|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
08-11-2008, 02:36 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 2
OS: Windows XP Home
|
Deckard's System Scanner
Hey there,
I recently (foolishly) downloaded a file which turned out ot be a trojan/malware. I have no idea how to get rid of it, I've tried everything but nothing seems to get rid of it. Here is what the log says: Deckard's System Scanner v20071014.68 Run by Owner on 2008-08-11 14:19:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 80: 2008-08-11 20:19:43 UTC - RP532 - Deckard's System Scanner Restore Point 79: 2008-08-11 20:00:44 UTC - RP531 - Installed Ad-Aware 78: 2008-08-11 19:50:57 UTC - RP530 - Deckard's System Scanner Restore Point 77: 2008-08-11 17:48:57 UTC - RP529 - Last known good configuration 76: 2008-08-11 17:47:41 UTC - RP528 - System Checkpoint -- First Restore Point -- 1: 2008-08-11 17:45:59 UTC - RP453 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 4.07 GiB (less than 15%) free. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:24: VIRUS ALERT!, on 11/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Documents and Settings\Owner.YOUR-3E6407B95F\Desktop\dss.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mash1/en-u...370-4&langid=1 R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {c82cd11c-fe4e-0128-0434-0d3e00186b61} - {16b68100-e3d0-4340-8210-e4efc11dc28c} - C:\WINDOWS\system32\occufq.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A4C1EF9B-C431-4F2D-B45B-02A5A98BFE96} - C:\WINDOWS\system32\jkkHWPhH.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll O2 - BHO: (no name) - {E482A951-26ED-4898-A1EB-09A942D95A52} - C:\WINDOWS\system32\tuvWpNee.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: bgrqfetx - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - C:\WINDOWS\bgrqfetx.dll (file missing) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [8c06e33e] rundll32.exe "C:\WINDOWS\system32\ognndkiy.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless USB utility V1.02.exe.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164853536593 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164944925640 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: tuvWpNee - C:\WINDOWS\SYSTEM32\tuvWpNee.dll O21 - SSODL: xokvrpwg - {6D44C2C7-0CF6-4034-83D5-8FCA5E50A166} - C:\WINDOWS\xokvrpwg.dll O21 - SSODL: tfnslopk - {D0120659-9FAF-47F0-80A7-6332BC6DB61D} - C:\WINDOWS\tfnslopk.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11677 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free> R3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - c:\windows\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB> R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys S0 VClone - c:\windows\system32\drivers\vclone.sys (file missing) S3 b4cef69f-7af8-44e1-b52f-9803ba7976e8 - e:\player\cds300.dll (file missing) S3 gel90xne - c:\docume~1\owner~1.you\locals~1\temp\gel90xne.sys (file missing) S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-08-09 09:35:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-07-11 and 2008-08-11 ----------------------------- 2008-08-11 14:24:31 0 d-------- C:\Program Files\Trend Micro 2008-08-11 14:00:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-11 11:49:57 120960 --a------ C:\WINDOWS\system32\occufq.dll 2008-08-11 11:49:55 120960 --a------ C:\WINDOWS\system32\qemcelfl.dll 2008-08-11 11:49:47 98688 --a------ C:\WINDOWS\system32\ognndkiy.dll 2008-08-11 11:45:33 8994 --ahs---- C:\WINDOWS\system32\HhPWHkkj.ini2 2008-08-11 11:45:17 323328 --a------ C:\WINDOWS\system32\jkkHWPhH.dll 2008-08-11 11:40:00 34176 --a------ C:\WINDOWS\system32\tuvWpNee.dll 2008-08-11 11:40:00 34176 --a------ C:\WINDOWS\system32\ddcYsRJb.dll 2008-08-11 11:39:45 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\TmpRecentIcons 2008-08-11 11:39:23 86016 --a------ C:\WINDOWS\lnvegaow.exe 2008-08-11 11:39:21 94208 --a------ C:\WINDOWS\edlb.exe 2008-08-11 11:39:20 385024 --a------ C:\WINDOWS\wnlmdakqlag.dll 2008-08-11 11:38:45 233472 --a------ C:\WINDOWS\xokvrpwg.dll 2008-08-11 11:38:44 188416 --a------ C:\WINDOWS\tfnslopk.dll 2008-07-31 23:59:28 41764 --a------ C:\WINDOWS\system32\kek.exe 2008-07-29 10:01:03 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\.dvdcss 2008-07-21 19:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Screaming Bee 2008-07-21 19:51:14 0 d-------- C:\Program Files\Screaming Bee 2008-07-21 14:00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-07-21 13:59:29 0 d-------- C:\Program Files\Common Files\Skype 2008-07-17 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-16 23:26:16 0 d-------- C:\vcs5BGEffects 2008-07-16 23:22:48 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND 2008-07-14 13:03:38 58594 --a------ C:\WINDOWS\system32\mpt.exe 2008-07-12 12:44:54 18944 --a------ C:\WINDOWS\system32\mpxa.exe -- Find3M Report --------------------------------------------------------------- 2008-08-11 13:59:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-11 12:26:52 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\uTorrent 2008-08-11 12:16:51 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Yahoo! 2008-08-11 12:07:23 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\AVG7 2008-08-11 11:41:50 0 d-------- C:\Program Files\MPlayer for Windows 2008-08-03 19:56:42 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-21 20:05:17 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Screaming Bee 2008-07-21 19:51:15 0 d-------- C:\Program Files\Common Files\Screaming Bee 2008-07-21 14:36:17 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Skype 2008-07-21 14:07:51 0 d-------- C:\Program Files\Teamspeak2_RC2 2008-07-21 14:00:02 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\skypePM 2008-07-21 13:59:29 0 d-------- C:\Program Files\Common Files 2008-07-17 17:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Google 2008-07-17 17:10:37 0 d-------- C:\Program Files\Google 2008-07-04 13:26:35 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\acccore 2008-07-04 13:25:26 0 d-------- C:\Program Files\AIM6 2008-07-04 13:25:14 0 d-------- C:\Program Files\Viewpoint 2008-07-04 13:24:38 0 d-------- C:\Program Files\Common Files\AOL 2008-06-17 20:05:30 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\dvdcss 2008-06-15 22:36:10 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Azureus 2008-06-14 19:15:23 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-06-14 10:25:26 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Sierra 2008-06-14 10:08:57 0 d-------- C:\Program Files\Sierra 2008-06-14 10:08:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-13 21:53:13 9676 --a------ C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\wklnhst.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16b68100-e3d0-4340-8210-e4efc11dc28c}] 11/08/2008 11:49: VIRUS ALERT! 120960 --a------ C:\WINDOWS\system32\occufq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4C1EF9B-C431-4F2D-B45B-02A5A98BFE96}] 11/08/2008 11:45: VIRUS ALERT! 323328 --a------ C:\WINDOWS\system32\jkkHWPhH.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}] 10/08/2008 01:23: VIRUS ALERT! 385024 --a------ C:\WINDOWS\wnlmdakqlag.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E482A951-26ED-4898-A1EB-09A942D95A52}] 11/08/2008 11:40: VIRUS ALERT! 34176 --a------ C:\WINDOWS\system32\tuvWpNee.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [26/09/2005 17:07: VIRUS ALERT! C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [18/09/2005 10:32: VIRUS ALERT!] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [18/09/2005 10:32: VIRUS ALERT!] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 03:25: VIRUS ALERT!] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/04/2008 08:12: VIRUS ALERT!] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/12/2006 20:27: VIRUS ALERT!] "8c06e33e"="C:\WINDOWS\system32\ognndkiy.dll" [11/08/2008 11:49: VIRUS ALERT!] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 13:00: VIRUS ALERT!] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54: VIRUS ALERT!] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [03/04/2007 16:29: VIRUS ALERT!] "Steam"="C:\Program Files\Valve\Steam\Steam.exe" [27/03/2008 16:44: VIRUS ALERT!] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23/05/2007 15:12: VIRUS ALERT!] "Aim6"="C:\Program Files\AIM6\aim6.exe" [19/06/2008 11:51: VIRUS ALERT!] "mpt"="c:\WINDOWS\system32\mpt.exe" [14/07/2008 13:03: VIRUS ALERT!] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless USB utility V1.02.exe.lnk - C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe [09/03/2008 4:35:45 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) "NoDispCPL"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"=1 (0x1) "StartMenuLogoff"=1 (0x1) "NoStartMenuMorePrograms"=0 (0x0) "NoSetFolders"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E482A951-26ED-4898-A1EB-09A942D95A52}"= C:\WINDOWS\system32\tuvWpNee.dll [11/08/2008 11:40: VIRUS ALERT! 34176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "xokvrpwg"= {6D44C2C7-0CF6-4034-83D5-8FCA5E50A166} - C:\WINDOWS\xokvrpwg.dll [10/08/2008 01:23: VIRUS ALERT! 233472] "tfnslopk"= {D0120659-9FAF-47F0-80A7-6332BC6DB61D} - C:\WINDOWS\tfnslopk.dll [10/08/2008 01:23: VIRUS ALERT! 188416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWpNee] tuvWpNee.dll 11/08/2008 11:40: VIRUS ALERT! 34176 C:\WINDOWS\system32\tuvWpNee.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHWPhH [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EFSysMon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EFSysMon.lnk backup=C:\WINDOWS\pss\EFSysMon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\Eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastUser] C:\WINDOWS\system32\fast.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a8e002-460f-11dc-9307-0015581be460}] AutoRun\command- M:\setup.exe /autorun directx\command- M:\DirectX\dxsetup.exe setup\command- M:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994fe1b5-d3bc-11da-b3cd-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 *Newly Created Service* - AAWSERVICE -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 7966 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-11 14:25:28 ------------ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-12-2008, 08:34 PM
|
#2 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 2
OS: Windows XP Home
|
Hey,
Can someone please check this log and reply back? I had contracted some really nasty malware/spyware/etc. and I THINK I got them off but I need someone to check this log. If this log is not of sufficient data, I will make more if you wish. Please help me out on this one. EDIT: The malware in question was Virtumonde and some possible variants and Smitfraud, which I think I got rid of. Deckard's System Scanner v20071014.68 Run by Owner on 2008-08-12 20:31:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 6.59 GiB (less than 15%) free. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:31:35 PM, on 12/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Owner.YOUR-3E6407B95F\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mash1/en-u...370-4&langid=1 R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {64B5CA33-E23E-4DC0-8335-96978E63ACCD} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {85013e5f-972e-473e-9260-728dde91aca0} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {E047F096-D288-410C-AA97-B7E6DF29B4FF} - (no file) O2 - BHO: (no name) - {E482A951-26ED-4898-A1EB-09A942D95A52} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [8c06e33e] rundll32.exe "C:\WINDOWS\system32\gpqetnwe.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless USB utility V1.02.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164853536593 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164944925640 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: tuvWpNee - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10579 bytes -- Files created between 2008-07-12 and 2008-08-12 ----------------------------- 2008-08-12 20:16:26 237728 --a------ C:\cmldr 2008-08-12 20:16:19 0 d-------- C:\cmdcons 2008-08-12 19:46:00 68096 --a------ C:\WINDOWS\zip.exe 2008-08-12 19:46:00 49152 --a------ C:\WINDOWS\VFind.exe 2008-08-12 19:46:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-08-12 19:46:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-08-12 19:46:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-08-12 19:46:00 98816 --a------ C:\WINDOWS\sed.exe 2008-08-12 19:46:00 80412 --a------ C:\WINDOWS\grep.exe 2008-08-12 19:46:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-08-12 18:35:35 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\.housecall6.6 2008-08-12 08:45:42 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Malwarebytes 2008-08-12 08:45:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-12 08:45:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-12 07:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-12 07:51:56 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-08-12 07:51:56 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\SUPERAntiSpyware.com 2008-08-11 17:03:08 143360 --a------ C:\WINDOWS\system32\EEGenFn1.dll <Not Verified; Robin Hood Software Ltd; EEGenfn1> 2008-08-11 17:03:05 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications> 2008-08-11 15:25:00 0 d-------- C:\Program Files\Panda Security 2008-08-11 14:54:21 2096 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-11 14:53:20 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-11 14:53:20 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-08-11 14:53:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-08-11 14:53:20 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-08-11 14:53:20 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-11 14:53:20 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-08-11 14:53:19 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-08-11 14:50:12 0 d-------- C:\WINDOWS\system32\bits 2008-08-11 14:39:25 0 d-------- C:\VundoFix Backups 2008-08-11 14:24:31 0 d-------- C:\Program Files\Trend Micro 2008-08-11 14:00:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-31 23:59:28 41764 --a------ C:\WINDOWS\system32\kek.exe 2008-07-29 10:01:03 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\.dvdcss 2008-07-21 19:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Screaming Bee 2008-07-21 19:51:14 0 d-------- C:\Program Files\Screaming Bee 2008-07-21 14:00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-07-21 13:59:29 0 d-------- C:\Program Files\Common Files\Skype 2008-07-17 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-16 23:26:16 0 d-------- C:\vcs5BGEffects -- Find3M Report --------------------------------------------------------------- 2008-08-12 20:18:59 0 d-------- C:\Program Files\Common Files 2008-08-12 20:13:35 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\uTorrent 2008-08-12 18  21 0 d-------- C:\Program Files\Messenger2008-08-12 17:21:37 0 d-------- C:\Program Files\MPlayer for Windows 2008-08-12 07:51:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-11 18:42:45 0 d-------- C:\Program Files\Xfire 2008-08-11 18:42:42 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\LimeWire 2008-08-11 18:42:38 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Azureus 2008-08-11 18:42:24 0 d-------- C:\Program Files\Guild Wars 2008-08-11 12:16:51 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Yahoo! 2008-08-11 12:07:23 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\AVG7 2008-08-03 19:56:42 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-21 20:05:17 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Screaming Bee 2008-07-21 19:51:15 0 d-------- C:\Program Files\Common Files\Screaming Bee 2008-07-21 14:36:17 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Skype 2008-07-21 14:07:51 0 d-------- C:\Program Files\Teamspeak2_RC2 2008-07-21 14:00:02 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\skypePM 2008-07-17 17:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Google 2008-07-17 17:10:37 0 d-------- C:\Program Files\Google 2008-07-04 13:26:35 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\acccore 2008-07-04 13:25:26 0 d-------- C:\Program Files\AIM6 2008-07-04 13:25:14 0 d-------- C:\Program Files\Viewpoint 2008-07-04 13:24:38 0 d-------- C:\Program Files\Common Files\AOL 2008-06-17 20:05:30 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\dvdcss 2008-06-14 19:15:23 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-06-14 10:25:26 0 d-------- C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\Sierra 2008-06-14 10:08:57 0 d-------- C:\Program Files\Sierra 2008-06-14 10:08:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-13 21:53:13 9676 --a------ C:\Documents and Settings\Owner.YOUR-3E6407B95F\Application Data\wklnhst.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B5CA33-E23E-4DC0-8335-96978E63ACCD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85013e5f-972e-473e-9260-728dde91aca0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E047F096-D288-410C-AA97-B7E6DF29B4FF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E482A951-26ED-4898-A1EB-09A942D95A52}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [26/09/2005 05:07 PM C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [18/09/2005 10:32 AM] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [18/09/2005 10:32 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 03:25 AM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/04/2008 08:12 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/12/2006 08:27 PM] "8c06e33e"="C:\WINDOWS\system32\gpqetnwe.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 01:00 PM] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [03/04/2007 04:29 PM] "Steam"="C:\Program Files\Valve\Steam\Steam.exe" [27/03/2008 04:44 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23/05/2007 03:12 PM] "Aim6"="C:\Program Files\AIM6\aim6.exe" [19/06/2008 11:51 AM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM] "mpt"="c:\WINDOWS\system32\mpt.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless USB utility V1.02.exe.lnk - C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe [09/03/2008 4:35:45 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWpNee] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EFSysMon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EFSysMon.lnk backup=C:\WINDOWS\pss\EFSysMon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\Eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastUser] C:\WINDOWS\system32\fast.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a8e002-460f-11dc-9307-0015581be460}] AutoRun\command- M:\setup.exe /autorun directx\command- M:\DirectX\dxsetup.exe setup\command- M:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994fe1b5-d3bc-11da-b3cd-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 -- End of Deckard's System Scanner: finished at 2008-08-12 20:31:57 ------------ Oh, sorry to make the problem seem less and less serious but it's become quite an annoyance. Another issue I'm having is whenever I start up my computer and it take me to my desktop, a warning sign pop up and tells me it can't find some file in the system32 folder. Now the file in question, I deleted (manually) before because it was apart of the Vundo malware. Now, perhaps because I did it manually it doesn't realize that it was malware. I usually press Ok to the warning sign and it goes away and It doesn't bother me again until I Restart/shutdown and go back up again. Is there any possible way to.. get rid of that too? I mean, not make the pop-up appear? Sorry, this is all very trivial but I'd really like to get rid of it. Thank you. Last edited by amateur; 08-13-2008 at 01:34 AM. Reason: to retain 0-reply status |
|
|
|
| Thread Tools | |
|
|
