Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
hi,
My symantec caught several malwares, including infostealer.gampass, Trojan.drondog, infostealer,infostealer.onlinegame, Trojan horse, Trojan.startpage, hacktool.rootkit, downloader,and backdoor.graybird. I ran a complete scan and deleted all the infected files. But the infostealer.gampass thing kept coming back. I can't open task manager and regedit, what's more, I can't even open hijackThis. I tried to follow the 5 steps, but the panda scan stops at either 22% in firefox or 56% in IE, in both case over 48 hours. Anyway I used DSS.exe, it seems to able to run hijackthis, but when it's done, only the main.txt was open, there was no extra.txt.



here is the main.txt

Deckard's System Scanner v20071014.68
Run by Hui Tan on 2008-06-08 20:58:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Hui Tan.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:51 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hui Tan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HUITAN~1.EXE

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {28E9BDD7-1261-41A9-B377-532B3966A16A} (PGVisa Class) - https://www.gnetpg.com/PlugIn/PGVisaATL.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lovepku1997.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186611961296
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pitt.edu,cis.pitt.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pitt.edu,cis.pitt.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysWoWCt.dll SysWmWacz.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RemoteShellServer - Unknown owner - C:\Program Files\Argonne National Lab\MPICH.NT.1.2.1\RemoteShell\Bin\RemoteShellServer.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11373 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 20:39:06 0 d-------- C:\ie-spyad_zo
2008-06-06 00:52:54 0 d-------- C:\bintheredunthat
2008-06-06 00:18:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 00:17:43 0 d-------- C:\Program Files\SpywareBlaster
2008-06-05 02:11:29 0 d-------- C:\Program Files\Trend Micro
2008-06-05 01:53:25 0 d-------- C:\Program Files\Panda Security
2008-06-05 01:47:29 0 d-------- C:\bfu
2008-06-04 09:26:18 3264 --a------ C:\WINDOWS\system32\rmmfg.exe
2008-06-04 09:25:42 0 --a------ C:\WINDOWS\system32\hhbc.exe
2008-06-04 09:25:31 10238 --a------ C:\WINDOWS\system32\nllef.exe
2008-06-04 09:25:27 15478 --a------ C:\WINDOWS\system32\qofcc.exe
2008-06-04 09:25:24 3950 --a------ C:\WINDOWS\system32\wttro.exe
2008-06-04 09:25:16 13906 --a------ C:\WINDOWS\system32\ayzwt.exe
2008-06-04 09:25:12 10762 --a------ C:\WINDOWS\system32\wurom.exe
2008-06-04 09:24:54 12334 --a------ C:\WINDOWS\system32\ebzwx.exe
2008-06-04 09:24:51 12335 --a------ C:\WINDOWS\system32\usppn.exe
2008-06-04 09:24:39 0 --a------ C:\WINDOWS\system32\pnnkh.exe
2008-06-04 09:24:26 0 --a------ C:\WINDOWS\system32\ywtro.exe
2008-06-04 09:24:15 0 --a------ C:\WINDOWS\system32\azwwt.exe
2008-06-04 09:24:06 0 --a------ C:\WINDOWS\system32\gdazw.exe
2008-06-04 09:23:43 9741 --a------ C:\WINDOWS\system32\kkhe.exe
2008-06-04 09:23:31 14711 --a------ C:\WINDOWS\system32\qnklh.exe
2008-06-04 09:23:08 132 --a------ C:\_uniep.bat
2008-06-04 09:22:58 12356 --a------ C:\WINDOWS\system32\mgbtrm.exe
2008-05-29 21:51:14 256 --a------ C:\WINDOWS\system32\msosfmsq.dat
2008-05-29 21:39:20 256 --a------ C:\WINDOWS\system32\msoscqit.dat
2008-05-29 21:38:38 18622 --a------ C:\WINDOWS\system32\umll12.exe
2008-05-29 21:26:32 17207 --a------ C:\WINDOWS\system32\ubbr3.exe
2008-05-29 21:26:29 256 --a------ C:\WINDOWS\system32\msosdohs.dat
2008-05-29 21:26:26 256 --a------ C:\WINDOWS\system32\msosmhfp.dat
2008-05-28 17:56:56 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-28 17:56:56 2543 --a------ C:\WINDOWS\unins000.dat
2008-05-08 11:25:23 0 dr-h----- C:\Documents and Settings\Hui Tan\Recent


-- Find3M Report ---------------------------------------------------------------

2008-06-08 20:56:57 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 00:22:35 0 d-------- C:\Program Files\Wopti
2008-06-04 17:07:45 3253 --a------ C:\WINDOWS\system32\cid_store.dat
2008-06-02 21:45:57 0 d-------- C:\Documents and Settings\Hui Tan\Application Data\Skype
2008-06-02 20:20:03 0 d-------- C:\Program Files\Common Files
2008-05-30 18:33:35 0 d-------- C:\Program Files\Lavasoft
2008-05-21 20:33:23 0 d-------- C:\Program Files\eMule
2008-04-29 23:11:10 0 d-------- C:\Program Files\PPLive
2008-04-29 23:05:31 0 d-------- C:\Documents and Settings\Hui Tan\Application Data\PPLive
2008-04-29 23:03:01 0 d-------- C:\Program Files\FlashGet
2008-04-21 16:46:50 0 d-------- C:\Program Files\Common Files\Thunder Network
2008-04-21 16:14:04 0 d-------- C:\Program Files\eREAD
2008-04-15 00:49:15 0 d-------- C:\Documents and Settings\Hui Tan\Application Data\foobar2000
2008-04-13 23:56:35 0 d-------- C:\Program Files\Monkey's Audio
2008-04-13 22:13:19 0 d-------- C:\Program Files\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
03/10/2008 12:08 PM 81920 --a------ C:\Program Files\eREAD\eREAD\WebHook.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8D1401-A58D-A81C-CD24-A5915C4517C7}]
08/08/2004 09:29 AM 538120 --ahs---- C:\WINDOWS\system32\mnmhgsrv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 AM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [09/03/2002 12:25 PM]
"DAEMON Tools-2052"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/06/2003 02:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/3/2004 1:32:13 PM]
DESKTOP.INI [11/3/2003 7:49:34 PM]
LevelOne Wireless Utility.lnk - C:\Program Files\LevelOne\Common\RaUI.exe [8/20/2007 6:27:41 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EB71E0B3-E97D-4D30-8733-E28266467617}"= C:\WINDOWS\system32\wyhesm.dll [ ]
"{28EB3777-3E23-4E72-8449-A992D09D24C3}"= C:\WINDOWS\system32\zgfdet.dll [ ]
"{F99DEFDD-200B-4410-B572-E90883D527D2}"= C:\WINDOWS\system32\wrqszl.dll [ ]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [ ]
"{84143967-B645-4BFF-B873-DA1DC886E9A7}"= C:\WINDOWS\system32\cedafb.dll [ ]
"{B29583D8-033A-4B9F-8553-7C5458F3FB8E}"= C:\WINDOWS\system32\jdsaex.dll [ ]
"{4F4F0064-71E0-4f0d-0017-708476C7815F}"= C:\WINDOWS\system32\midimaptl.dll [ ]
"{4F4F0064-71E0-4f0d-0018-708476C7815F}"= C:\WINDOWS\system32\midimapwd.dll [ ]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]
"{841529CB-7F77-4B99-A895-B5441E0D302F}"= C:\WINDOWS\system32\jfrwdh.dll [ ]
"{7C8D1401-A58D-A81C-CD24-A5915C4517C7}"= C:\WINDOWS\system32\mnmhgsrv.dll [08/08/2004 09:29 AM 538120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=SysWoWCt.dll SysWmWacz.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b7c6450-38d7-11dc-93b1-c6e76bc488b0}]
AutoRun\command- K:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-08 21:00:32 ------------
 

·
Registered
Joined
·
4,582 Posts
Hi, welcome to tsf!

if you still need assistance,

Make sure DSS is in your desktop.

Click start > run > copy and paste:

"%userprofile%\desktop\dss.exe" /config

When the DSS configuration window comes out, make sure everything is checked.

After that, click the "Scan!" button

Post the contents of main.txt and extra.txt in your next reply.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top