Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Was infected with a virus earlier today, did a virus boot scan it found a malware, remove it but i think i still have traces of it cause when i check msconfig i have 2 funny dll names starting up at system startup. Heres my log

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-15 19:23:48
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Fraps\fraps.exe
C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Francis\Desktop\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {37B32357-7366-429F-9397-F6E7D2163568} - C:\WINDOWS\system32\khfFVpmL.dll
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\pmnmjJYS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {1d8f90f0-e26f-d81b-13c4-03f05cbb4f1b} - {b1f4bbc5-0f30-4c31-b18d-f62e0f09f8d1} - C:\WINDOWS\system32\pqsmewpi.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BM3317a4a8] Rundll32.exe "C:\WINDOWS\system32\cewxyaer.dll",s
O4 - HKLM\..\Run: [30249734] rundll32.exe "C:\WINDOWS\system32\nabuygde.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker Beta - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker Beta\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE4A1B6A-96FD-4E80-9F9D-DC91F401689E}: NameServer = 68.87.76.178,68.87.66.196
O20 - Winlogon Notify: pmnmjJYS - C:\WINDOWS\system32\pmnmjJYS.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--
End of file - 6053 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 19:17:50 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-15 19:17:49 0 d-------- C:\Program Files\SpywareBlaster
2008-06-15 19:15:22 0 d-------- C:\WINDOWS\LastGood
2008-06-15 19:15:00 0 d-------- C:\Program Files\Panda Security
2008-06-15 19:10:53 81408 --a------ C:\WINDOWS\system32\nabuygde.dll
2008-06-15 19:07:53 99840 --a------ C:\WINDOWS\system32\pqsmewpi.dll
2008-06-15 19:05:33 90112 --a------ C:\WINDOWS\system32\cewxyaer.dll
2008-06-15 19:00:25 683565 --ahs---- C:\WINDOWS\system32\LmpVFfhk.ini2
2008-06-15 19:00:20 322560 --a------ C:\WINDOWS\system32\khfFVpmL.dll
2008-06-15 15:53:04 25088 --a------ C:\WINDOWS\system32\nnnoOFYP.dll
2008-06-15 15:50:20 99840 --a------ C:\WINDOWS\system32\kuuulbkg.dll
2008-06-15 15:48:12 81408 --a------ C:\WINDOWS\system32\nbunasxm.dll
2008-06-15 15:48:03 90112 --a------ C:\WINDOWS\system32\egtjisuh.dll
2008-06-15 15:47:20 707684 --ahs---- C:\WINDOWS\system32\hQstCMoq.ini2
2008-06-15 15:42:21 25088 --a------ C:\WINDOWS\system32\geBRIaYQ.dll
2008-06-15 15:41:44 25088 --a------ C:\WINDOWS\system32\pmnmjJYS.dll
2008-06-15 13:12:33 0 d-------- C:\Documents and Settings\Francis\Application Data\Publish Providers
2008-06-15 13:12:33 0 d-------- C:\Documents and Settings\Francis\Application Data\NetMedia Providers
2008-06-15 13:08:56 0 d-------- C:\Documents and Settings\Francis\Application Data\Sony
2008-06-15 13:07:29 0 d-------- C:\Program Files\Sony Setup
2008-06-15 08:41:55 0 d-------- C:\Program Files\Codemasters
2008-06-13 12:22:11 0 dr-h----- C:\Documents and Settings\Francis\Recent
2008-06-13 12:21:13 0 d-------- C:\Program Files\CCleaner
2008-06-10 14:25:05 0 d-------- C:\Program Files\Bodog Poker Beta
2008-06-07 04:25:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-07 04:23:02 0 d-------- C:\Program Files\OpenAL
2008-05-26 14:30:34 0 d-------- C:\WINDOWS\CSC
2008-05-25 23:15:13 0 dr-h----- C:\Documents and Settings\Francis\Application Data\SecuROM
2008-05-25 19:49:46 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-25 19:32:52 0 d-------- C:\Program Files\CarbonPoker
2008-05-25 19:28:59 0 d-------- C:\Documents and Settings\Francis\Application Data\Microgaming
2008-05-22 13:47:11 0 d-------- C:\Program Files\MTA San Andreas
2008-05-21 13:39:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-21 13:37:10 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-21 13:36:54 0 d-------- C:\Program Files\ATI Technologies
2008-05-21 13:36:25 0 d-------- C:\ATI
2008-05-20 17:40:13 0 d-------- C:\Program Files\Rockstar Games
2008-05-18 12:01:28 0 d-------- C:\WINDOWS\San Andreas Mod Installer
2008-05-18 12:01:28 0 d-------- C:\Program Files\San Andreas Mod Installer


-- Find3M Report ---------------------------------------------------------------

2008-06-15 18:50:24 0 d-------- C:\Program Files\Guild Wars
2008-06-15 08:41:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 08:41:22 0 d-------- C:\Documents and Settings\Francis\Application Data\IGN_DLM
2008-06-14 14:02:23 0 d-------- C:\Program Files\Steam
2008-06-14 13:57:54 0 d-------- C:\Program Files\Cake Poker
2008-06-14 00:04:18 0 d-------- C:\Program Files\PokerStars
2008-06-10 13:27:30 0 d-------- C:\Documents and Settings\Francis\Application Data\LimeWire
2008-05-21 13:39:56 0 d-------- C:\Documents and Settings\Francis\Application Data\ATI
2008-05-21 13:35:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-21 13:30:36 0 d-------- C:\Program Files\Ray Adams
2008-05-11 12:39:25 0 d-------- C:\Program Files\BitComet
2008-05-07 14:06:42 0 d-------- C:\Documents and Settings\Francis\Application Data\Touchstone
2008-05-07 06:07:42 0 d-------- C:\Documents and Settings\Francis\Application Data\Leadertech
2008-05-07 05:56:05 0 d-------- C:\Program Files\Common Files
2008-05-04 16:03:34 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-04 15:54:03 0 d-------- C:\Program Files\Electronic Arts
2008-05-04 04:37:17 0 d-------- C:\Program Files\Bodog Poker
2008-05-03 05:02:45 0 d-------- C:\Documents and Settings\Francis\Application Data\Sun
2008-05-03 03:01:23 0 d-------- C:\Program Files\Java
2008-05-03 03:00:20 0 d-------- C:\Program Files\Common Files\Java
2008-05-03 02:58:52 0 d-------- C:\Program Files\LimeWire
2008-05-01 06:44:17 0 d-------- C:\Program Files\RivaTuner v2.09
2008-04-28 13:58:52 0 d-------- C:\Program Files\Logitech
2008-04-28 13:58:52 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-23 14:58:31 0 d-------- C:\Program Files\Messenger
2008-04-23 14:58:22 0 d-------- C:\Program Files\Movie Maker
2008-04-23 14:56:36 0 d-------- C:\Program Files\Windows NT
2008-04-22 18:57:34 0 d-------- C:\Program Files\EA SPORTS
2008-04-22 17:28:21 0 d-------- C:\Documents and Settings\Francis\Application Data\AdobeUM
2008-04-22 17:27:43 0 d-------- C:\Documents and Settings\Francis\Application Data\Adobe
2008-04-22 17:26:55 0 d-------- C:\Program Files\Activision
2008-04-22 17:26:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 17:22:19 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-22 17:20:31 0 d-------- C:\Documents and Settings\Francis\Application Data\DAEMON Tools
2008-04-22 11:08:53 0 d-------- C:\Documents and Settings\Francis\Application Data\DivX
2008-04-22 09:39:25 0 d-------- C:\Program Files\DivX
2008-04-21 19:08:33 0 d-------- C:\Program Files\Viewpoint
2008-04-21 18:05:17 0 d-------- C:\Documents and Settings\Francis\Application Data\Aim
2008-04-21 18:05:16 0 d-------- C:\Program Files\AIM
2008-04-21 18:04:23 0 d-------- C:\Program Files\AOD
2008-04-20 14:55:43 0 d-------- C:\Program Files\Common Files\NSV
2008-04-19 20:17:42 0 d-------- C:\Program Files\America's Army
2008-04-19 19:19:08 0 d-------- C:\Program Files\America's Army Server Manager
2008-04-19 12:16:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-19 11:50:59 0 d-------- C:\Program Files\Realtek
2008-04-19 11:50:57 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-19 11:23:27 0 d-------- C:\Documents and Settings\Francis\Application Data\atitray
2008-04-19 11:09:13 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-04-19 11:05:00 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-19 09:41:40 0 d-------- C:\Program Files\HD Tune
2008-04-19 07:57:57 0 d-------- C:\Program Files\Download Manager
2008-04-19 07:53:18 0 d-------- C:\Program Files\EA GAMES
2008-04-19 06:47:09 0 d-------- C:\Program Files\Ace Utilities
2008-04-19 06:33:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-18 17:38:48 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-18 17:22:59 0 d-------- C:\Program Files\Sierra Online
2008-04-18 17:22:22 0 d-------- C:\Documents and Settings\Francis\Application Data\InstallShield
2008-04-18 16:57:37 0 d-------- C:\Program Files\NEC DISPLAY SOLUTIONS
2008-04-18 16:56:22 0 d-------- C:\Documents and Settings\Francis\Application Data\WinRAR
2008-04-18 16:53:50 0 d-------- C:\Documents and Settings\Francis\Application Data\Winamp
2008-04-18 16:51:42 0 --a----c- C:\WINDOWS\ativpsrm.bin
2008-04-18 16:36:32 0 d-------- C:\Documents and Settings\Francis\Application Data\Macromedia
2008-04-18 16:34:27 0 d-------- C:\Program Files\Winamp
2008-04-18 16:23:34 0 d-------- C:\Program Files\MSXML 6.0
2008-04-18 16:22:47 0 d-------- C:\Program Files\MSXML 4.0
2008-04-18 16:21:35 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-18 16:21:34 0 d-------- C:\Documents and Settings\Francis\Application Data\Mozilla
2008-04-18 16:20:53 0 d-------- C:\Program Files\KWorld Multimedia
2008-04-18 16:19:47 0 d-------- C:\Program Files\Alwil Software
2008-04-18 16:13:34 0 d-------- C:\Program Files\DIFX
2008-04-18 16:11:40 0 d-------- C:\Program Files\Creative
2008-04-18 16:11:09 0 d-------- C:\Documents and Settings\Francis\Application Data\Creative
2008-04-18 16:05:52 0 d-------- C:\Documents and Settings\Francis\Application Data\Identities
2008-04-18 16:03:04 0 d-------- C:\Program Files\microsoft frontpage
2008-04-18 16:02:54 0 -rahs---- C:\MSDOS.SYS
2008-04-18 16:02:54 0 -rahs---- C:\IO.SYS
2008-04-18 16:02:54 0 --a------ C:\CONFIG.SYS
2008-04-18 16:02:54 0 --a------ C:\AUTOEXEC.BAT
2008-04-18 16:02:05 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-18 16:01:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-18 16:00:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 16:00:51 0 d-------- C:\Program Files\Online Services
2008-04-18 16:00:49 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-18 16:00:44 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-18 08:57:32 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-18 08:57:29 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-18 08:57:16 62 --ahs---- C:\Documents and Settings\Francis\Application Data\desktop.ini
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 13:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37B32357-7366-429F-9397-F6E7D2163568}]
06/15/2008 07:00 PM 322560 --a------ C:\WINDOWS\system32\khfFVpmL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A52E74-004C-464B-96CC-4DFE5366EA02}]
06/15/2008 03:41 PM 25088 --a------ C:\WINDOWS\system32\pmnmjJYS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1f4bbc5-0f30-4c31-b18d-f62e0f09f8d1}]
06/15/2008 07:07 PM 99840 --a------ C:\WINDOWS\system32\pqsmewpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [07/13/2006 02:11 PM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 06:07 PM]
"CTHelper"="CTHELPER.EXE" [05/23/2006 09:20 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [05/23/2006 09:20 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"BM3317a4a8"="C:\WINDOWS\system32\cewxyaer.dll" [06/15/2008 07:05 PM]
"30249734"="C:\WINDOWS\system32\nabuygde.dll" [06/15/2008 07:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"Fraps"="C:\FRAPS\FRAPS.EXE" [01/14/2008 05:18 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Remote Control.lnk - C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe [4/18/2008 4:20:16 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57A52E74-004C-464B-96CC-4DFE5366EA02}"= C:\WINDOWS\system32\pmnmjJYS.dll [06/15/2008 03:41 PM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjJYS]
pmnmjJYS.dll 06/15/2008 03:41 PM 25088 C:\WINDOWS\system32\pmnmjJYS.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfFVpmL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30249734]
rundll32.exe "C:\WINDOWS\system32\nbunasxm.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3317a4a8]
Rundll32.exe "C:\WINDOWS\system32\egtjisuh.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-15 19:24:51 ------------


Moderators Message

Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words BUMP, please to move it forward.

DO NOT Bump the thread unless 72 hours has passed. We work from oldest to newest posts so your wait will be longer if you bump it forward before the 72 hours is up. We look for 0 reply, or 1 reply threads to respond to.

Early bump posts will be deleted.
 

·
Registered
Joined
·
5,263 Posts
Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.

==========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

==========

Please post the extra.txt from deckard system scanner in your next reply. It can found at C:\Deckard\System Scanner\extra.txt

==========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with all the required logs

========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

==========
Logs Required
Report.txt
C:\Combofix.txt
C:\Deckard\System Scanner\extra.txt<----Attached
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top