users\Aliso\AppData\Local\Temp\calc.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [[system]] C:\Windows\system32\drivers\services.exe O4 - HKCU\..\Run: [winlogon] C:\Users\Aliso\svchost.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Aliso\AppData\Local\Temp\efcDSijg.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Aliso\AppData\Local\Temp\byXRigGv.dll,#1 O4 - HKCU\..\Run: [223d00c2] rundll32.exe "C:\Users\Aliso\AppData\Local\Temp\mtdwegsf.dll",b O4 - HKCU\..\Run: [BM210e335e] Rundll32.exe "C:\Users\Aliso\AppData\Local\Temp\vknameso.dll",s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\Windows\system32\drivers\services.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\Windows\system32\drivers\services.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: userinit.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{9E463C9C-3EE2-4716-8A3B-42F6F592A0B2}: NameServer = 85.255.115.106,85.255.112.123 O17 - HKLM\System\CCS\Services\Tcpip\..\{E38FD172-F8BB-44A1-B3E9-1ABDD9E9BD07}: NameServer = 85.255.115.106,85.255.112.123 O17 - HKLM\System\CCS\Services\Tcpip\..\{E942D365-BEF8-4F77-BCF3-599931AB5610}: NameServer = 85.255.115.106,85.255.112.123 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.106 85.255.112.123 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.106 85.255.112.123 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.106 85.255.112.123 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: dlcj_device - - C:\Windows\system32\dlcjcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\drivers\services.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkpz.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11760 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service> R2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module> R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\onetouch\utils\syncservices.exe" <Not Verified; ; SyncServices> R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S2 Windows Tribute Service - c:\windows\system32\kdkpz.exe -srv S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0000 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0000 Service: tunnel -- Scheduled Tasks ------------------------------------------------------------- 2008-06-21 01:28:20 488 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Aliso.job -- Files created between 2008-05-27 and 2008-06-27 ----------------------------- 2008-06-27 14:47:44 0 d-------- C:\Program Files\Trend Micro 2008-06-27 14:32:35 0 d-------- C:\ie-spyad_zo 2008-06-27 14:29:09 0 d-------- C:\Users\All Users\TEMP 2008-06-27 14:29:09 0 d-------- C:\Users\All Users\Application Data\TEMP 2008-06-27 14:29:02 0 d-------- C:\Program Files\SpywareBlaster 2008-06-27 14:12:49 0 d-------- C:\Program Files\Panda Security 2008-06-27 13:31:09 13824 --a------ C:\Users\Aliso\svchost.exe 2008-06-27 13:22:52 13824 --a------ C:\userinit.exe 2008-06-26 15:54:15 0 d-------- C:\Users\All Users\Application Data\Adobe Systems 2008-06-26 15:54:15 0 d-------- C:\Users\All Users\Adobe Systems 2008-06-26 12:08:49 0 d-------- C:\Program Files\Enigma Software Group 2008-06-26 11:35:27 13824 --a------ C:\Windows\system32\dani.dll 2008-06-26 11:35:06 36352 --a------ C:\Windows\system32\xxYPgHyV.dll 2008-06-26 11:35:05 36352 --a------ C:\Windows\system32\yayxUoLc.dll 2008-06-26 11:34:13 13824 --a------ C:\Windows\system32\drivers\services.exe 2008-06-26 11:34:01 5120 --a------ C:\jgkpt.exe 2008-06-26 11:33:57 13824 --a------ C:\vwhfxvxv.exe 2008-06-26 11:33:51 7680 --a------ C:\Windows\system32\drivers\spools.exe 2008-06-26 11:33:38 41984 --a------ C:\Windows\mrofinu1535.exe 2008-06-26 11:33:31 34304 --a------ C:\Windows\system32\cBSiIBsr.dll 2008-06-15 00:11:10 0 d-------- C:\Program Files\Apple Software Update 2008-06-08 22:28:32 0 d-------- C:\Program Files\MSECache 2008-06-06 13:27:08 0 d-------- C:\Program Files\Netflix -- Find3M Report --------------------------------------------------------------- 2008-06-27 14:20:08 17408 --a------ C:\Windows\system32\rpcnetp.exe 2008-06-27 14:20:05 41584 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application> 2008-06-27 14:19:42 0 d-------- C:\Users\Aliso\AppData\Roaming\OpenOffice.org2 2008-06-27 14:18:14 12 --a------ C:\Windows\bthservsdp.dat 2008-06-27 13:23:33 17408 --a------ C:\Windows\system32\rpcnetp.dll 2008-06-27 13:21:21 0 d-------- C:\Program Files\Viewpoint 2008-06-27 13:21:21 0 d-------- C:\Program Files\Microsoft Works 2008-06-27 13:21:21 0 d-------- C:\Program Files\Google 2008-06-27 13:21:20 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-26 23:38:21 27335 --a------ C:\Users\Aliso\AppData\Roaming\nvModes.001 2008-06-26 15:59:11 0 d-------- C:\Users\Aliso\AppData\Roaming\Adobe 2008-06-26 11:53:32 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-26 11:51:55 0 d-------- C:\Program Files\Common Files 2008-06-21 11:34:29 0 d-------- C:\Program Files\Java 2008-06-15 12:09:23 27335 --a------ C:\Users\Aliso\AppData\Roaming\nvModes.dat 2008-06-11 10:41:55 0 d-------- C:\Program Files\Windows Mail 2008-06-08 22:37:47 0 d-------- C:\Program Files\dl_Cats 2008-05-22 22:59:46 0 d-------- C:\Users\Aliso\AppData\Roaming\U3 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}] 06/26/2008 11:35 AM 13824 --a------ C:\Windows\system32\dani.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSServer"="C:\Windows\system32\cBSiIBsr.dll" [06/26/2008 11:33 AM] "[system]"="C:\Windows\system32\drivers\services.exe" [06/26/2008 11:33 AM] "winlogon"="C:\Windows\system32\config\systemprofile\svchost.exe" [06/26/2008 11:33 AM] "calc.exe"="C:\Users\Aliso\AppData\Local\Temp\calc.exe" [] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "[system]"="C:\Windows\system32\drivers\services.exe" [06/26/2008 11:33 AM] "winlogon"="C:\Users\Aliso\svchost.exe" [06/26/2008 11:33 AM] "cmds"="C:\Users\Aliso\AppData\Local\Temp\efcDSijg.dll,c" [] "MSServer"="C:\Users\Aliso\AppData\Local\Temp\byXRigGv.dll,#1" [] "223d00c2"="C:\Users\Aliso\AppData\Local\Temp\mtdwegsf.dll,b" [] "BM210e335e"="C:\Users\Aliso\AppData\Local\Temp\vknameso.dll,s" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:36 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "[system]"=C:\Windows\system32\drivers\services.exe "winlogon"=C:\Windows\system32\config\systemprofile\svchost.exe C:\Users\Aliso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM] userinit.exe [6/26/2008 11:33:59 AM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 3:55:50 PM] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/13/2007 3:41:23 AM] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 4:13:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{0E64E841-2463-47C9-8797-DAF2810BBF61}"= C:\Users\Aliso\AppData\Local\Temp\byXRigGv.dll [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bdb145-6c40-11dc-aaaa-001c26f0bfa0}] AutoRun\command- G:\tmf3w3g0.com explore\Command- G:\tmf3w3g0.com open\Command- G:\tmf3w3g0.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81154cd2-e7c0-11dc-901a-001c26f0bfa0}] AutoRun\command- G:\LaunchU3.exe -a *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-27 14:50:38 ------------ |
|
     
|
|
07-02-2008, 01:48 AM
|
#2 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 2
OS: Vista
|
Re: Virus, probably Trojan... DLL? 'Virus detected' pop-ups
Hey, so it's been more than 72 hours by my calculations (I'm really bad at counting 24 hour time periods). Ummm... Still having the same problems. Now my Firefox browser closes of its on will at times.
|
|
|
|
|
| Thread Tools | |
|
|
