Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Help With DSS Please Help With DSS Please
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 07-09-2008, 10:01 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Location: West Tennessee
Posts: 1
OS: Windows XP Pro


Help With DSS Please
Can someone help me with my dss report, please?

Thank You,
Alien

DSS Log:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-09 11:25:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
180: 2008-07-09 16:25:33 UTC - RP254 - Deckard's System Scanner Restore Point
179: 2008-07-08 19:32:06 UTC - RP253 - Installed DirectX
178: 2008-07-07 17:30:20 UTC - RP252 - Installed TuneUp Utilities 2008
177: 2008-07-07 17:28:11 UTC - RP251 - Installed Windows Installer Clean Up
176: 2008-07-07 15:47:48 UTC - RP250 - Installed Windows XP KB942288-v3.


-- First Restore Point --
1: 2008-04-25 22:45:08 UTC - RP75 - Installed Windows XP KB924191.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:32 AM, on 7/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\PieAutoUpdater\PieAutoUpdater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PieAutoUpdater\pglite.exe
C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: torrentreactor.net Toolbar - {b23920f4-4c2f-412b-9450-1d7028d5454e} - C:\Program Files\torrentreactor.net\tbtor1.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: torrentreactor.net Toolbar - {b23920f4-4c2f-412b-9450-1d7028d5454e} - C:\Program Files\torrentreactor.net\tbtor1.dll
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Pie Auto Updater] "C:\Program Files\PieAutoUpdater\PieAutoUpdater.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [QNPlus] C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Styler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210803650796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/...ws-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13606 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pgfilter - c:\program files\pieautoupdater\pgfilter.sys

S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing)
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-09 1106 286 --a------ C:\WINDOWS\Tasks\HP Usg Login.job
2008-07-09 1106 502 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-07-08 19:07:33 438 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{58FD0FCC-1360-4318-8AD8-0FEB672D300B}.job
2008-07-07 11:00:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-12 13:59:19 294 --a------ C:\WINDOWS\Tasks\Disk DeFrag .job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-08 12:29:18 0 d-------- C:\Program Files\KellySoftware
2008-07-07 12:28:13 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-07-07 10:19:03 0 d-------- C:\Program Files\MSECACHE
2008-07-05 11:09:50 0 d-------- C:\Documents and Settings\Administrator\Tab Launchpad
2008-07-04 22:19:37 0 d-------- C:\WINDOWS\pss
2008-07-04 21:57:45 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-04 21:57:09 0 d-------- C:\Program Files\Common Files\Java
2008-07-04 21:54:43 0 d-------- C:\Program Files\Common Files\Java(2)
2008-07-04 21:34:09 6291456 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-07-04 11:18:42 102640 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-07-01 18:39:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-01 17:25:37 0 d-------- C:\WINDOWS\nvidia icons
2008-06-30 17:13:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\MiniDm
2008-06-30 16:17:14 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-30 11:16:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-30 11:07:23 0 d-------- C:\Program Files\QuickTime
2008-06-30 11:07:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 20:46:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\IEPro
2008-06-29 12:41:34 0 d-------- C:\Program Files\Steam
2008-06-28 12:25:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-20 16:58:36 0 d--hs---- C:\WINDOWS\ftpcache
2008-06-20 15:03:53 0 d-------- C:\temp
2008-06-20 15:03:03 0 d-------- C:\Program Files\LG Electronics
2008-06-20 15:02:32 528384 -----n--- C:\WINDOWS\system32\VZWDownManager.exe <Not Verified; Verizon; VZWDownManager Application>
2008-06-20 15:02:32 49152 -----n--- C:\WINDOWS\system32\VZWDLManager.dll <Not Verified; ; VZWDLManager Module>
2008-06-20 15:02:27 0 d-------- C:\Program Files\Verizon Wireless
2008-06-19 15:32:14 0 d-------- C:\Themes
2008-06-15 13:26:17 56320 -----n--- C:\WINDOWS\system32\iyvu9_32.dll
2008-06-15 13:26:17 136704 --a------ C:\WINDOWS\system32\iacenc.dll <Not Verified; Ligos Corporation; Indeo® Audio Software>
2008-06-15 13:26:14 0 d-------- C:\Program Files\Ligos
2008-06-13 20:11:46 139264 --a------ C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2008-06-13 19:55:45 319488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe <Not Verified; ; MafiaInstallShield Application>
2008-06-13 10:55:28 0 d-------- C:\Program Files\Microsoft Picture It! 9
2008-06-12 14:10:51 0 d-------- C:\Program Files\PieAutoUpdater
2008-06-12 13:11:58 0 d-------- C:\Program Files\GSpot
2008-06-11 16:14:36 438272 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; EA.com/On2.com; EAOn2_VP6>
2008-06-11 12:52:31 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-11 12:36:16 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-06-09 21:21:28 0 d-------- C:\Program Files\Conduit
2008-06-09 21:21:25 0 d-------- C:\Program Files\torrentreactor.net


-- Find3M Report ---------------------------------------------------------------

2008-07-08 15:34:46 16964 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-07-07 18:48:42 108190 --a------ C:\Program Files\INSTALL.LOG
2008-07-07 12:31:47 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-07 12:29:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 12:27:42 0 d-------- C:\Program Files\Common Files
2008-07-04 22:29:31 0 d-------- C:\Program Files\Trend Micro
2008-07-04 21:57:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-04 21:55:53 0 d-------- C:\Program Files\Java
2008-07-01 18:41:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 16:29:43 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-29 17:03:17 0 d-------- C:\Program Files\Digital Locker Assistant
2008-06-19 15:33:58 0 d-------- C:\Program Files\Stardock
2008-06-13 20:11:46 0 d-------- C:\Program Files\Creative
2008-06-12 14:39:35 0 d-------- C:\Program Files\WinMX
2008-06-08 13:03:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-06-08 13:02:59 0 d-------- C:\Program Files\Logitech
2008-06-05 13:26:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-06-04 18:14:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-06-04 18:09:36 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-04 18:08:00 0 d-------- C:\Program Files\Nero
2008-06-02 13:59:46 0 d-------- C:\Program Files\Common Files\DFX
2008-06-02 12:38:07 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-02 12:00:12 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-06-01 18:30:09 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-06-01 14:32:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-05-30 17:20:12 0 d-------- C:\Program Files\Apple Software Update
2008-05-27 18:52:41 0 d-------- C:\Program Files\FreeSolitaire
2008-05-26 16:21:13 0 d-------- C:\Program Files\Azureus
2008-05-23 15:16:10 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-23 11:56:36 0 d-------- C:\Program Files\Styler
2008-05-23 11:56:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Styler
2008-05-20 18:38:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-05-20 18:31:22 0 d--h----- C:\Program Files\Creative Installation Information
2008-05-19 22:36:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-19 21:22:58 0 d-------- C:\Program Files\Messenger
2008-05-19 21:17:15 0 d-------- C:\Program Files\Movie Maker
2008-05-19 21:13:53 0 d-------- C:\Program Files\Windows NT
2008-05-17 17:58:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-05-15 20:17:02 0 d-------- C:\Program Files\Microsoft Streets and Trips
2008-05-15 20:15:26 0 d-------- C:\Program Files\Microsoft Money
2008-05-15 13:11:01 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-05-10 10:57:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-10 10:57:43 0 d-------- C:\Program Files\Sun
2008-05-09 17:08:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-09 17:08:17 0 d-------- C:\Program Files\Visioneer OneTouch
2008-05-09 17:08:17 0 d-------- C:\Program Files\Send To Toys
2008-05-09 17:08:16 0 d-------- C:\Program Files\Microsoft Works
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-27 14:32:13 2528 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2008-04-27 13:34:12 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-04-27 13:34:12 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2008-04-27 13:34:12 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-04-27 13:34:09 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2008-04-25 18:35:01 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-04-22 21:32:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-22 21:32:31 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-22 21:20:31 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-22 21:20:31 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-04-22 17:07:48 0 -rahs---- C:\MSDOS.SYS
2008-04-22 17:07:48 0 -rahs---- C:\IO.SYS
2008-04-22 17:07:48 0 --a------ C:\CONFIG.SYS
2008-04-22 17:07:48 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 17:05:32 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 09:52:44 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b23920f4-4c2f-412b-9450-1d7028d5454e}]
07/03/2008 07:03 PM 1569304 --a------ C:\Program Files\torrentreactor.net\tbtor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
02/15/2008 07:38 PM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{B23920F4-4C2F-412B-9450-1D7028D5454E}"= C:\Program Files\torrentreactor.net\tbtor1.dll [07/03/2008 07:03 PM 1569304]

[-HKEY_CLASSES_ROOT\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [09/23/2002 11:25 AM]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [11/20/2003 08:13 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 12:01 PM]
"Pie Auto Updater"="C:\Program Files\PieAutoUpdater\PieAutoUpdater.exe" [09/27/2006 10:26 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/25/2008 06:22 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 12:16 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [05/28/2008 08:27 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QNPlus"="C:\Program Files\Conceptworld\QNPlus\QNPlus.exe" [04/10/2007 06:43 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 03:39 PM]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [02/15/2008 09:53 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [06/29/2008 12:42 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 07:12 PM]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [5/23/2008 11:56:21 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 03/28/2008 11:23 AM 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 04/28/2008 01:35 PM 210168 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
"DesktopX"="C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe"
"Creative Detector U"="C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe -a

*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

209.216.253.186 www.winmx.com err.winmx.com
65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
205.238.40.1 cache3.winmx.com test3204.winmx.com
205.238.40.2 cache4.winmx.com test3205.winmx.com
65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com

16 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-09 11:29:17 ------------
Attached Files
File Type: txt extra.txt (23.3 KB, 0 views)
Alien188 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-22-2008, 05:04 AM   #2 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 693
OS: W2K SP4 + XP SP2 + Vista


Re: Help With DSS Please
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please post a fresh DSS log
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:31 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82