Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
Infected... Infected...
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 07-24-2008, 05:25 AM   #1 (permalink)
Registered User
 
Join Date: Aug 2006
Location: East Coast
Posts: 27
OS: XP Pro


Infected...
The current virus/ Spyware on this laptop has been a pain to say the least. I am unable to do a system scan using the online Panda Security tool (It appears to be a problem on their side). I was however able to finally get a report from the Deckard tool. I hope to be able to do the online scan soon but for now here are the results from Deckard

Regards


Deckard's System Scanner v20071014.68
Run by The Doctor on 2008-07-24 07:51:44
Computer is in Safe Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-24 07:52:19
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\The Doctor\Desktop\System Tools\Deckards System Scanner [dss].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {03D3E780-E6DE-4FA2-8E1E-79D4156BD976} - (no file)
O2 - BHO: (no name) - {053FFC73-A95F-4E90-A316-FF3DE431E943} - C:\WINDOWS\system32\yayxyWpN.dll (file missing)
O2 - BHO: {e67f3143-a7d6-431b-1ad4-4a6e9b775fe2} - {2ef577b9-e6a4-4da1-b134-6d7a3413f76e} - C:\WINDOWS\system32\nyfldn.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: (no name) - {6D0C8854-9BAA-41AC-A6E4-ED8BDCD1EF8C} - C:\WINDOWS\system32\geBstqnn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B4DBBD3C-3831-471B-AFF4-D11A2512AF95} - C:\WINDOWS\system32\urqNeccY.dll (file missing)
O2 - BHO: bannerstyle browser optimizer - {c369ec53-258c-76c2-eccd-89269443813d} - C:\WINDOWS\system32\kldyrntxxndrcy.dll
O2 - BHO: (no name) - {FD2114A6-01DF-48E2-8153-682EE00FDEAF} - C:\WINDOWS\system32\wvUkKETm.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\The Doctor\lsass.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [{827ad3e0-cc10-23d5-403e-c9a701737010}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kldyrntxxndrcy.dll" DllStart
O4 - HKLM\..\Run: [e8de0254] rundll32.exe "C:\WINDOWS\system32\jtkklgfg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O20 - Winlogon Notify: wvUkKETm - C:\WINDOWS\system32\wvUkKETm.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 6627 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 07:18:32 0 d-------- C:\Documents and Settings\The Doctor\Application Data\CyberLink
2008-07-23 11:34:24 101888 --a------ C:\WINDOWS\system32\nyfldn.dll
2008-07-23 11:34:23 101888 --a------ C:\WINDOWS\system32\uixqnsyk.dll
2008-07-23 11:31:29 7747 --a------ C:\WINDOWS\system32\iinwpntm.dll
2008-07-23 11:29:23 7741 --a------ C:\WINDOWS\system32\eagmpoxh.dll
2008-07-23 10:32:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-23 09:52:17 7747 --a------ C:\WINDOWS\system32\uunxfuyj.dll
2008-07-23 09:49:18 101888 --a------ C:\WINDOWS\system32\gpahgx.dll
2008-07-23 09:49:17 101888 --a------ C:\WINDOWS\system32\utejmpaa.dll
2008-07-23 09:47:00 0 d-------- C:\Documents and Settings\The Doctor\Application Data\Adobe
2008-07-23 09:46:17 7741 --a------ C:\WINDOWS\system32\yrkskdvk.dll
2008-07-23 08:53:27 52224 ---hs---- C:\Documents and Settings\The Doctor\lsass.exe
2008-07-23 08:52:22 0 d-------- C:\Documents and Settings\The Doctor\Application Data\Identities
2008-07-23 08:48:02 0 dr------- C:\Documents and Settings\The Doctor\Favorites
2008-07-23 08:48:02 0 d-------- C:\Documents and Settings\The Doctor\Desktop
2008-07-23 08:48:02 0 d--hs---- C:\Documents and Settings\The Doctor\Cookies
2008-07-23 08:48:02 0 dr-h----- C:\Documents and Settings\The Doctor\Application Data
2008-07-23 08:48:02 0 d-------- C:\Documents and Settings\The Doctor\Application Data\Intel
2008-07-23 08:48:01 0 d--h----- C:\Documents and Settings\The Doctor\Templates
2008-07-23 08:48:01 0 dr------- C:\Documents and Settings\The Doctor\Start Menu
2008-07-23 08:48:01 0 dr-h----- C:\Documents and Settings\The Doctor\SendTo
2008-07-23 08:48:01 0 dr-h----- C:\Documents and Settings\The Doctor\Recent
2008-07-23 08:48:01 0 d--h----- C:\Documents and Settings\The Doctor\PrintHood
2008-07-23 08:48:01 1048576 --ah----- C:\Documents and Settings\The Doctor\NTUSER.DAT
2008-07-23 08:48:01 0 d--h----- C:\Documents and Settings\The Doctor\NetHood
2008-07-23 08:48:01 0 dr------- C:\Documents and Settings\The Doctor\My Documents
2008-07-23 08:48:01 0 d--h----- C:\Documents and Settings\The Doctor\Local Settings
2008-07-23 08:35:50 0 d-------- C:\WINDOWS\pss
2008-07-22 20:16:32 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-22 20:16:32 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-22 20:16:32 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-22 20:16:32 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-22 20:16:32 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-22 20:16:32 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-22 20:16:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-22 20:16:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-22 20:16:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-22 20:16:32 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-22 20:16:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-22 20:16:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-22 20:16:32 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-22 20:16:32 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-22 20:16:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-14 08:12:50 31744 --a------ C:\WINDOWS\system32\rqRHyVnO.dll
2008-07-14 08:12:50 31744 --a------ C:\WINDOWS\system32\fcCULeFx.dll
2008-07-13 11:05:41 101376 --a------ C:\WINDOWS\system32\jcduyn.dll
2008-07-13 11:05:37 101376 --a------ C:\WINDOWS\system32\xvnujwer.dll
2008-07-13 11:04:59 80896 --a------ C:\WINDOWS\system32\jtkklgfg.dll
2008-07-13 11:04:41 92160 --a------ C:\WINDOWS\system32\otjsoovc.dll
2008-07-13 11:03:36 31744 --a------ C:\WINDOWS\system32\pmnopQjH.dll
2008-07-13 11:03:35 31744 --a------ C:\WINDOWS\system32\efCVOFuS.dll
2008-07-11 14:40:14 64852 --a------ C:\WINDOWS\system32\xmjslwgwzo.exe
2008-07-11 12:23:21 101888 --a------ C:\WINDOWS\system32\okfraw.dll
2008-07-11 12:23:18 101888 --a------ C:\WINDOWS\system32\whknalcd.dll
2008-07-11 12:23:06 92672 --a------ C:\WINDOWS\system32\moxbbgas.dll
2008-07-11 12:22:59 31232 --a------ C:\WINDOWS\system32\wvUmMEWM.dll
2008-07-11 12:22:59 31232 --a------ C:\WINDOWS\system32\efcApOIA.dll
2008-07-11 09:47:12 158208 --a------ C:\WINDOWS\system32\kldyrntxxndrcy.dll
2008-07-10 10:05:23 101376 --a------ C:\WINDOWS\system32\npaeavay.dll
2008-07-10 10:05:23 101376 --a------ C:\WINDOWS\system32\gsyjhi.dll
2008-07-10 10:05:13 92672 --a------ C:\WINDOWS\system32\sihgesxu.dll
2008-07-10 10:04:35 31232 --a------ C:\WINDOWS\system32\byXNDtUl.dll
2008-07-10 10:04:34 31232 --a------ C:\WINDOWS\system32\khfDspMG.dll
2008-07-10 10:03:17 101376 --a------ C:\WINDOWS\system32\gqnnvk.dll
2008-07-10 10:03:13 101376 --a------ C:\WINDOWS\system32\qbofhsyf.dll
2008-07-10 10:03:01 92672 --a------ C:\WINDOWS\system32\ptyexeke.dll
2008-07-09 10:45:56 31232 --a------ C:\WINDOWS\system32\xxyyvTjI.dll
2008-07-09 00:28:55 101376 --a------ C:\WINDOWS\system32\eiijkr.dll
2008-07-09 00:28:53 101376 --a------ C:\WINDOWS\system32\levynyxv.dll
2008-07-09 00:25:58 91648 --a------ C:\WINDOWS\system32\gyahkemw.dll
2008-07-08 00:23:59 31232 --a------ C:\WINDOWS\system32\qoMfcYst.dll
2008-07-08 00:23:56 91648 --a------ C:\WINDOWS\system32\bcmfxaei.dll
2008-07-07 10:55:40 31232 --a------ C:\WINDOWS\system32\ddcbyaAr.dll
2008-07-06 18:03:53 101888 --a------ C:\WINDOWS\system32\sesoab.dll
2008-07-06 18:03:51 101888 --a------ C:\WINDOWS\system32\efkgxtmk.dll
2008-07-06 17:49:55 101888 --a------ C:\WINDOWS\system32\czlthq.dll
2008-07-06 17:49:52 101888 --a------ C:\WINDOWS\system32\oghhgkcs.dll
2008-07-06 17:47:44 0 d-------- C:\WINDOWS\system32\olixds18
2008-07-06 17:47:39 31232 --a------ C:\WINDOWS\system32\urqQhHYP.dll
2008-07-04 02:41:08 104448 --a------ C:\WINDOWS\system32\rvzmvm.dll
2008-07-04 02:41:05 104448 --a------ C:\WINDOWS\system32\wseocixm.dll
2008-07-04 02:40:59 33792 --a------ C:\WINDOWS\system32\ddcBuUmm.dll
2008-07-02 10:42:49 104448 --a------ C:\WINDOWS\system32\fhptnt.dll
2008-07-02 10:42:48 104448 --a------ C:\WINDOWS\system32\hqpywdlu.dll
2008-07-02 10:34:18 34304 --a------ C:\WINDOWS\system32\byXRihif.dll
2008-07-01 10:44:14 104448 --a------ C:\WINDOWS\system32\awtzlx.dll
2008-07-01 10:44:12 104448 --a------ C:\WINDOWS\system32\dwmiunxy.dll
2008-07-01 10:42:01 94720 --a------ C:\WINDOWS\system32\qdvgofkg.dll
2008-06-29 02:55:03 104960 --a------ C:\WINDOWS\system32\ifezzl.dll
2008-06-29 02:55:01 104960 --a------ C:\WINDOWS\system32\nyvmevku.dll
2008-06-29 02:50:14 33280 --a------ C:\WINDOWS\system32\urqrrqqO.dll
2008-06-29 02:49:37 94208 --a------ C:\WINDOWS\system32\slopkyoe.dll
2008-06-28 01:04:50 104960 --a------ C:\WINDOWS\system32\nszmeu.dll
2008-06-28 01:04:48 104960 --a------ C:\WINDOWS\system32\fhelqygy.dll
2008-06-28 00:59:52 94208 --a------ C:\WINDOWS\system32\dktuxyql.dll
2008-06-28 00:59:43 34304 --a------ C:\WINDOWS\system32\opnkkhhh.dll
2008-06-27 10:54:17 34304 --a------ C:\WINDOWS\system32\opnmNDwX.dll
2008-06-26 20:33:26 108032 --a------ C:\WINDOWS\system32\syhhnnfi.dll
2008-06-26 20:32:06 34304 --a------ C:\WINDOWS\system32\tuvSijHb.dll
2008-06-26 20:31:37 95744 --a------ C:\WINDOWS\system32\vitiphdk.dll
2008-06-25 22:29:18 33792 --a------ C:\WINDOWS\system32\wvUkKaww.dll
2008-06-25 11:25:41 33792 --a------ C:\WINDOWS\system32\byXQGyXQ.dll
2008-06-25 11:17:46 33792 --a------ C:\WINDOWS\system32\pmnkLBRH.dll
2008-06-25 11:02:04 86016 --a------ C:\WINDOWS\system32\qxhrjuhd.dll
2008-06-25 11:01:35 108032 --a------ C:\WINDOWS\system32\njghtvva.dll
2008-06-25 10:59:38 33792 --a------ C:\WINDOWS\system32\wvUoNDuR.dll
2008-06-25 10:59:27 94720 --a------ C:\WINDOWS\system32\qndjwjpu.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-24 07:51:18 852255 --ahs---- C:\WINDOWS\system32\nnqtsBeg.ini2
2008-06-22 22:43:09 121344 --a------ C:\WINDOWS\system32\julbcndx.dll
2008-06-22 22:40:47 0 d-------- C:\Program Files\BChanger
2008-06-22 22:40:04 128512 --a------ C:\WINDOWS\system32\myxupxfs.dll
2008-06-22 22:39:56 128512 --a------ C:\WINDOWS\system32\fgqoyvcy.dll
2008-06-22 09:31:24 44544 --a------ C:\WINDOWS\system32\qoMfFXrQ.dll
2008-06-21 18:26:31 44544 --a------ C:\WINDOWS\system32\geBstqPf.dll
2008-06-21 18:14:41 130560 --a------ C:\WINDOWS\system32\essxavwn.dll
2008-06-21 18:09:33 44544 --a------ C:\WINDOWS\system32\vtUlKDtu.dll
2008-06-21 18:09:31 128512 --a------ C:\WINDOWS\system32\tbobadxn.dll
2008-06-21 12:51:53 44544 --a------ C:\WINDOWS\system32\vtUkijHa.dll
2008-06-21 12:42:17 130560 --a------ C:\WINDOWS\system32\csxbjsyf.dll
2008-06-21 12:40:37 0 d-------- C:\Program Files\Svconr
2008-06-20 00:26:29 44544 --a------ C:\WINDOWS\system32\byXRlKBQ.dll
2008-06-19 23:59:46 134656 --a------ C:\WINDOWS\system32\eegxpvug.dll
2008-06-19 23:54:44 104960 --a------ C:\WINDOWS\system32\annupbdc.dll
2008-06-19 11:04:02 86528 --a------ C:\WINDOWS\system32\qoMggggg.dll
2008-06-18 18:16:35 86528 --a------ C:\WINDOWS\system32\kHAqoPGa.dll
2008-06-18 11:44:49 134656 --a------ C:\WINDOWS\system32\tvoaophn.dll
2008-06-18 11:42:36 86528 --a------ C:\WINDOWS\system32\opnNHaba.dll
2008-06-18 11:42:23 129536 --a------ C:\WINDOWS\system32\xcgcevsn.dll
2008-06-16 20:08:38 131584 --a------ C:\WINDOWS\system32\kxvcdgtd.dll
2008-06-16 20:05:17 127488 --a------ C:\WINDOWS\system32\eckqghnc.dll
2008-06-16 20:03:43 300544 --a------ C:\WINDOWS\system32\geBstqnn.dll
2008-06-16 15:16:16 678462 --ahs---- C:\WINDOWS\system32\YcceNqru.ini2
2008-06-16 14:13:54 131584 --a------ C:\WINDOWS\system32\uyiveinx.dll
2008-06-16 14:13:44 127488 --a------ C:\WINDOWS\system32\bhrqtqgx.dll
2008-06-16 13:53:45 685716 --ahs---- C:\WINDOWS\system32\NpWyxyay.ini2
2008-06-16 13:48:44 0 d-------- C:\Program Files\Common Files
2008-06-16 10:19:52 131584 --a------ C:\WINDOWS\system32\qnjeunsn.dll
2008-06-16 10:19:38 127488 --a------ C:\WINDOWS\system32\qmgtnpxw.dll
2008-06-16 09:36:25 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-16 09:35:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-16 09:34:48 0 d-------- C:\Program Files\Temporary
2008-06-16 09:34:09 0 d-------- C:\Program Files\Symantec
2008-06-16 09:29:31 0 d-------- C:\Program Files\Spcron
2008-06-16 09:24:22 0 d-------- C:\Program Files\mjc
2008-06-16 09:19:34 89600 --a------ C:\WINDOWS\system32\wvUlifdE.dll
2008-06-14 18:13:30 92672 --a------ C:\WINDOWS\system32\wvUkKETm.dll
2008-06-09 14:25:18 0 d-------- C:\Program Files\AIM6
2008-06-09 14:25:12 0 d-------- C:\Program Files\Viewpoint
2008-06-09 13:53:53 0 d-------- C:\Program Files\Java
2008-06-09 13:53:02 0 d-------- C:\Program Files\Common Files\Java
2008-05-30 19:55:54 0 d-------- C:\Program Files\Common Files\AOL
2008-05-30 19:55:54 0 d-------- C:\Program Files\AIM
2008-05-30 18:16:33 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-05-30 18:16:11 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-30 18:00:02 0 d-------- C:\Program Files\AOD
2008-05-30 15:58:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 15:57:15 0 d-------- C:\Program Files\Dell
2008-05-30 15:43:27 0 d-------- C:\Program Files\CyberLink
2008-05-30 15:34:39 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-05-30 15:33:32 0 d-------- C:\Program Files\Intel
2008-05-30 1431 0 d-------- C:\Program Files\SigmaTel
2008-05-30 14:04:51 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-30 12:13:32 0 d-------- C:\Program Files\CONEXANT
2008-05-30 12:07:46 0 d-------- C:\Program Files\IDT
2008-05-30 11:50:36 0 d-------- C:\Program Files\Messenger
2008-05-30 11:50:00 0 d-------- C:\Program Files\Movie Maker
2008-05-30 11:47:26 0 d-------- C:\Program Files\Windows NT
2008-05-29 13:20:37 0 d-------- C:\Program Files\Broadcom
2008-05-29 12:59:40 0 d-------- C:\Program Files\O2Micro OZ776 SCR Driver
2008-05-29 10:18:16 0 d-------- C:\Program Files\microsoft frontpage
2008-05-29 10:17:18 0 -rahs---- C:\MSDOS.SYS
2008-05-29 10:17:18 0 -rahs---- C:\IO.SYS
2008-05-29 10:17:18 0 --a------ C:\CONFIG.SYS
2008-05-29 10:17:18 0 --a------ C:\AUTOEXEC.BAT
2008-05-29 10:15:09 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-29 10:15:04 0 d-------- C:\Program Files\Online Services
2008-05-29 10:13:48 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-29 10:12:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-29 10:11:28 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-29 05:55:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-29 05:55:18 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-29 05:54:43 62 --ahs---- C:\Documents and Settings\The Doctor\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03D3E780-E6DE-4FA2-8E1E-79D4156BD976}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053FFC73-A95F-4E90-A316-FF3DE431E943}]
C:\WINDOWS\system32\yayxyWpN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ef577b9-e6a4-4da1-b134-6d7a3413f76e}]
07/23/2008 11:34 AM 101888 --a------ C:\WINDOWS\system32\nyfldn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
06/19/2008 10:21 AM 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D0C8854-9BAA-41AC-A6E4-ED8BDCD1EF8C}]
06/16/2008 08:03 PM 300544 --a------ C:\WINDOWS\system32\geBstqnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4DBBD3C-3831-471B-AFF4-D11A2512AF95}]
C:\WINDOWS\system32\urqNeccY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c369ec53-258c-76c2-eccd-89269443813d}]
07/11/2008 09:47 AM 158208 --a------ C:\WINDOWS\system32\kldyrntxxndrcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}]
06/14/2008 06:13 PM 92672 --a------ C:\WINDOWS\system32\wvUkKETm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/30/2007 08:00 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 08:00 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 07:59 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 06:10 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [09/17/2007 11:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"LSA Shellu"="C:\Documents and Settings\The Doctor\lsass.exe" [06/14/2008 06:13 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/29/2007 04:33 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [10/07/2007 08:48 PM]
"runner1"="C:\WINDOWS\mrofinu1188.exe" []
"{827ad3e0-cc10-23d5-403e-c9a701737010}"="C:\WINDOWS\system32\kldyrntxxndrcy.dll" [07/11/2008 09:47 AM]
"e8de0254"="C:\WINDOWS\system32\jtkklgfg.dll" [07/13/2008 11:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FD2114A6-01DF-48E2-8153-682EE00FDEAF}"= C:\WINDOWS\system32\wvUkKETm.dll [06/14/2008 06:13 PM 92672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkKETm]
wvUkKETm.dll 06/14/2008 06:13 PM 92672 C:\WINDOWS\system32\wvUkKETm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBstqnn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0f12767-2d8b-11dd-a667-e9d88c8f841f}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe




-- End of Deckard's System Scanner: finished at 2008-07-24 07:54:38 ------------
__________________
Dirkpitt289
Dirkpitt289 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:50 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82