|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-17-2008, 11:38 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Slow Internet and just ran DSS.exe :(
I did not see the post on dss.exe until after I ran it so that sucked. Do you want me to post what I got in text files or should I start somewhere else?
Thanks |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-17-2008, 03:46 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Yes, post the logs so we can see if the rootkit interference has affected your machine.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-17-2008, 04:18 PM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
Ok here are the two log files, first Extra.txt and then Main.txt.
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz Percentage of Memory in Use: 41% Physical Memory (total/avail): 1023.48 MiB / 600.62 MiB Pagefile Memory (total/avail): 2461.52 MiB / 2122.47 MiB Virtual Memory (total/avail): 2047.88 MiB / 1874.65 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 63.47 GiB total, 54.54 GiB free. D: is Fixed (NTFS) - 146.48 GiB total, 55.77 GiB free. E: is Fixed (NTFS) - 149.05 GiB total, 14.04 GiB free. F: is Fixed (NTFS) - 85.57 GiB total, 13.85 GiB free. G: is Fixed (NTFS) - 226.12 GiB total, 44.57 GiB free. H: is CDROM (Unformatted) I: is CDROM (CDFS) K: is Removable (FAT) \\.\PHYSICALDRIVE1 - ST3160023A - 149.05 GiB - 1 partition \PARTITION0 - Logical Disk Manager - 149.05 GiB - E: \\.\PHYSICALDRIVE2 - ST3400633AS - 372.61 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 146.48 GiB - D: \PARTITION1 - Extended w/Extended Int 13 - 226.12 GiB - G: \\.\PHYSICALDRIVE0 - WDC WD1600JB-00EVA0 - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 63.47 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 85.57 GiB - F: \\.\PHYSICALDRIVE3 - Ut163 USB2FlashStorage USB Device - 1921.84 MiB - 1 partition \PARTITION0 (bootable) - MS-DOS V4 Huge - 1927.97 MiB - K: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Control9145\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=THE-MA2P9AS5 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Control9145 LOGONSERVER=\\THE-MA2P9AS5 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\CONTRO~1\LOCALS~1\Temp TMP=C:\DOCUME~1\CONTRO~1\LOCALS~1\Temp USERDOMAIN=THE-MA2P9AS5 USERNAME=Control9145 USERPROFILE=C:\Documents and Settings\Control9145 windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Control9145 (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9 GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} IBP 9.0.3 --> "C:\Program Files\IBP 9\unins000.exe" K-Lite Mega Codec Pack 3.6.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Media Player Codec Pack 3.2.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE} Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Nero 8 --> MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A} Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777} Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8} Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8} Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164} Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923} Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A} NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" RAR Password Cracker 4.12 --> C:\Program Files\RAR Password Cracker4\uninstall.exe Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9 SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097} Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe" Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type615 / Error Event Submitted/Written: 08/16/2008 10:40:42 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00ba1c9e. Processing media-specific event for [rundll32.exe!ws!] Event Record #/Type583 / Error Event Submitted/Written: 08/15/2008 02:30:46 PM Event ID/Source: 1000 / Microsoft Office 12 Event Description: Faulting application winproj.exe, version 12.0.4518.1014, stamp 45428184, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x3a782103. Event Record #/Type436 / Error Event Submitted/Written: 08/11/2008 03:46:28 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application dssc32.exe, version 1.0.0.1, faulting module dssc32.exe, version 1.0.0.1, fault address 0x0003d72e. Processing media-specific event for [dssc32.exe!ws!] Event Record #/Type419 / Warning Event Submitted/Written: 08/08/2008 06:31:48 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Record #/Type418 / Warning Event Submitted/Written: 08/08/2008 06:31:48 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type1558 / Error Event Submitted/Written: 08/17/2008 01:10:42 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type1557 / Error Event Submitted/Written: 08/17/2008 01:09:17 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu SPBBCDrv SRTSPX SYMTDI Tcpip Event Record #/Type1556 / Error Event Submitted/Written: 08/17/2008 01:09:17 PM Event ID/Source: 7001 / Service Control Manager Event Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Event Record #/Type1555 / Error Event Submitted/Written: 08/17/2008 01:09:17 PM Event ID/Source: 7001 / Service Control Manager Event Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%31 Event Record #/Type1554 / Error Event Submitted/Written: 08/17/2008 01:09:17 PM Event ID/Source: 7001 / Service Control Manager Event Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 -- End of Deckard's System Scanner: finished at 2008-08-17 13:27:46 ------------ Deckard's System Scanner v20071014.68 Run by Contr45 on 2008-08-17 13:23:33 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 31: 2008-08-17 17:23:40 UTC - RP31 - Deckard's System Scanner Restore Point 30: 2008-08-17 02:33:12 UTC - RP30 - System Checkpoint 29: 2008-08-15 16:19:07 UTC - RP29 - System Checkpoint 28: 2008-08-14 16:12:16 UTC - RP28 - Last known good configuration 27: 2008-08-14 16:12:11 UTC - RP27 - System Checkpoint -- First Restore Point -- 1: 2008-08-14 16:12:08 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-08-17 13:25:15 Platform: Windows XP Service Pack 3 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\explorer.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Control9145\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {059F64B3-475B-41A3-A895-B1B50C498857} - C:\Documents and Settings\Control9145\Local Settings\Temporary Internet Files\Content.IE5\3KRTAIVG\3077htsbdjyf[1].dll (file missing) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll O2 - BHO: (no name) - {5217E37A-9A5D-4609-A865-D3555C280853} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {8C57CB69-EC1F-4FF3-916F-52151AABC187} - C:\WINDOWS\system32\jkklkkLD.dll O2 - BHO: (no name) - {92080483-5222-4561-832F-2024BBFC59CC} - C:\WINDOWS\system32\urqRJBSj.dll O2 - BHO: {d8dd768e-b469-7e28-2eb4-e3f248405f5c} - {c5f50484-2f3e-4be2-82e7-964be867dd8d} - C:\WINDOWS\system32\khnbbg.dll O2 - BHO: (no name) - {E58DB39C-87C7-4B3E-AA48-B3E3C5BFBE3a} - C:\WINDOWS\system32\qnlsgqyw.dll (file missing) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [a4f778e8] rundll32.exe "C:\WINDOWS\system32\ewvhrien.dll",b O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1217113819390 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: jkklkkLD - C:\WINDOWS\system32\jkklkkLD.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6556 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Multimedia Audio Controller Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_1015147B&REV_02\3&13C0B0C5&0&FD Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_1015147B&REV_02\3&13C0B0C5&0&FD Service: -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 816) 2008-08-11 03:45:53 35328 -----n--- C:\WINDOWS\system32\jkklkkLD.dll C:\WINDOWS\explorer.exe (pid 2016) 2008-08-14 12:11:57 251392 --a------ C:\WINDOWS\system32\urqRJBSj.dll 2008-08-11 03:45:53 35328 -----n--- C:\WINDOWS\system32\jkklkkLD.dll 2008-08-16 22:38:59 85504 --a------ C:\WINDOWS\system32\ewvhrien.dll 2008-08-17 02:12:34 107008 --a------ C:\WINDOWS\system32\khnbbg.dll 2008-03-29 11:42:20 159744 --a------ C:\WINDOWS\system32\mmfinfo.dll 2008-03-29 11:41:52 23552 --a------ C:\WINDOWS\system32\mkunicode.dll 2002-05-14 18:22:34 122880 --a------ C:\Program Files\WinRAR\RarExt.dll C:\WINDOWS\system32\rundll32.exe (pid 2652) 2008-08-16 22:38:59 85504 --a------ C:\WINDOWS\system32\ewvhrien.dll -- Files created between 2008-07-17 and 2008-08-17 ----------------------------- 2008-08-17 02:15:33 2048 --a------ C:\WINDOWS\system32\ltuiohiy.exe 2008-08-17 02:12:34 107008 --a------ C:\WINDOWS\system32\khnbbg.dll 2008-08-17 02:12:33 107008 --a------ C:\WINDOWS\system32\kxdnvwvu.dll 2008-08-17 02:11:03 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-16 22:38:58 85504 --a------ C:\WINDOWS\system32\ewvhrien.dll 2008-08-16 22:35:58 93184 --a------ C:\WINDOWS\system32\lvmfnfeg.dll 2008-08-16 22  18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-08-16 22:01:59 0 d-------- C:\Program Files\SpywareBlaster 2008-08-16 21:42:52 107008 --a------ C:\WINDOWS\system32\aaasxq.dll 2008-08-16 21:42:50 107008 --a------ C:\WINDOWS\system32\bnqhjqxl.dll 2008-08-16 21:39:38 2048 --a------ C:\WINDOWS\system32\snxmvuyf.exe 2008-08-15 13:00:43 2048 --a------ C:\WINDOWS\system32\cyxnyckg.exe 2008-08-15 13:00:39 83968 -----n--- C:\WINDOWS\system32\qkpjykyk.dll 2008-08-15 12:57:52 108032 --a------ C:\WINDOWS\system32\wszxmu.dll 2008-08-15 12:57:51 108032 --a------ C:\WINDOWS\system32\uusktpig.dll 2008-08-14 12:59:07 2048 --a------ C:\WINDOWS\system32\axstcggy.exe 2008-08-14 12:59:03 98304 --a------ C:\WINDOWS\system32\xphhvm.dll 2008-08-14 12:59:02 98304 --a------ C:\WINDOWS\system32\dowxmlpr.dll 2008-08-14 12:57:02 93184 --a------ C:\WINDOWS\system32\thxvwrvt.dll 2008-08-14 12:36:05 2048 --a------ C:\WINDOWS\system32\wtryvktd.exe 2008-08-14 12:30:57 98304 --a------ C:\WINDOWS\system32\ttnmjc.dll 2008-08-14 12:30:56 98304 --a------ C:\WINDOWS\system32\bhbiracj.dll 2008-08-14 12:30:47 93184 --a------ C:\WINDOWS\system32\ojofdnls.dll 2008-08-14 12:15:01 98304 --a------ C:\WINDOWS\system32\vkvahk.dll 2008-08-14 12:14:59 98304 --a------ C:\WINDOWS\system32\qngrmwbi.dll 2008-08-14 12:14:58 2048 --a------ C:\WINDOWS\system32\quctbmyo.exe 2008-08-14 12:12:46 93184 --a------ C:\WINDOWS\system32\hnjkhupl.dll 2008-08-14 12:11:58 831138 --ahs---- C:\WINDOWS\system32\jSBJRqru.ini2 2008-08-14 12:11:52 251392 --a------ C:\WINDOWS\system32\urqRJBSj.dll 2008-08-11 03:50:18 16384 --a------ C:\WINDOWS\system32\tdssl.dll 2008-08-11 03:50:18 34816 --a------ C:\WINDOWS\system32\drivers\tdssserv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-08-11 03:46:14 0 d-------- C:\Program Files\PowerISO 2008-08-11 03:45:53 35328 -----n--- C:\WINDOWS\system32\jkklkkLD.dll 2008-08-08 19:14:25 77828 --a------ C:\WINDOWS\system32\css2_32.dll 2008-08-08 17:28:01 0 d-------- C:\Program Files\Microsoft Works 2008-08-08 17:27:52 0 d-------- C:\Program Files\MSBuild 2008-08-08 17:23:57 0 d-------- C:\WINDOWS\SHELLNEW 2008-08-08 17:23:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-08 17:22:59 0 dr-h----- C:\MSOCache 2008-08-08 10:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-08-08 10:31:55 0 d-------- C:\Program Files\Winamp Remote 2008-08-08 10:30:56 0 d-------- C:\Program Files\Winamp 2008-08-08 10:30:56 0 d-------- C:\Documents and Settings\Control9145\Application Data\Winamp 2008-08-06 00:52:36 58629 --a------ C:\WINDOWS\system32\mpt.exe 2008-08-04 02:19:25 0 d-------- C:\WINDOWS\pss 2008-08-04 02:13:21 0 d-------- C:\Program Files\PCHealthCenter 2008-08-04 02:13:01 0 d-------- C:\Program Files\RAR Password Cracker4 2008-08-03 23:23:37 0 d-------- C:\Documents and Settings\Control9145\Application Data\mIRC 2008-08-03 23:23:36 0 d-------- C:\Program Files\mIRC 2008-08-01 01:59:28 41764 --a------ C:\WINDOWS\system32\kek.exe 2008-08-01 00:28:42 41984 --a------ C:\WINDOWS\system32\mpxa.exe 2008-07-29 11:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE 2008-07-29 11:08:53 0 d-------- C:\Documents and Settings\Control9145\Application Data\GlobalSCAPE 2008-07-29 11:08:31 0 d-------- C:\Program Files\GlobalSCAPE 2008-07-28 00:41:05 0 d-------- C:\Program Files\IBP 9 2008-07-28 00:41:05 0 d-------- C:\Documents and Settings\Control9145\Application Data\IBP 2008-07-27 21:47:26 0 d-------- C:\Documents and Settings\Control9145\Application Data\dvdcss 2008-07-27 21:14:09 0 d-------- C:\Documents and Settings\Control9145\Application Data\Symantec 2008-07-27 18:03:22 0 d-------- C:\Program Files\MSXML 4.0 2008-07-27 17:52:39 0 d-------- C:\WINDOWS\nview 2008-07-27 17:52:09 0 d-------- C:\NVIDIA 2008-07-27 04:43:40 0 d-------- C:\Documents and Settings\Control9145\Application Data\Adobe 2008-07-27 04:43:04 0 d-------- C:\Documents and Settings\Control9145\Application Data\Macromedia 2008-07-27 01:49:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-07-26 23:16:59 0 d-------- C:\Documents and Settings\Control9145\Application Data\Nero 2008-07-26 23:14:14 0 d-------- C:\Program Files\Nero 2008-07-26 23:14:14 0 d-------- C:\Program Files\Common Files\Nero 2008-07-26 23:14:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-07-26 23:12:58 0 d-------- C:\WINDOWS\RegisteredPackages 2008-07-26 21:33:07 0 d-------- C:\WINDOWS\Prefetch 2008-07-26 21:31:53 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80641102}.dat 2008-07-26 21:31:53 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80641102}.dat 2008-07-26 21:20:44 0 d-------- C:\WINDOWS\system32\scripting 2008-07-26 21:20:43 0 d-------- C:\WINDOWS\l2schemas 2008-07-26 21:20:42 0 d-------- C:\WINDOWS\system32\en 2008-07-26 21:14:30 0 d-------- C:\WINDOWS\network diagnostic 2008-07-26 20:04:57 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-26 20:04:54 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2008-07-26 20:04:49 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-07-26 20:04:49 0 d-------- C:\Documents and Settings\Control9145\Application Data\Real 2008-07-26 20:04:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Real 2008-07-26 20:03:57 0 d-------- C:\WINDOWS\system32\custom matrices 2008-07-26 20:03:47 0 d-------- C:\WINDOWS\system32\QuickTime 2008-07-26 20:03:46 0 d-------- C:\WINDOWS\system32\C2MP 2008-07-26 20:00:54 0 d-------- C:\Program Files\uTorrent 2008-07-26 20:00:50 0 d-------- C:\Documents and Settings\Control9145\Application Data\uTorrent 2008-07-26 20:00:47 0 d-------- C:\Documents and Settings\Control9145\Application Data\vlc 2008-07-26 19:57:22 0 d-------- C:\Program Files\VideoLAN 2008-07-26 19:54:46 0 d--h----- C:\WINDOWS\PIF 2008-07-26 19:48:39 1048576 --a------ C:\WINDOWS\system32\SFMAN.DAT 2008-07-26 19:48:39 54784 --a------ C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32> 2008-07-26 19:48:39 26768 --a------ C:\WINDOWS\system32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control> 2008-07-26 19:48:39 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows> 2008-07-26 19:48:38 0 d-------- C:\WINDOWS\system32\Defaults 2008-07-26 19:48:17 0 d-------- C:\WINDOWS\system32\Data 2008-07-26 19:48:15 270336 --a------ C:\WINDOWS\system32\SFMS32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:15 36864 --a------ C:\WINDOWS\system32\REGPLIB.EXE 2008-07-26 19:48:15 110592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL <Not Verified; Creative Technology Ltd; E-mu PIA> 2008-07-26 19:48:15 135168 --a------ C:\WINDOWS\system32\OPENAL32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:15 49152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE 2008-07-26 19:48:15 77824 --a------ C:\WINDOWS\system32\EAXAC3.DLL <Not Verified; Creative Labs; EAX-AC3 DLL> 2008-07-26 19:48:15 184320 --a------ C:\WINDOWS\PSCONV.EXE 2008-07-26 19:48:15 61440 --a------ C:\WINDOWS\MIDIDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:15 94208 --a------ C:\WINDOWS\DEVREG.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:15 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Technology Ltd CTDCRES> 2008-07-26 19:48:14 28672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL <Not Verified; Creative Technology Ltd; CtSpkHlp Dynamic Link Library> 2008-07-26 19:48:14 643072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 155648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application> 2008-07-26 19:48:14 36864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 106496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 319488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 106496 --a------ C:\WINDOWS\system32\CTASIO.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 61440 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent> 2008-07-26 19:48:14 110592 --a------ C:\WINDOWS\system32\COMMONFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:48:14 53248 --a------ C:\WINDOWS\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-07-26 19:47:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-26 19:47:15 0 d-------- C:\Program Files\Creative 2008-07-26 19:47:11 0 d-------- C:\Program Files\Common Files\InstallShield 2008-07-26 19:45:32 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-07-26 19:34:09 0 d-------- C:\WINDOWS\peernet 2008-07-26 19:34:08 0 d-------- C:\WINDOWS\provisioning 2008-07-26 19:32:25 0 d-------- C:\WINDOWS\ServicePackFiles 2008-07-26 19:30:03 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-07-26 19:27:49 0 d-------- C:\WINDOWS\EHome 2008-07-26 19:16:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-07-26 19:12:24 0 d-------- C:\WINDOWS\system32\PreInstall 2008-07-26 19:12:22 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-07-26 19:12:05 0 d-------- C:\WINDOWS\system32\bits 2008-07-26 19:10:27 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-07-26 19:10:17 0 d--hs---- C:\Documents and Settings\Control9145\UserData 2008-07-26 18:34:34 0 d-------- C:\Program Files\Norton 360 2008-07-26 18:34:05 0 d-------- C:\Program Files\Symantec 2008-07-26 18:34:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-26 18:33:37 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-26 18:32:00 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-07-26 18:32:00 0 d-------- C:\Program Files\DAEMON Tools 2008-07-26 18:29:17 96384 --a------ C:\WINDOWS\system32\drivers\sptd1085.sys 2008-07-26 18:29:17 664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-26 18:24:04 61440 -ra------ C:\WINDOWS\system32\EL2K_CPP.dll <Not Verified; 3Com Corporation; EL2k_CPP> 2008-07-26 18:24:04 143744 -ra------ C:\WINDOWS\system32\drivers\EL2K_XP.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)> 2008-07-26 03:53:00 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-07-26 03:49:15 0 d--hs---- C:\WINDOWS\Installer 2008-07-26 03:49:13 0 d-------- C:\Documents and Settings\Control9145\Application Data\Identities 2008-07-26 03:48:59 0 d--h----- C:\Documents and Settings\Control9145\Templates 2008-07-26 03:48:59 0 dr------- C:\Documents and Settings\Control9145\Start Menu 2008-07-26 03:48:59 0 dr-h----- C:\Documents and Settings\Control9145\SendTo 2008-07-26 03:48:59 0 dr-h----- C:\Documents and Settings\Control9145\Recent 2008-07-26 03:48:59 0 d--h----- C:\Documents and Settings\Control9145\PrintHood 2008-07-26 03:48:59 5242880 --ah----- C:\Documents and Settings\Control9145\NTUSER.DAT 2008-07-26 03:48:59 0 d--h----- C:\Documents and Settings\Control9145\NetHood 2008-07-26 03:48:59 0 dr------- C:\Documents and Settings\Control9145\My Documents 2008-07-26 03:48:59 0 d--h----- C:\Documents and Settings\Control9145\Local Settings 2008-07-26 03:48:59 0 dr------- C:\Documents and Settings\Control9145\Favorites 2008-07-26 03:48:59 0 d-------- C:\Documents and Settings\Control9145\Desktop 2008-07-26 03:48:59 0 d--hs---- C:\Documents and Settings\Control9145\Cookies 2008-07-26 03:48:59 0 dr-h----- C:\Documents and Settings\Control9145\Application Data 2008-07-26 03:47:58 0 d--hs---- C:\System Volume Information 2008-07-26 03:47:55 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-07-26 03:47:55 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-07-26 03:47:55 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-07-26 03:47:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-07-26 03:47:55 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-07-26 03:47:55 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-07-26 03:47:55 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-07-26 03:47:55 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-07-26 03:47:55 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-07-26 03:47:55 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-07-26 03:00:03 0 d-------- C:\WINDOWS\system32\xircom 2008-07-26 03:00:03 0 d-------- C:\Program Files\microsoft frontpage 2008-07-26 02:59:52 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-07-26 02:59:45 0 -rahs---- C:\MSDOS.SYS 2008-07-26 02:59:45 0 -rahs---- C:\IO.SYS 2008-07-26 02:59:45 0 --a------ C:\CONFIG.SYS 2008-07-26 02:59:45 0 --a------ C:\AUTOEXEC.BAT 2008-07-26 02:59:04 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-07-26 02:58:56 0 dr------- C:\WINDOWS\Offline Web Pages 2008-07-26 02:58:56 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-07-26 02:58:34 0 d-------- C:\WINDOWS\system32\DirectX 2008-07-26 02:58:00 0 d---s---- C:\WINDOWS\Tasks 2008-07-26 02:57:58 0 d-------- C:\Program Files\Common Files\MSSoap 2008-07-26 02:57:54 0 d-------- C:\WINDOWS\system32\Macromed 2008-07-26 02:57:54 0 d-------- C:\WINDOWS\srchasst 2008-07-26 02:57:53 0 d-------- C:\Program Files\Movie Maker 2008-07-26 02:57:50 0 d-------- C:\WINDOWS\PCHealth 2008-07-26 02:57:49 0 d-------- C:\WINDOWS\system32\Restore 2008-07-26 02:57:21 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-07-26 02:57:18 0 d-------- C:\WINDOWS\Registration 2008-07-26 02:57:16 0 d--h----- C:\Program Files\WindowsUpdate 2008-07-26 02:57:16 0 d-------- C:\Program Files\Online Services 2008-07-26 02:57:12 0 d-------- C:\Program Files\Messenger 2008-07-26 02:57:08 0 d-------- C:\Program Files\MSN Gaming Zone 2008-07-26 02:56:38 0 d-------- C:\Program Files\Windows NT 2008-07-26 02:56:36 0 d-------- C:\WINDOWS\system32\MsDtc 2008-07-26 02:56:35 0 d-------- C:\WINDOWS\system32\Com 2008-07-25 22:04:58 0 d-------- C:\Program Files\Common Files\ODBC 2008-07-25 22:04:56 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-07-25 22:04:55 0 dr------- C:\Program Files 2008-07-25 22:04:55 0 d-------- C:\Program Files\Common Files 2008-07-25 22:04:32 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-07-25 22:04:32 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-07-25 22:04:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-07-25 22:04:32 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-07-25 22:04:32 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-07-25 22:04:32 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-07-25 22:04:32 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-07-25 22:04:32 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-07-25 22:04:32 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-07-25 22:04:32 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-07-25 22:04:32 0 d---s---- C:\Documents and Settings\Default User\Cookies 2008-07-25 22:04:32 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-07-25 22:04:32 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-07-25 22:04:32 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-07-25 22:04:32 0 dr------- C:\Documents and Settings\All Users\Documents 2008-07-25 22:04:32 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-07-25 22:03:46 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-07-25 22:03:46 0 d-------- C:\WINDOWS\system32\CatRoot 2008-07-25 22:03:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-07-25 22:03:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-07-25 22:03:40 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-07-25 22:03:40 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-07-25 22:02:47 0 d-------- C:\Documents and Settings 2008-07-25 21:57:38 0 d-------- C:\WINDOWS 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\WinSxS 2008-07-25 21:57:38 0 dr------- C:\WINDOWS\Web 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\twain_32 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\wins 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\wbem 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\usmt 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\spool 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\ShellExt 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\Setup 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\ras 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\oobe 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\npp 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\mui 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\inetsrv 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\IME 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\icsxml 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\ias 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\export 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\drivers 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-07-25 21:57:38 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\dhcp 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\config 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\3076 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\2052 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1054 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1042 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1041 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1037 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1033 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1031 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1028 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system32\1025 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\system 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\security 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Resources 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\repair 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\mui 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\msapps 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\msagent 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Media 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\java 2008-07-25 21:57:38 0 d--h----- C:\WINDOWS\inf 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\ime 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Help 2008-07-25 21:57:38 0 dr--s---- C:\WINDOWS\Fonts 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Driver Cache 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Debug 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Cursors 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Connection Wizard 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\Config 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\AppPatch 2008-07-25 21:57:38 0 d-------- C:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2008-07-25 22:04:32 62 --ahs---- C:\Documents and Settings\Control9145\Application Data\desktop.ini 2008-05-24 05:55:00 204800 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2008-05-24 05:55:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; > 2008-05-24 05:55:00 455680 --a------ C:\WINDOWS\system32\libmplayer.dll 2008-05-24 05:55:00 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2008-05-24 05:55:00 3614208 --a------ C:\WINDOWS\system32\libavcodec.dll 2008-05-24 05:55:00 692224 --a------ C:\WINDOWS\system32\ff_x264.dll 2008-05-24 05:55:00 23552 --a------ C:\WINDOWS\system32\ff_wmv9.dll 2008-05-24 05:55:00 38400 --a------ C:\WINDOWS\system32\ff_unrar.dll 2008-05-24 05:55:00 115200 --a------ C:\WINDOWS\system32\ff_tremor.dll 2008-05-24 05:55:00 143360 --a------ C:\WINDOWS\system32\ff_theora.dll 2008-05-24 05:55:00 113152 --a------ C:\WINDOWS\system32\ff_samplerate.dll 2008-05-24 05:55:00 114688 --a------ C:\WINDOWS\system32\ff_realaac.dll 2008-05-24 05:55:00 99840 --a------ C:\WINDOWS\system32\ff_libmad.dll 2008-05-24 05:55:00 211968 --a------ C:\WINDOWS\system32\ff_libfaad2.dll 2008-05-24 05:55:00 147456 --a------ C:\WINDOWS\system32\ff_libdts.dll 2008-05-24 05:55:00 40448 --a------ C:\WINDOWS\system32\ff_liba52.dll 2008-05-24 05:55:00 204800 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll 2008-05-24 05:55:00 741376 --a------ C:\WINDOWS\system32\audxlib.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{059F64B3-475B-41A3-A895-B1B50C498857}] C:\Documents and Settings\Control9145\Local Settings\Temporary Internet Files\Content.IE5\3KRTAIVG\3077htsbdjyf[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5217E37A-9A5D-4609-A865-D3555C280853}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C57CB69-EC1F-4FF3-916F-52151AABC187}] 08/11/2008 03:45 AM 35328 --------- C:\WINDOWS\system32\jkklkkLD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92080483-5222-4561-832F-2024BBFC59CC}] 08/14/2008 12:11 PM 251392 --a------ C:\WINDOWS\system32\urqRJBSj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f50484-2f3e-4be2-82e7-964be867dd8d}] 08/17/2008 02:12 AM 107008 --a------ C:\WINDOWS\system32\khnbbg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E58DB39C-87C7-4B3E-AA48-B3E3C5BFBE3a}] C:\WINDOWS\system32\qnlsgqyw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 05:59 PM] "a4f778e8"="C:\WINDOWS\system32\ewvhrien.dll" [08/16/2008 10:38 PM] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/13/2008 08:12 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{8C57CB69-EC1F-4FF3-916F-52151AABC187}"= C:\WINDOWS\system32\jkklkkLD.dll [08/11/2008 03:45 AM 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkkLD] jkklkkLD.dll 08/11/2008 03:45 AM 35328 C:\WINDOWS\system32\jkklkkLD.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRJBSj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a4f778e8] rundll32.exe "C:\WINDOWS\system32\phgibawi.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus] C:\Program Files\VAV\vav.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMa7c44b74] Rundll32.exe "C:\WINDOWS\system32\hnjkhupl.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kek] c:\WINDOWS\system32\kek.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpt] c:\WINDOWS\system32\mpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows] C:\DOCUME~1\CONTRO~1\LOCALS~1\Temp\Setup_ver1.1400.0.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc *Newly Created Service* - COMHOST -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 9021 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-17 13:27:46 ------------ |
|
|
|
|
08-17-2008, 06:39 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
It does not appear as though your machine has been affected by the rootkit in question. Please delete dss.exe from your machine.
You do have a large pile of Vundo on the machine. Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer. S& D Spybot's Tea Timer While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed.  Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. If you have any questions along the way, STOP and ask them before proceeding. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. It does not appear as though DSS was allowed to download and install HijackThis. To produce a HijackThis log for your next reply, please do this: Please download HijackThis to your desktop Alternate link Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-17-2008, 07:21 PM
|
#5 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
Ok done. Here are the two log files, first cobofix.txt and then Hijackthis.
ComboFix 08-08-17.03 - Control9145 2008-08-17 21:00:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.549 [GMT -4:00] Running from: C:\Documents and Settings\Control9145\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Control9145\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Control9145\Application Data\macromedia\Flash Player\#SharedObjects\ABYTEB57\interclick.com C:\Documents and Settings\Control9145\Application Data\macromedia\Flash Player\#SharedObjects\ABYTEB57\interclick.com\ud.sol C:\Documents and Settings\Control9145\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Control9145\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Control9145\Cookies\control9145@safepctool[1].txt C:\Documents and Settings\Control9145\UserData C:\Documents and Settings\Control9145\UserData\index.dat C:\Program Files\PCHealthCenter C:\Program Files\PCHealthCenter\0.exe C:\Program Files\PCHealthCenter\0.gif C:\Program Files\PCHealthCenter\1.exe C:\Program Files\PCHealthCenter\1.gif C:\Program Files\PCHealthCenter\2.exe C:\Program Files\PCHealthCenter\2.gif C:\Program Files\PCHealthCenter\3.exe C:\Program Files\PCHealthCenter\3.gif C:\Program Files\PCHealthCenter\4.exe C:\Program Files\PCHealthCenter\5.exe C:\Program Files\PCHealthCenter\7.exe C:\Program Files\PCHealthCenter\sex1.ico C:\Program Files\PCHealthCenter\sex2.ico C:\WINDOWS\BMa7c44b74.txt C:\WINDOWS\BMa7c44b74.xml C:\WINDOWS\system32\aaasxq.dll C:\WINDOWS\system32\axstcggy.exe C:\WINDOWS\system32\bhbiracj.dll C:\WINDOWS\system32\bnqhjqxl.dll C:\WINDOWS\system32\cyxnyckg.exe C:\WINDOWS\system32\dowxmlpr.dll C:\WINDOWS\system32\ewvhrien.dll C:\WINDOWS\system32\hnjkhupl.dll C:\WINDOWS\system32\iwabighp.ini C:\WINDOWS\system32\jceincum.ini C:\WINDOWS\system32\jkklkkLD.dll C:\WINDOWS\system32\jSBJRqru.ini C:\WINDOWS\system32\jSBJRqru.ini2 C:\WINDOWS\system32\khnbbg.dll C:\WINDOWS\system32\kxdnvwvu.dll C:\WINDOWS\system32\kykyjpkq.ini C:\WINDOWS\system32\ltuiohiy.exe C:\WINDOWS\system32\lvmfnfeg.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\neirhvwe.ini C:\WINDOWS\system32\ojofdnls.dll C:\WINDOWS\system32\prmpjfsi.ini C:\WINDOWS\system32\qkpjykyk.dll C:\WINDOWS\system32\qngrmwbi.dll C:\WINDOWS\system32\quctbmyo.exe C:\WINDOWS\system32\snxmvuyf.exe C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\thxvwrvt.dll C:\WINDOWS\system32\ttnmjc.dll C:\WINDOWS\system32\urqRJBSj.dll C:\WINDOWS\system32\uusktpig.dll C:\WINDOWS\system32\vkvahk.dll C:\WINDOWS\system32\wszxmu.dll C:\WINDOWS\system32\wtryvktd.exe C:\WINDOWS\system32\xphhvm.dll . ((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))) . 2008-08-17 13:23 . 2008-08-17 13:23 <DIR> d-------- C:\Deckard 2008-08-17 02:11 . 2008-08-17 02:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-16 22:54 . 2008-08-17 02:10 199 --a------ C:\WINDOWS\wininit.ini 2008-08-16 22:06 . 2008-08-16 22:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-16 22:06 . 2008-08-16 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-16 22:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-08-16 22:01 . 2008-08-17 02:13 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-11 10:32 . 2008-08-11 10:33 38 --a------ C:\WINDOWS\avisplitter.INI 2008-08-11 03:46 . 2008-08-11 03:46 <DIR> d-------- C:\Program Files\PowerISO 2008-08-08 19:14 . 2008-08-08 19:14 77,828 --a------ C:\WINDOWS\system32\css2_32.dll 2008-08-08 17:28 . 2008-08-08 17:28 <DIR> d-------- C:\Program Files\Microsoft Works 2008-08-08 17:27 . 2008-08-08 17:27 <DIR> d-------- C:\Program Files\MSBuild 2008-08-08 17:23 . 2008-08-08 18:30 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-08 17:23 . 2008-08-08 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-08 17:22 . 2008-08-08 17:22 <DIR> dr-h----- C:\MSOCache 2008-08-08 10:32 . 2008-08-08 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-08-08 10:31 . 2008-08-08 10:32 <DIR> d-------- C:\Program Files\Winamp Remote 2008-08-08 10:30 . 2008-08-08 10:32 <DIR> d-------- C:\Program Files\Winamp 2008-08-08 10:30 . 2008-08-09 01:38 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\Winamp 2008-08-06 10:35 . 2008-04-13 14:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-08-06 00:52 . 2008-08-06 00:52 58,629 --a------ C:\WINDOWS\system32\mpt.exe 2008-08-03 23:23 . 2008-08-03 23:23 <DIR> d-------- C:\Program Files\mIRC 2008-08-03 23:23 . 2008-08-04 02:19 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\mIRC 2008-08-01 01:59 . 2008-08-01 01:59 41,764 --a------ C:\WINDOWS\system32\kek.exe 2008-08-01 00:28 . 2008-08-01 00:28 41,984 --a------ C:\WINDOWS\system32\mpxa.exe 2008-07-29 11:09 . 2008-07-29 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE 2008-07-29 11:08 . 2008-07-29 11:08 <DIR> d-------- C:\Program Files\GlobalSCAPE 2008-07-29 11:08 . 2008-07-29 11:08 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\GlobalSCAPE 2008-07-28 00:41 . 2008-07-28 00:41 <DIR> d-------- C:\Program Files\IBP 9 2008-07-28 00:41 . 2008-08-07 23:26 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\IBP 2008-07-27 21:47 . 2008-08-15 10:44 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\dvdcss 2008-07-27 21:14 . 2008-07-27 21:14 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\Symantec 2008-07-27 18:22 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-27 18:22 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-27 18:22 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-27 18:22 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-27 18:22 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-27 18:22 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-27 18:22 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-27 18:22 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-27 18:22 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-27 18:03 . 2008-07-27 18:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-07-27 17:52 . 2008-07-27 17:52 <DIR> d-------- C:\WINDOWS\nview 2008-07-27 17:52 . 2008-07-27 17:52 <DIR> d-------- C:\NVIDIA 2008-07-27 17:52 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-07-27 17:52 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-07-27 17:52 . 2008-07-27 18:05 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-07-27 17:52 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-07-27 01:49 . 2008-07-27 04:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-07-27 01:43 . 2008-08-17 20:29 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-26 23:16 . 2008-07-26 23:16 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\Nero 2008-07-26 23:14 . 2008-07-26 23:14 <DIR> d-------- C:\Program Files\Nero 2008-07-26 23:14 . 2008-07-26 23:15 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-07-26 23:14 . 2008-07-26 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-07-26 22:43 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-26 22:43 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-07-26 22:43 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-26 21:49 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-26 21:49 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-26 21:31 . 2008-08-17 21:07 16,420 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 21:31 . 2008-08-17 21:07 16,420 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 21:31 . 2008-08-17 21:07 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-07-26 21:31 . 2008-08-17 21:07 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-07-26 21:31 . 2008-08-17 21:07 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80641102}.dat 2008-07-26 21:31 . 2008-08-17 21:07 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80641102}.dat 2008-07-26 21:20 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-07-26 21:20 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\system32\en 2008-07-26 21:20 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-26 20:43 . 2008-04-13 20:12 786,432 -----c--- C:\WINDOWS\system32\dllcache\migrate.exe 2008-07-26 20:04 . 2008-07-26 20:04 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-07-26 20:04 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-07-26 20:04 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-26 20:04 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2008-07-26 20:04 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-07-26 20:03 . 2008-07-26 20:03 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-07-26 20:03 . 2008-07-26 20:03 <DIR> d-------- C:\WINDOWS\system32\custom matrices 2008-07-26 20:03 . 2008-07-26 20:04 <DIR> d-------- C:\WINDOWS\system32\C2MP 2008-07-26 20:00 . 2008-07-26 20:00 <DIR> d-------- C:\Program Files\uTorrent 2008-07-26 20:00 . 2008-07-26 20:00 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\vlc 2008-07-26 20:00 . 2008-08-16 21:49 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\uTorrent 2008-07-26 19:57 . 2008-07-26 19:57 <DIR> d-------- C:\Program Files\VideoLAN 2008-07-26 19:54 . 2008-07-26 19:54 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-26 19:51 . 2008-08-14 12:25 3,374,149 --a------ C:\WINDOWS\{00000002-00000000-00000005-00001102-00000002-80641102}.CDF 2008-07-26 19:51 . 2008-08-14 12:25 3,374,149 --a------ C:\WINDOWS\{00000002-00000000-00000005-00001102-00000002-80641102}.BAK 2008-07-26 19:49 . 2008-08-17 21:07 24,888 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 19:49 . 2008-08-17 21:07 24,888 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 19:47 . 2008-07-29 11:08 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-26 19:47 . 2008-07-26 19:48 <DIR> d-------- C:\Program Files\Creative 2008-07-26 19:47 . 2008-07-27 17:52 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-26 19:47 . 1999-12-17 01:00 6,752 --a------ C:\WINDOWS\system32\PFMODNT.SYS 2008-07-26 19:35 . 2008-07-26 23:13 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2008-07-26 19:34 . 2008-07-26 19:34 <DIR> d-------- C:\WINDOWS\provisioning 2008-07-26 19:34 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\peernet 2008-07-26 19:32 . 2008-07-26 21:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-26 19:27 . 2008-07-26 21:10 <DIR> d-------- C:\WINDOWS\EHome 2008-07-26 19:24 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img 2008-07-26 19:24 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe 2008-07-26 19:24 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig 2008-07-26 19:24 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat 2008-07-26 19:12 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-26 19:12 . 2008-07-27 18:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-26 19:12 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-26 19:11 . 2008-04-13 13:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll 2008-07-26 19:11 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll 2008-07-26 19:11 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-07-26 19:11 . 2008-04-13 20:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2008-07-26 19:11 . 2008-04-13 20:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2008-07-26 19:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2008-07-26 19:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2008-07-26 19:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-07-26 19:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-26 19:10 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-07-26 19:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll 2008-07-26 19:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-07-26 19:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-07-26 19:10 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-07-26 19:05 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-07-26 19:05 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2008-07-26 19:05 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL 2008-07-26 19:04 . 2007-07-17 12:21 186,256 --a------ C:\WINDOWS\system32\SymNPPWA.dll 2008-07-26 18:42 . 2008-07-26 18:42 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-07-26 18:41 . 2008-07-26 18:41 16 --a------ C:\WINDOWS\system32\coh.cache 2008-07-26 18:34 . 2008-07-26 19:04 <DIR> d-------- C:\Program Files\Symantec 2008-07-26 18:34 . 2008-08-06 11:09 <DIR> d-------- C:\Program Files\Norton 360 2008-07-26 18:34 . 2008-08-17 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-26 06:59 558,142 ----a-w C:\WINDOWS\java\Packages\7F7LV5RJ.ZIP 2008-07-26 06:59 155,995 ----a-w C:\WINDOWS\java\Packages\KFLZLNL3.ZIP 2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-06-24 20:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-06 18:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:59 115816] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 20:12 169984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.yv12"= yv12vfw.dll "vidc.hfyu"= huffyuv.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-09 17:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-11-08 18:00 128920 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] --a------ 2001-11-29 01:00 28672 C:\Program Files\Creative\SBLive\Program\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kek] --a------ 2008-08-01 01:59 41764 c:\WINDOWS\system32\kek.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpt] --a------ 2008-08-06 00:52 58629 c:\WINDOWS\system32\mpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-03-31 21:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 03:34 167936 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 19:02 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] --a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\IBP 9\\IBP.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\WINDOWS\\system32\\mpxa.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= *Newly Created Service* - COMHOST . - - - - ORPHANS REMOVED - - - - BHO-{059F64B3-475B-41A3-A895-B1B50C498857} - C:\Documents and Settings\Control9145\Local Settings\Temporary Internet Files\Content.IE5\3KRTAIVG\3077htsbdjyf[1].dll BHO-{E58DB39C-87C7-4B3E-AA48-B3E3C5BFBE3a} - C:\WINDOWS\system32\qnlsgqyw.dll HKLM-Run-a4f778e8 - C:\WINDOWS\system32\ewvhrien.dll MSConfigStartUp-a4f778e8 - C:\WINDOWS\system32\phgibawi.dll MSConfigStartUp-Antivirus - C:\Program Files\VAV\vav.exe MSConfigStartUp-BMa7c44b74 - C:\WINDOWS\system32\hnjkhupl.dll MSConfigStartUp-Windows - C:\DOCUME~1\CONTRO~1\LOCALS~1\Temp\Setup_ver1.1400.0.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://cnn.com/ O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 21:08:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2008-08-17 21:10:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-18 01:10:48 Pre-Run: 58,467,823,616 bytes free Post-Run: 58,369,990,656 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 322 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:19:04 PM, on 8/17/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Control9145\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1217113819390 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 4984 bytes |
|
|
|
|
08-17-2008, 07:28 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Please go to: VirusTotal
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-17-2008, 08:04 PM
|
#7 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
Ok, I ran the scan and here is the log file. The second two files scans just said it was already done but I posted them also.
mpt.exe Antivirus Version Last Update Result AhnLab-V3 2008.8.15.0 2008.08.15 - AntiVir 7.8.1.19 2008.08.15 - Authentium 5.1.0.4 2008.08.16 - Avast 4.8.1195.0 2008.08.15 - AVG 8.0.0.161 2008.08.15 - BitDefender 7.2 2008.08.16 - CAT-QuickHeal 9.50 2008.08.14 - ClamAV 0.93.1 2008.08.16 - DrWeb 4.44.0.09170 2008.08.15 - eSafe 7.0.17.0 2008.08.14 - eTrust-Vet 31.6.6035 2008.08.15 - Ewido 4.0 2008.08.15 - F-Prot 4.4.4.56 2008.08.16 - F-Secure 7.60.13501.0 2008.08.15 Trojan-Downloader.Win32.Agent.aaju Fortinet 3.14.0.0 2008.08.15 - GData 2.0.7306.1023 2008.08.16 - Ikarus T3.1.1.34.0 2008.08.16 - K7AntiVirus 7.10.417 2008.08.15 - Kaspersky 7.0.0.125 2008.08.16 Trojan-Downloader.Win32.Agent.aaju McAfee 5362 2008.08.15 - Microsoft 1.3807 2008.08.16 - NOD32v2 3360 2008.08.15 - Norman 5.80.02 2008.08.15 - Panda 9.0.0.4 2008.08.15 - PCTools 4.4.2.0 2008.08.15 - Prevx1 V2 2008.08.16 Cloaked Malware Rising 20.57.42.00 2008.08.15 - Sophos 4.32.0 2008.08.16 - Sunbelt 3.1.1546.1 2008.08.15 - Symantec 10 2008.08.16 - TheHacker 6.3.0.3.046 2008.08.13 Trojan/Downloader.Zlob.tym TrendMicro 8.700.0.1004 2008.08.15 - VBA32 3.12.8.3 2008.08.15 Trojan-Downloader.Win32.Agent.aaju ViRobot 2008.8.14.1337 2008.08.14 Spyware.Agent.Do.58629 VirusBuster 4.5.11.0 2008.08.15 - Webwasher-Gateway 6.6.2 2008.08.16 - Additional information File size: 58629 bytes MD5...: 823f77bf7dfafa855e60841f55dc2611 SHA1..: 9c1fc8cf8b8ee479fd162ff5959f1b6b47fc94ea SHA256: d0e6db730187e0e44a9fa5b57418b5f775fbcb5652a7e37a4ba98c8cfc833678 SHA512: 9b77f46eae4707cdc8fa1f7e6d0cf0e0388b5f1d5a0a850c53e625c7119e4347 f1e3a9d9d993882ea216b103cf010038c4cf1fc6ce6fc0bfb939e23733eee96a PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4030e3 timedatestamp.....: 0x4878f231 (Sat Jul 12 18:04:33 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5b68 0x5c00 6.49 6bfa289fc453f683cf6ad42723acbb61 .rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207 .data 0x9000 0x25c58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6 .ndata 0x2f000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x37000 0x6c8 0x800 2.92 0668cc1f74eb6042f5ee65456f1f43da ( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramte...A6000083346A34 kek.exe File has already been analysed mpxa.exe File has already been analysed |
|
|
|
|
08-17-2008, 08:24 PM
|
#8 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Hi -
I don't suppose you followed the links to the other two files and saved them? I'd like a current analysis, there's a button on the page to reanalyze the file. Please do so for the other two files.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-17-2008, 09:46 PM
|
#9 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
Ok done. Here are the other two files kek.exe and mpxa.exe
Antivirus Version Last Update Result AhnLab-V3 2008.8.15.0 2008.08.15 - AntiVir 7.8.1.19 2008.08.16 - Authentium 5.1.0.4 2008.08.18 - Avast 4.8.1195.0 2008.08.17 - AVG 8.0.0.161 2008.08.17 - BitDefender 7.2 2008.08.18 - CAT-QuickHeal 9.50 2008.08.16 - ClamAV 0.93.1 2008.08.16 - DrWeb 4.44.0.09170 2008.08.17 - eSafe 7.0.17.0 2008.08.17 - eTrust-Vet 31.6.6035 2008.08.15 - Ewido 4.0 2008.08.17 - F-Prot 4.4.4.56 2008.08.17 - F-Secure 7.60.13501.0 2008.08.18 Trojan-Downloader.Win32.Agent.aajt Fortinet 3.14.0.0 2008.08.17 - GData 2.0.7306.1023 2008.08.17 - Ikarus T3.1.1.34.0 2008.08.18 Backdoor.Win32.Small.ejp K7AntiVirus 7.10.417 2008.08.15 - Kaspersky 7.0.0.125 2008.08.18 Trojan-Downloader.Win32.Agent.aajt McAfee 5362 2008.08.15 - Microsoft 1.3807 2008.08.18 - NOD32v2 3362 2008.08.17 - Norman 5.80.02 2008.08.15 - Panda 9.0.0.4 2008.08.17 - PCTools 4.4.2.0 2008.08.17 - Prevx1 V2 2008.08.18 Cloaked Malware Rising 20.58.00.00 2008.08.18 - Sophos 4.32.0 2008.08.18 - Sunbelt 3.1.1546.1 2008.08.15 - Symantec 10 2008.08.18 - TheHacker 6.3.0.3.052 2008.08.17 - TrendMicro 8.700.0.1004 2008.08.16 - VBA32 3.12.8.3 2008.08.18 Trojan-Downloader.Win32.Agent.aajt ViRobot 2008.8.16.1338 2008.08.16 Spyware.Agent.Do.41764 VirusBuster 4.5.11.0 2008.08.17 - Webwasher-Gateway 6.6.2 2008.08.18 - Additional information File size: 41764 bytes MD5...: 8f12f56cad2a08c1ffdda1501302d6bd SHA1..: 7040e6f3661a11a16068a2e6174eae942d701654 SHA256: c2a79b2060b098fff9ce0e7aead73ea6f1345a56c1a8d4949856fc27188a543f SHA512: e66c6248b50035ce678358d255e91292f656c83965036729043104b67790c1de 2b191f2206fafc1863fd8ce3cd3838340d30494b36367a1a7e8bd14c73af510c PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4030e3 timedatestamp.....: 0x4878f231 (Sat Jul 12 18:04:33 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5b68 0x5c00 6.49 6bfa289fc453f683cf6ad42723acbb61 .rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207 .data 0x9000 0x25c58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6 .ndata 0x2f000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x38000 0x6c8 0x800 2.92 af2063e112f61c1136b3f5784e131084 ( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramte...A60000A64058DF ThreatExpert info: http://www.threatexpert.com/report.a...dda1501302d6bd Antivirus Version Last Update Result AhnLab-V3 2008.8.15.0 2008.08.15 Win-Trojan/3proxy.41984 AntiVir 7.8.1.19 2008.08.16 TR/3Proxy.41984 Authentium 5.1.0.4 2008.08.18 - Avast 4.8.1195.0 2008.08.17 - AVG 8.0.0.161 2008.08.17 - BitDefender 7.2 2008.08.18 Trojan.Proxy.MRU CAT-QuickHeal 9.50 2008.08.16 - ClamAV 0.93.1 2008.08.16 - DrWeb 4.44.0.09170 2008.08.17 - eSafe 7.0.17.0 2008.08.17 - eTrust-Vet 31.6.6035 2008.08.15 - Ewido 4.0 2008.08.17 - F-Prot 4.4.4.56 2008.08.17 - F-Secure 7.60.13501.0 2008.08.18 Server-Proxy.Win32.3proxy.af Fortinet 3.14.0.0 2008.08.18 - GData 2.0.7306.1023 2008.08.17 - Ikarus T3.1.1.34.0 2008.08.18 Trojan-Proxy.2685 K7AntiVirus 7.10.417 2008.08.15 not-a-virus:Server-Proxy.Win32.3proxy.af Kaspersky 7.0.0.125 2008.08.18 not-a-virus:Server-Proxy.Win32.3proxy.af McAfee 5362 2008.08.15 - Microsoft 1.3807 2008.08.18 - NOD32v2 3362 2008.08.17 - Norman 5.80.02 2008.08.15 - Panda 9.0.0.4 2008.08.17 Trj/Hino.F PCTools 4.4.2.0 2008.08.17 - Prevx1 V2 2008.08.18 Malicious Software Rising 20.58.00.00 2008.08.18 - Sophos 4.32.0 2008.08.18 - Sunbelt 3.1.1546.1 2008.08.15 - Symantec 10 2008.08.18 - TheHacker 6.3.0.3.052 2008.08.17 - TrendMicro 8.700.0.1004 2008.08.16 - VBA32 3.12.8.3 2008.08.18 Trojan.Proxy.2685 ViRobot 2008.8.16.1338 2008.08.16 - VirusBuster 4.5.11.0 2008.08.17 - Webwasher-Gateway 6.6.2 2008.08.18 Trojan.3Proxy.41984 Additional information File size: 41984 bytes MD5...: 56d339e14d6b2df9cd35bde1199dcaf9 SHA1..: acc2f0f3bccbc9e5b50ed0ab5d0c2c4f403d634b SHA256: 1e4c1e48f440a1899dc5d9a953b5942daeb578e3bb7775d0dab86d88377297df SHA512: b5456dcaa175da5392fa77035b8d2aa39b9524e1763064ffd13e945172a1fefc d199b155e9f6186033282438be39dbf025032ecf19075f2075fc9375a4ce278d PEiD..: Dev-C++ 4.9.9.2 -> Bloodshed Software PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401270 timedatestamp.....: 0x4785396f (Wed Jan 09 21:15:27 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x77e0 0x7800 6.09 dfeb33014fc3e4c5c9fa365dfcf43f03 .data 0x9000 0x5b0 0x600 1.03 1b79bdad8b46ad6ad9e3e83fca953fdc .rdata 0xa000 0x1790 0x1800 5.54 bcfa2b1f0ba9bc1961194befb1590928 .bss 0xc000 0x90 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0xd000 0x870 0xa00 3.95 b9f7afdcf32454bc6924579dd5c13c02 ( 4 imports ) > msvcrt.dll: _ftime, _strdup, _strnicmp > msvcrt.dll: __getmainargs, __mb_cur_max, __p__environ, __p__fmode, __set_app_type, _cexit, _iob, _isctype, _onexit, _pctype, _setmode, atexit, atoi, fclose, fflush, fopen, fprintf, free, fseek, gmtime, localtime, malloc, memcpy, memset, perror, rand, realloc, signal, sprintf, srand, sscanf, strchr, strcpy, strerror, strlen, strstr, system, time > KERNEL32.dll: CloseHandle, CreateThread, DeleteCriticalSection, EnterCriticalSection, ExitProcess, FreeConsole, GetCurrentProcessId, GetCurrentThreadId, InitializeCriticalSection, LeaveCriticalSection, SetUnhandledExceptionFilter, Sleep > WS2_32.DLL: WSAAccept, WSAGetLastError, WSASocketA, WSAStartup, __WSAFDIsSet, bind, closesocket, connect, gethostbyname, getpeername, getsockname, htonl, htons, ioctlsocket, listen, ntohl, ntohs, recvfrom, select, send, sendto, setsockopt, shutdown ( 0 exports ) ThreatExpert info: http://www.threatexpert.com/report.a...35bde1199dcaf9 Prevx info: http://info.prevx.com/aboutprogramte...AAB400BE7CB0C4 |
|
|
|
|
08-17-2008, 09:50 PM
|
#10 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Thanks, Rob_illinois
Let's continue Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
08-17-2008, 10:05 PM
|
#11 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
Ok file has been submitted, and here are the to log files. Combofix and Hijackthis
ComboFix 08-08-17.03 - Control9145 2008-08-17 23:59:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.615 [GMT -4:00] Running from: C:\Documents and Settings\Control9145\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Control9145\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\kek.exe C:\WINDOWS\system32\mpt.exe C:\WINDOWS\system32\mpxa.exe . ((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))) . 2008-08-17 13:23 . 2008-08-17 13:23 <DIR> d-------- C:\Deckard 2008-08-17 02:11 . 2008-08-17 02:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-16 22:54 . 2008-08-17 02:10 199 --a------ C:\WINDOWS\wininit.ini 2008-08-16 22:06 . 2008-08-16 22:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-16 22:06 . 2008-08-16 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-16 22:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-08-16 22:01 . 2008-08-17 02:13 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-11 10:32 . 2008-08-11 10:33 38 --a------ C:\WINDOWS\avisplitter.INI 2008-08-11 03:46 . 2008-08-11 03:46 <DIR> d-------- C:\Program Files\PowerISO 2008-08-08 19:14 . 2008-08-08 19:14 77,828 --a------ C:\WINDOWS\system32\css2_32.dll 2008-08-08 17:28 . 2008-08-08 17:28 <DIR> d-------- C:\Program Files\Microsoft Works 2008-08-08 17:27 . 2008-08-08 17:27 <DIR> d-------- C:\Program Files\MSBuild 2008-08-08 17:23 . 2008-08-08 18:30 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-08 17:23 . 2008-08-08 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-08 17:22 . 2008-08-08 17:22 <DIR> dr-h----- C:\MSOCache 2008-08-08 10:32 . 2008-08-08 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-08-08 10:31 . 2008-08-08 10:32 <DIR> d-------- C:\Program Files\Winamp Remote 2008-08-08 10:30 . 2008-08-08 10:32 <DIR> d-------- C:\Program Files\Winamp 2008-08-08 10:30 . 2008-08-09 01:38 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\Winamp 2008-08-06 10:35 . 2008-04-13 14:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-08-03 23:23 . 2008-08-03 23:23 <DIR> d-------- C:\Program Files\mIRC 2008-08-03 23:23 . 2008-08-04 02:19 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\mIRC 2008-07-29 11:09 . 2008-07-29 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE 2008-07-29 11:08 . 2008-07-29 11:08 <DIR> d-------- C:\Program Files\GlobalSCAPE 2008-07-29 11:08 . 2008-07-29 11:08 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\GlobalSCAPE 2008-07-28 00:41 . 2008-07-28 00:41 <DIR> d-------- C:\Program Files\IBP 9 2008-07-28 00:41 . 2008-08-07 23:26 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\IBP 2008-07-27 21:47 . 2008-08-15 10:44 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\dvdcss 2008-07-27 21:14 . 2008-07-27 21:14 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\Symantec 2008-07-27 18:22 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-27 18:22 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-27 18:22 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-27 18:22 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-27 18:22 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-27 18:22 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-27 18:22 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-27 18:22 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-27 18:22 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-27 18:03 . 2008-07-27 18:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-07-27 17:52 . 2008-07-27 17:52 <DIR> d-------- C:\WINDOWS\nview 2008-07-27 17:52 . 2008-07-27 17:52 <DIR> d-------- C:\NVIDIA 2008-07-27 17:52 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-07-27 17:52 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-07-27 17:52 . 2008-07-27 18:05 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-07-27 17:52 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-07-27 01:49 . 2008-07-27 04:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-07-27 01:43 . 2008-08-17 20:29 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-26 23:16 . 2008-07-26 23:16 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\Nero 2008-07-26 23:14 . 2008-07-26 23:14 <DIR> d-------- C:\Program Files\Nero 2008-07-26 23:14 . 2008-07-26 23:15 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-07-26 23:14 . 2008-07-26 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-07-26 22:43 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-26 22:43 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-07-26 22:43 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-26 21:49 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-26 21:49 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-26 21:31 . 2008-08-17 21:07 16,420 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 21:31 . 2008-08-17 21:07 16,420 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 21:31 . 2008-08-17 21:07 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-07-26 21:31 . 2008-08-17 21:07 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-07-26 21:31 . 2008-08-17 21:07 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80641102}.dat 2008-07-26 21:31 . 2008-08-17 21:07 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80641102}.dat 2008-07-26 21:20 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-07-26 21:20 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\system32\en 2008-07-26 21:20 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-26 20:43 . 2008-04-13 20:12 786,432 -----c--- C:\WINDOWS\system32\dllcache\migrate.exe 2008-07-26 20:04 . 2008-07-26 20:04 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-07-26 20:04 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-07-26 20:04 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-26 20:04 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2008-07-26 20:04 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-07-26 20:03 . 2008-07-26 20:03 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-07-26 20:03 . 2008-07-26 20:03 <DIR> d-------- C:\WINDOWS\system32\custom matrices 2008-07-26 20:03 . 2008-07-26 20:04 <DIR> d-------- C:\WINDOWS\system32\C2MP 2008-07-26 20:00 . 2008-07-26 20:00 <DIR> d-------- C:\Program Files\uTorrent 2008-07-26 20:00 . 2008-07-26 20:00 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\vlc 2008-07-26 20:00 . 2008-08-16 21:49 <DIR> d-------- C:\Documents and Settings\Control9145\Application Data\uTorrent 2008-07-26 19:57 . 2008-07-26 19:57 <DIR> d-------- C:\Program Files\VideoLAN 2008-07-26 19:54 . 2008-07-26 19:54 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-26 19:51 . 2008-08-14 12:25 3,374,149 --a------ C:\WINDOWS\{00000002-00000000-00000005-00001102-00000002-80641102}.CDF 2008-07-26 19:51 . 2008-08-14 12:25 3,374,149 --a------ C:\WINDOWS\{00000002-00000000-00000005-00001102-00000002-80641102}.BAK 2008-07-26 19:49 . 2008-08-17 21:07 24,888 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 19:49 . 2008-08-17 21:07 24,888 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000002-80641102}.rfx 2008-07-26 19:47 . 2008-07-29 11:08 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-26 19:47 . 2008-07-26 19:48 <DIR> d-------- C:\Program Files\Creative 2008-07-26 19:47 . 2008-07-27 17:52 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-26 19:47 . 1999-12-17 01:00 6,752 --a------ C:\WINDOWS\system32\PFMODNT.SYS 2008-07-26 19:35 . 2008-07-26 23:13 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2008-07-26 19:34 . 2008-07-26 19:34 <DIR> d-------- C:\WINDOWS\provisioning 2008-07-26 19:34 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\peernet 2008-07-26 19:32 . 2008-07-26 21:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-26 19:27 . 2008-07-26 21:10 <DIR> d-------- C:\WINDOWS\EHome 2008-07-26 19:24 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img 2008-07-26 19:24 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe 2008-07-26 19:24 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig 2008-07-26 19:24 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat 2008-07-26 19:12 . 2008-07-26 21:20 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-26 19:12 . 2008-07-27 18:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-26 19:12 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-26 19:11 . 2008-04-13 13:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll 2008-07-26 19:11 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll 2008-07-26 19:11 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-07-26 19:11 . 2008-04-13 20:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2008-07-26 19:11 . 2008-04-13 20:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2008-07-26 19:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2008-07-26 19:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2008-07-26 19:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-07-26 19:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-26 19:10 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-07-26 19:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll 2008-07-26 19:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-07-26 19:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-07-26 19:10 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-07-26 19:05 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-07-26 19:05 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2008-07-26 19:05 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL 2008-07-26 19:04 . 2007-07-17 12:21 186,256 --a------ C:\WINDOWS\system32\SymNPPWA.dll 2008-07-26 18:42 . 2008-07-26 18:42 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-07-26 18:41 . 2008-07-26 18:41 16 --a------ C:\WINDOWS\system32\coh.cache 2008-07-26 18:34 . 2008-07-26 19:04 <DIR> d-------- C:\Program Files\Symantec 2008-07-26 18:34 . 2008-08-06 11:09 <DIR> d-------- C:\Program Files\Norton 360 2008-07-26 18:34 . 2008-08-17 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-26 18:34 . 2008-07-26 19:04 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-26 18:34 . 2008-07-26 19:04 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-26 18:34 . 2008-07-26 19:04 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-26 06:59 558,142 ----a-w C:\WINDOWS\java\Packages\7F7LV5RJ.ZIP 2008-07-26 06:59 155,995 ----a-w C:\WINDOWS\java\Packages\KFLZLNL3.ZIP 2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-06-24 20:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-06 18:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-06-06 18:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:59 115816] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 20:12 169984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.yv12"= yv12vfw.dll "vidc.hfyu"= huffyuv.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-09 17:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-11-08 18:00 128920 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] --a------ 2001-11-29 01:00 28672 C:\Program Files\Creative\SBLive\Program\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-03-31 21:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 03:34 167936 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 19:02 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] --a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\IBP 9\\IBP.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= *Newly Created Service* - COMHOST . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-kek - c:\WINDOWS\system32\kek.exe MSConfigStartUp-mpt - c:\WINDOWS\system32\mpt.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 00:01:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-18 0:01:40 ComboFix-quarantined-files.txt 2008-08-18 04:01:37 ComboFix2.txt 2008-08-18 01:10:54 Pre-Run: 58,353,147,904 bytes free Post-Run: 58,347,761,664 bytes free 234 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:06 AM, on 8/18/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Control9145\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1217113819390 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 4985 bytes |
|
|
|
|
08-17-2008, 10:33 PM
|
#12 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Good work. Please delete [4]-Submit_2008-08-17@23.59.zip from your desktop.
Go here to run an online scannner from ESET.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-18-2008, 09:36 AM
|
#13 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
I am doing the scan now. It seems a little better, I am getting a weird message though in ie. I have cnn.com for the homepage and when it goes to come up the first time or I try to view videos I get this message:
Internet Explorer is currently running without add-ons How do I fix this? Thanks |
|
|
|
|
08-18-2008, 01:24 PM
|
#14 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Waiting on the results of the online scan. Best to address one issue at a time.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-18-2008, 07:30 PM
|
#15 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 14
OS: XP
|
Re: Slow Internet and just ran DSS.exe :(
Ok scan is done and here is the log text:
# version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3365 (20080818) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=a507db6a05836c4aa7b8b9f7ef6bd9fa # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-08-19 12:42:47 # local_time=2008-08-18 08:42:47 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=248134 # found=11 # scan_time=2961 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVcodec.zip Win32/Bagle.gen.zip worm 8FB23D926E407A581841E1C7D95751A4 C:\Documents and Settings\Control9145\Desktop\Codec filters\AVICodecPackPlus220.exe probably a variant of Win32/Adware.Agent application 56C09F3C3DBF39FBEBBA12C2DC444E9B C:\Documents and Settings\Control9145\Desktop\Codec filters\AVICodecPackPlus220.exe »NSIS »mpcodecplg.dll probably a variant of Win32/Adware.Agent application 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\system32\axstcggy.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\cyxnyckg.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\jkklkkLD.dll.vir Win32/Adware.Virtumonde application 8449CE27759653C9B8DB437DE7AAC7AB C:\QooBox\Quarantine\C\WINDOWS\system32\ltuiohiy.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\quctbmyo.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\snxmvuyf.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\tdssl.dll.vir Win32/Agent.OBU trojan F23DEE5184E4BFC4100E1F2D88F5D993 C:\QooBox\Quarantine\C\WINDOWS\system32\wtryvktd.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 |
|
|
|
|
08-18-2008, 07:39 PM
|
#16 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Be mindful that many infections pose as codecs.
========================= When files found by other scanners are in the Recovery directory inside the Spybot-S&D directory, it is only a backup. It is no longer of any harm there, as the file won't be loaded from there. But once you are sure you don't need the backup, go to the Recovery section inside Spybot-S&D and purge the files. 1. Open Spybot. If you have a shortcut on your desktop, double click it. or Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy. 2. On the left side, click "Recovery". 3. Select (place a check) beside ALL the backup files that contain quarantined items. 4. Click on the Purge Selected Items button. 5. A dialog will appear, stating that the backup will be removed. Click Yes. 6. When the Recovery window is empty, Exit Spybot.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
08-18-2008, 10:01 PM
|
#18 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Other vendors agree that the file is a threat. I'd delete it.
http://www.virustotal.com/analisis/e...85efd6542bf755 For the Internet Explorer issue, I'll try, but I'm not sure if I can help. You may be better off in the Internet Explorer forum How are you running IE? Desktop shortcut? Quicklaunch shortcut? Start Menu? Try running it from Start > Run > iexplore
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
08-18-2008, 10:24 PM
|
#20 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,570
OS: 2000 Pro; XP Pro; XP Home
|
Re: Slow Internet and just ran DSS.exe :(
Yes, from a malware perspective, your logs appear clean.
Reason I asked how is, some googling the message you receive suggests a corrupted shortcut. Some have been able to replace the shortcuts and all was well. Another approach might just be to check Tools > Manage Addons and see if you can enable them. We have some final steps to perform to conclude the cleaning: We still have a few items to address. Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
