Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
o k guys im will try my best to help u guys help me by describing my problems best i can. the first time i encountered something was when the computer popped up a window suggesting i choose "yes or no" in order to clean up some trojans/viruses/spwares. it was the same window that displays fatal errors, but this time it looked a little off. i didn't think too much of it, but the next day internet explorer kept sprouting up with random and crude looking spyware sites. i don't even use internet explorer. IE has a weird toolbar on it "security toolbar 7.1" and if oft time goes to "www.savetheinformation.com" with the title safety center or security center. does www.htepo.com ring a bell also? Also it automatically installs "online security" and "live safety center" onto my desktop which when clicked leads to www.htepo.com. i've had ad-adware, spybot, windows defender, stinger, and even the windows malicious virus detector and i never ran into this before, but now its crazy. windows defender found win32/fotomo. i kno there are a lot of nasties and even when i feel like i get rid of a lot of them they come back. thx for ur help. p.s. my norton has been expired for a while now, but this was never a issue before.

Deckard's System Scanner v20071014.68
Run by user on 2007-11-09 13:19:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-11-09 21:19:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 1:29:26, on 2007-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\cleardisk\cds.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\acdgnetk.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21E0DEBD-AACE-4AE4-8384-3A59BA02EE00} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: {cc6a0fe3-cde4-267b-1664-bde6a118f5b3} - {3b5f811a-6edb-4661-b762-4edc3ef0a6cc} - C:\WINDOWS\system32\ooxnvvsw.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\tuvvttu.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jsvihicy.dll
O2 - BHO: MainCtrl Class - {ACB9752A-FB42-436E-84AF-35EA8313A587} - C:\Program Files\Club5678\Ctrl\Club5678Login\ClubLogin35.dll
O2 - BHO: (no name) - {F8323547-FB42-4AB6-B8B6-3899D2CFAD91} - \
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Search - {57AC854E-381C-4CBF-F508-B22C00E4A386} - C:\WINDOWS\Gzmhdcyd.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jsvihicy.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [G2] C:\Program Files\G2\G2Main.exe
O4 - HKLM\..\Run: [CDInit] C:\Program Files\cleardisk\CDInit.exe
O4 - HKLM\..\Run: [cds] C:\Program Files\cleardisk\cds.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [e85427c2] rundll32.exe "C:\WINDOWS\system32\qcfjksay.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .nwc: C:\Program Files\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll
O14 - IERESET.INF: START_PAGE_URL=http://yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://yahoo.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03a4e48c2d95cdb7aa23/netzip/RdxIE601.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.cineyes.com/download/cvtrace.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3C46E1D-4929-4FE8-853E-5CD43938047D} - http://g2.co.kr/program/install/g2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFA0B580-F85C-11D4-B501-00010261BA08} - http://assessment.esylvan.com/PCInfo.cab
O20 - Winlogon Notify: jsvihicy - C:\WINDOWS\SYSTEM32\jsvihicy.dll
O20 - Winlogon Notify: tuvvttu - C:\WINDOWS\SYSTEM32\tuvvttu.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\acdgnetk.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12693 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NPPTNT - c:\windows\system32\npptnt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 ham50 (Intel V92 HaM Data Fax Voice) - c:\windows\system32\drivers\intelh51.sys <Not Verified; Intel Corporation; Intel® Hardware accelerated Modem Driver>
R3 mohfilt (MOH Filter) - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel; Filter Driver to Support Modem-on-Hold>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 ATWPKT2 - c:\program files\america online 8.0c\atwpkt2.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\acdgnetk.exe /service <Not Verified; ; DDC>

S0 wscsvc (Security Center) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-09 02:19:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-26 19:01:19 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - user.job


-- Files created between 2007-10-09 and 2007-11-09 -----------------------------

2007-11-09 13:26:21 0 d-------- C:\Program Files\Trend Micro
2007-11-09 10:18:44 0 d-------- C:\Program Files\SpywareBlaster
2007-11-09 09:49:24 0 d-------- C:\ie-spyad_zo
2007-11-09 01:04:43 77888 --a------ C:\WINDOWS\system32\ooxnvvsw.dll
2007-11-09 01:02:14 88128 --a------ C:\WINDOWS\system32\qcfjksay.dll
2007-11-09 01:01:43 71232 --a------ C:\WINDOWS\system32\acdgnetk.exe <Not Verified; ; DDC>
2007-11-09 00:59:49 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-09 00:59:44 0 d-------- C:\WINDOWS\LastGood
2007-11-07 13:49:52 87104 --a------ C:\WINDOWS\system32\sfqgcmnj.dll
2007-11-07 13:46:53 81472 --a------ C:\WINDOWS\system32\mbljjiqf.dll
2007-11-07 13:43:53 71232 --a------ C:\WINDOWS\system32\nutsqxdh.exe <Not Verified; ; DDC>
2007-11-07 07:07:17 0 d--h----- C:\WINDOWS\PIF
2007-11-06 13:49:39 87104 --a------ C:\WINDOWS\system32\ivdmetdj.dll
2007-11-06 13:46:29 81472 --a------ C:\WINDOWS\system32\rmwymfyo.dll
2007-11-06 13:44:08 145984 --a------ C:\WINDOWS\system32\jsvihicy.dll
2007-11-06 13:43:39 145984 --a------ C:\WINDOWS\system32\feutyvev.dll
2007-11-06 13:43:26 436970 ---hs---- C:\WINDOWS\system32\uttss.bak2
2007-11-06 01:42:05 6465 ---hs---- C:\WINDOWS\system32\uttss.bak1
2007-11-06 01:41:07 319584 --a------ C:\WINDOWS\system32\ssttu.dll
2007-11-06 01:39:59 36352 --a------ C:\WINDOWS\system32\gebcbcd.dll
2007-11-06 01:36:35 35840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-06 01:36:23 35840 --a------ C:\WINDOWS\mrofinu572.exe
2007-11-06 01:36:09 0 d-------- C:\WINDOWS\system32\r2
2007-11-06 01:36:09 0 d-------- C:\WINDOWS\system32\g2
2007-11-06 01:36:09 0 d-------- C:\WINDOWS\system32\a1
2007-11-06 01:35:57 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-06 01:35:57 0 d-------- C:\Temp
2007-11-06 01:35:56 36352 --a------ C:\WINDOWS\system32\tuvvttu.dll
2007-10-20 11:08:27 0 d-------- C:\Program Files\Easy Upload Tools


-- Find3M Report ---------------------------------------------------------------

2007-11-09 07:20:04 0 d-------- C:\Program Files\Windows Defender
2007-11-09 07:20:01 0 d-------- C:\Program Files\Symantec
2007-11-09 07:12:08 0 d-------- C:\Program Files\iTunes
2007-11-09 07:09:47 0 d-------- C:\Program Files\DIGStream
2007-11-09 07:08:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-09 07:06:01 0 d-------- C:\Program Files\cleardisk
2007-11-09 06:49:05 0 d-------- C:\Documents and Settings\user\Application Data\Symantec
2007-11-08 21:52:53 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-08 20:55:22 0 d-------- C:\Program Files\Steam
2007-11-07 20:20:33 0 d-------- C:\Program Files\Windows NT
2007-10-26 20:23:58 137862 --a------ C:\WINDOWS\hpoins12.dat
2007-08-26 04:01:51 12288 --a------ C:\Documents and Settings\user\Application Data\plugcach.fon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21E0DEBD-AACE-4AE4-8384-3A59BA02EE00}]
2007-11-06 오전 01:41 319584 --a------ C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b5f811a-6edb-4661-b762-4edc3ef0a6cc}]
2007-11-09 오전 01:04 77888 --a------ C:\WINDOWS\system32\ooxnvvsw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-06 오전 01:35 36352 --a------ C:\WINDOWS\system32\tuvvttu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-06 오후 01:44 145984 --a------ C:\WINDOWS\system32\jsvihicy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8323547-FB42-4AB6-B8B6-3899D2CFAD91}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\jsvihicy.dll [2007-11-06 오후 01:44 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 오후 02:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-31 오후 03:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 오후 04:21]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2003-04-20 오후 03:02]
"G2"="C:\Program Files\G2\G2Main.exe" []
"CDInit"="C:\Program Files\cleardisk\CDInit.exe" []
"cds"="C:\Program Files\cleardisk\cds.exe" [2006-03-22 오후 02:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 오전 10:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 오후 06:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 오후 05:30]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 오후 08:52]
"e85427c2"="C:\WINDOWS\system32\qcfjksay.dll" [2007-11-09 오전 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 오전 12:56]
"Steam"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 오후 03:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\tuvvttu.dll [2007-11-06 오전 01:35 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jsvihicy]
jsvihicy.dll 2007-11-06 오후 01:44 145984 C:\WINDOWS\system32\jsvihicy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvttu]
tuvvttu.dll 2007-11-06 오전 01:35 36352 C:\WINDOWS\system32\tuvvttu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- End of Deckard's System Scanner: finished at 2007-11-09 13:31:27 ------------
 

Attachments

·
Registered
Joined
·
2 Posts
Discussion Starter #2
"BUMP"! please i beg u guys to help me. i will listen to anything u guys tell me. pls tell me if any of my steps were mixed up.
 

·
Registered
Joined
·
4,582 Posts
Hi, welcome to TSF!

If you still need help, please post a fresh main.txt
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top