|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Big problem that I can't seem to solve. Conhook.I
My computer is infected with what Windows Defender calls Conhook.I. A trojan downloader that also uses a BHO (wants me to start gambling online by the look of things). Could somebody please have a look at this? I've tried to get rid of it but even Windows Defender throws up an error message upon trying to remove said Trojan. Heres a hijack this log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:05:09, on 31/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Apache\bin\ApacheMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\explorer.exe C:\Apache\bin\httpd.exe C:\Windows\system32\conime.exe C:\Apache\bin\httpd.exe C:\MySQL\mysql-4.1.22-win32\bin\mysqld.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhorse.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&c...ie&ibd=0070805 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {4B0D465E-FC29-4634-88E7-E31D01518F4D} - C:\Windows\system32\byXNheFw.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {E3D076D7-6BD4-4D39-81B2-09A26EB4C3F4} - C:\Windows\system32\xxyyxWQh.dll (file missing) O2 - BHO: (no name) - {F1079574-5D98-4990-9ECB-36AE259CB2C8} - C:\Windows\system32\opnKdArp.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnKdArp.dll,#1 O4 - HKLM\..\Run: [74fdad2d] rundll32.exe "C:\Windows\system32\kkarmaeg.dll",b O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [BM77ce9eb1] Rundll32.exe "C:\Windows\system32\kkqloapl.dll",s O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 9904 bytes Notice: O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnKdArp.dll,#1 Any help with the removal of this is appreciated. |
#2
|
||||
|
||||
Hello WayneWhitty,
There's more infection showing than just the item you hilighted. Let's get a more detailed look and then start some repairs. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges. Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following: System Restore Temp Cleanup Process Modules Then under Options, place a check next to the following: Backup Registry Hives Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder) You can use extra posts here if needed for that. |
#3
|
||||
|
||||
Main.txt Part 1
Run by myhorse on 2008-08-01 09:52:39
Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 27: 2008-07-31 23:00:09 UTC - RP416 - Scheduled Checkpoint 26: 2008-07-31 09:19:18 UTC - RP415 - Removed SonicStage 25: 2008-07-31 08:56:38 UTC - RP413 - Removed Nokia Connectivity Cable Driver 24: 2008-07-31 08:56:01 UTC - RP412 - Installed AVG Free 8.0 23: 2008-07-31 08:53:33 UTC - RP411 - Removed AVG Free 8.0 -- First Restore Point -- 1: 2008-07-24 08:31:55 UTC - RP378 - Last known good configuration Backed up registry hives. Performed disk cleanup. Total Physical Memory: 1022 MiB (1024 MiB recommended). -- HijackThis (run as myhorse.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:55:31, on 01/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Apache\bin\ApacheMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\MySQL\mysql-4.1.22-win32\bin\mysqld.exe C:\Windows\System32\mobsync.exe C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe C:\Apache\bin\httpd.exe C:\Apache\bin\httpd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\myhorse\Desktop\dss.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\myhorse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhorse.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&c...ie&ibd=0070805 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {4B0D465E-FC29-4634-88E7-E31D01518F4D} - C:\Windows\system32\byXNheFw.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {E3D076D7-6BD4-4D39-81B2-09A26EB4C3F4} - C:\Windows\system32\xxyyxWQh.dll (file missing) O2 - BHO: (no name) - {F1079574-5D98-4990-9ECB-36AE259CB2C8} - C:\Windows\system32\opnKdArp.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe O4 - HKLM\..\Run: [74fdad2d] rundll32.exe "C:\Windows\system32\kkarmaeg.dll",b O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [BM77ce9eb1] Rundll32.exe "C:\Windows\system32\kkqloapl.dll",s O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnKdArp.dll,#1 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 9927 bytes |
#4
|
||||
|
||||
Main.txt Part 2
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080731-102459-356 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnKdArp.dll,#1 backup-20080731-102521-496 O2 - BHO: (no name) - {F1079574-5D98-4990-9ECB-36AE259CB2C8} - C:\Windows\system32\opnKdArp.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AcuWVSSchedulerv5 (Acunetix WVS Scheduler v5) - "c:\program files\acunetix\web vulnerability scanner 5\wvsscheduler.exe" <Not Verified; Acunetix Ltd.; Acunetix Vulnerability Editor> R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2> S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module> S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: Nokia N95 8GB Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N95 8GB PNP Device ID: ROOT\WPD\0000 Service: WUDFRd -- Files created between 2008-07-01 and 2008-08-01 ----------------------------- 2008-07-31 10:04:51 0 d-------- C:\Program Files\Trend Micro 2008-07-31 09:11:19 36352 --a------ C:\Windows\system32\opnKdArp.dll 2008-07-30 17:58:31 36352 --a------ C:\Windows\system32\mlJyxWoL.dll 2008-07-30 17:29:11 0 --a------ C:\Windows\system32\ssqPfcaY.dll 2008-07-30 17:07:50 89600 --a------ C:\Windows\system32\kkqloapl.dll 2008-07-30 17:07:05 388122 --ahs---- C:\Windows\system32\wFehNXyb.ini2 2008-07-29 17:40:55 0 d-------- C:\cygwin 2008-07-28 17:47:36 770048 --a------ C:\Windows\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module> 2008-07-28 17:47:35 532480 --a------ C:\Windows\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module> 2008-07-28 17:47:35 589824 --a------ C:\Windows\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module> 2008-07-28 17:47:35 73728 --a------ C:\Windows\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module> 2008-07-28 17:47:34 655360 --a------ C:\Windows\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module> 2008-07-28 17:40:29 0 d-------- C:\Users\All Users\Sony Corporation 2008-07-28 17:34:44 0 d-a------ C:\Users\All Users\TEMP 2008-07-28 17:34:44 0 d-------- C:\Program Files\Sony 2008-07-28 17:34:42 0 d-------- C:\Windows\system32\Iosubsys 2008-07-28 17:31:25 0 d-------- C:\Program Files\Common Files\Sony Shared 2008-07-24 11:08:54 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-24 10:59:52 345 --ahs---- C:\Windows\system32\tCccfNpo.ini2 2008-07-24 10:07:02 0 d--h----- C:\$AVG8.VAULT$ 2008-07-24 09:35:05 80384 --a------ C:\Windows\system32\kkarmaeg.dll 2008-07-24 09:34:25 91136 --a------ C:\Windows\system32\yahnycba.dll 2008-07-24 09:29:03 392743 --ahs---- C:\Windows\system32\hQWxyyxx.ini2 2008-07-24 09:23:45 0 d-------- C:\Users\All Users\avg8 2008-07-24 09:23:45 0 d-------- C:\Program Files\AVG 2008-07-23 16:11:15 0 d-------- C:\Program Files\0x90.org 2008-07-23 12:09:34 345 --ahs---- C:\Windows\system32\cLkSAJjl.ini2 2008-07-23 12:04:15 36352 --a------ C:\Windows\system32\rqRJCVMd.dll 2008-07-23 09:51:44 0 d-------- C:\Users\myhorse\AcunetixScanner 2008-07-23 09:51:23 0 d-------- C:\Program Files\Acunetix 2008-07-21 09:49:47 0 d-------- C:\Windows\pss 2008-07-21 09:17:39 0 d-------- C:\Users\All Users\Lavasoft 2008-07-17 13:36:43 0 d-------- C:\Program Files\TeamViewer3 2008-07-17 13:36:28 0 d-------- C:\Users\myhorse\temp 2008-07-17 12:47:22 0 d-------- C:\Program Files\UltraVNC 2008-07-17 11:58:42 0 d-------- C:\Program Files\RealVNC 2008-07-17 09:45:26 58904 --a------ C:\Windows\system32\sysfolderazipcnt.dll 2008-07-17 09:45:26 58904 --a------ C:\Windows\system32\azipcontmn.dll 2008-07-17 09:45:23 0 d-------- C:\Program Files\AlphaZIP 2008-07-14 15:24:11 0 d-------- C:\Users\All Users\Nokia 2008-07-14 15:24:09 0 d-------- C:\Program Files\Common Files\Nokia 2008-07-14 15:23:14 0 d-------- C:\Users\All Users\PC Suite 2008-07-14 15:21:45 0 d-------- C:\Program Files\Common Files\PCSuite 2008-07-14 15:14:12 0 d-------- C:\Program Files\PC Connectivity Solution 2008-07-14 15:10:40 90624 --a------ C:\Windows\system32\nmwcdcls.dll <Not Verified; Nokia; > 2008-07-14 15:10:40 0 d-------- C:\Program Files\Nokia -- Find3M Report --------------------------------------------------------------- 2008-08-01 09:50:00 0 d-------- C:\Users\myhorse\AppData\Roaming\Skype 2008-08-01 08:02:55 0 d-------- C:\Users\myhorse\AppData\Roaming\skypePM 2008-07-31 09:18:29 0 d-------- C:\Program Files\PHP Editor 2008-07-31 08:58:41 0 d-------- C:\Program Files\activePDF 2008-07-31 08:56:40 0 d-------- C:\Program Files\Common Files 2008-07-30 11:44:59 0 d-------- C:\Users\myhorse\AppData\Roaming\LimeWire 2008-07-28 17:48:49 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-28 17:31:27 0 d-------- C:\Users\myhorse\AppData\Roaming\Sony Corporation 2008-07-23 10:24:29 0 d-------- C:\Program Files\Common Files\Adobe 2008-07-21 11:00:44 0 d-------- C:\Users\myhorse\AppData\Roaming\Opera 2008-07-17 13:42:39 0 d-------- C:\Users\myhorse\AppData\Roaming\Adobe 2008-07-17 13:36:47 0 d-------- C:\Users\myhorse\AppData\Roaming\TeamViewer 2008-07-17 11:18:25 0 d-------- C:\Users\myhorse\AppData\Roaming\WinRAR 2008-07-14 15:26:01 0 d-------- C:\Users\myhorse\AppData\Roaming\Nokia 2008-07-14 15:23:19 0 d-------- C:\Users\myhorse\AppData\Roaming\PC Suite 2008-07-10 03:09:16 174 --ahs---- C:\Program Files\desktop.ini 2008-07-10 03:00:55 0 d-------- C:\Program Files\Windows Mail 2008-06-26 15:28:09 0 d-------- C:\Program Files\Google 2008-06-25 11:05:13 1160 --a------ C:\Windows\mozver.dat 2008-06-23 16:25:36 0 d-------- C:\Users\myhorse\AppData\Roaming\Macromedia 2008-06-17 14:56:33 0 d-------- C:\Program Files\Macromedia 2008-06-17 14:53:36 0 d-------- C:\Program Files\Common Files\Macromedia 2008-06-17 09:10:06 0 d-------- C:\Program Files\ubcam 2008-06-16 17:53:54 0 d-------- C:\Program Files\Softland 2008-06-16 14:16:19 0 d-------- C:\Program Files\Apache Software Foundation 2008-06-13 15:01:52 4874301 --a------ C:\Windows\system32\php5ts.dll <Not Verified; The PHP Group; PHP Script Interpreter> 2008-06-13 15:01:47 2076672 --a------ C:\Windows\system32\libmysql.dll 2008-06-13 13:03:55 0 --a------ C:\Windows\nsreg.dat 2008-06-13 13:03:49 0 d-------- C:\Users\myhorse\AppData\Roaming\Mozilla 2008-06-13 11:22:04 56 --ah----- C:\Windows\system32\ezsidmv.dat 2008-06-13 10:49:13 0 d-------- C:\Users\myhorse\AppData\Roaming\Google 2008-06-13 10:33:55 0 d-------- C:\Program Files\Skype 2008-06-13 10:33:53 0 d-------- C:\Program Files\Common Files\Skype 2008-06-13 09:25:02 0 d-------- C:\Users\myhorse\AppData\Roaming\SmartFTP 2008-06-13 09:24:35 0 d-------- C:\Program Files\SmartFTP Client 2008-06-13 09:23:29 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-06-13 09:17:20 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0D465E-FC29-4634-88E7-E31D01518F4D}] C:\Windows\system32\byXNheFw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3D076D7-6BD4-4D39-81B2-09A26EB4C3F4}] C:\Windows\system32\xxyyxWQh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1079574-5D98-4990-9ECB-36AE259CB2C8}] 23/07/2008 12:04 36352 --a------ C:\Windows\system32\opnKdArp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 19:50] "RtHDVCpl"="RtHDVCpl.exe" [14/05/2007 10:03 C:\Windows\RtHDVCpl.exe] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/08/2007 12:10] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [20/10/2006 17:23] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 02:12] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 18:58] "74fdad2d"="C:\Windows\system32\kkarmaeg.dll" [24/07/2008 09:35] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [03/10/2006 11:35] "BM77ce9eb1"="C:\Windows\system32\kkqloapl.dll " [30/07/2008 17:07] "MSServer"="C:\Windows\system32\opnKdArp.dll" [23/07/2008 12:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 12:09] "@"="" [] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 15:54] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:34] C:\Users\myhorse\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\ Monitor Apache Servers.lnk - C:\Apache\bin\ApacheMonitor.exe [18/01/2008 00:38:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{F1079574-5D98-4990-9ECB-36AE259CB2C8}"= C:\Windows\system32\opnKdArp.dll [23/07/2008 12:04 36352] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Authentication Packages"= msv1_0 C:\Windows\system32\byXNheFw [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\Windows\pss\Adobe Gamma.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubcam] "C:\Program Files\ubcam\ubcam_gui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-08-01 09:58:24 ------------ |
#5
|
||||
|
||||
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Basic (build 6000) Architecture: X86; Language: English CPU 0: Genuine Intel(R) CPU 2140 @ 1.60GHz Percentage of Memory in Use: 73% Physical Memory (total/avail): 1021.56 MiB / 265.75 MiB Pagefile Memory (total/avail): 2291.24 MiB / 999.89 MiB Virtual Memory (total/avail): 2047.88 MiB / 1921.43 MiB C: is Fixed (NTFS) - 288.03 GiB total, 242.3 GiB free. D: is Fixed (NTFS) - 10 GiB total, 6.86 GiB free. E: is CDROM (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3320620AS ATA Device - 298.09 GiB - 3 partitions \PARTITION0 - Unknown - 62.72 MiB \PARTITION1 - Installable File System - 10 GiB - D: \PARTITION2 (bootable) - Installable File System - 288.03 GiB - C: \\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device \\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device \\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device \\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AS: Spyware Doctor v6.0.0.362 (PC Tools) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\myhorse\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MYHORSE-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\myhorse LOCALAPPDATA=C:\Users\myhorse\AppData\Local LOGONSERVER=\\MYHORSE-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Window s\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f02 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\myhorse\AppData\Local\Temp TMP=C:\Users\myhorse\AppData\Local\Temp USERDOMAIN=myhorse-PC USERNAME=myhorse USERPROFILE=C:\Users\myhorse windir=C:\Windows -- User Profiles --------------------------------------------------------------- myhorse (admin) Office (new local, admin, net ready) -- Add/Remove Programs --------------------------------------------------------- --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} --> msiexec /i {46548E80-0409-0000-7E8A-45000F855001} --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} Acunetix Web Vulnerability Scanner 5.1 --> "C:\Program Files\Acunetix\Web Vulnerability Scanner 5\unins000.exe" Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409 Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activ eX.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Apache HTTP Server 2.2.8 --> MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC} ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9 Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9 Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} doPDF 6.0 printer --> "C:\Program Files\Softland\doPDF 6\unins000.exe" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel(R) PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Intel(R) PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL Microsoft Office 2000 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Nokia Lifeblog 2.5 --> MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500} Nokia NSeries Application Installer --> MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5} Nokia NSeries Content Copier --> MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647} Nokia NSeries Multimedia Player --> MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881} Nokia NSeries One Touch Access --> MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414} Nokia NSeries System Utilities --> MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845} Nokia Software Launcher --> MsiExec.exe /I{B53F4598-B3D9-41DF-911E-523FA91EE464} Nokia Software Updater --> MsiExec.exe /X{20BCD471-7897-481D-ACF2-CB9BABF6A6CF} OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1 \IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL PC Connectivity Solution --> MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE} PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865} SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe ubcam --> C:\Program Files\ubcam\uninstall.exe URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe" Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe YHT 303 PC CAMERA (Vimicro301 Neptune) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 0\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\Setup.exe" -l0x9 -- Application Event Log ------------------------------------------------------- Event Record #/Type21112 / Error Event Submitted/Written: 07/31/2008 10:19:17 AM Event ID/Source: 8194 / VSS Event Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1d2f8eae-ac7f-4c75-979e-cb684e9c4880} Event Record #/Type21092 / Error Event Submitted/Written: 07/31/2008 09:33:58 AM Event ID/Source: 8194 / VSS Event Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1d2f8eae-ac7f-4c75-979e-cb684e9c4880} Event Record #/Type21090 / Error Event Submitted/Written: 07/31/2008 09:16:09 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module kkarmaeg.dll, version 0.0.0.0, time stamp 0x4885a083, exception code 0xc0000005, fault offset 0x0000d729, process id 0x96c, application start time 0xExplorer.EXE0. Event Record #/Type21086 / Error Event Submitted/Written: 07/31/2008 09:11:19 AM Event ID/Source: 5007 / WerSvc Event Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. Event Record #/Type21077 / Success Event Submitted/Written: 07/31/2008 09:10:20 AM Event ID/Source: 5617 / WinMgmt Event Description: -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type84298 / Error Event Submitted/Written: 08/01/2008 09:48:29 AM Event ID/Source: 14365 / WMPNetworkSvc Event Description: 0x80004004-1 Event Record #/Type84296 / Error Event Submitted/Written: 08/01/2008 09:44:16 AM Event ID/Source: 14365 / WMPNetworkSvc Event Description: 0x80004004-1 Event Record #/Type84294 / Warning Event Submitted/Written: 08/01/2008 09:10:19 AM Event ID/Source: 36 / W32Time Event Description: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization. Event Record #/Type84291 / Error Event Submitted/Written: 08/01/2008 01:52:00 AM Event ID/Source: 1008 / WinDefend Event Description: %NT AUTHORITY27 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: %NT AUTHORITY275 Scan ID: {CC613F4C-445F-4CCE-ACD6-C532CEFBC198} Scan Type: %NT AUTHORITY02 User: NT AUTHORITY\NETWORK SERVICE Name: %NT AUTHORITY271 ID: %NT AUTHORITY272 Severity ID: %NT AUTHORITY273 Category ID: %NT AUTHORITY274 Path: %NT AUTHORITY276 Action: 1.1.1505.00 Error Code: 1.1.1505.01 Error description: 1.1.1505.02 Event Record #/Type84289 / Warning Event Submitted/Written: 08/01/2008 01:51:50 AM Event ID/Source: 1006 / WinDefend Event Description: %NT AUTHORITY27 scan has detected spyware or other potentially unwanted software. For more information please see the following: %NT AUTHORITY275 Scan ID: {CC613F4C-445F-4CCE-ACD6-C532CEFBC198} Scan Type: %NT AUTHORITY01 Scan Parameters: %NT AUTHORITY09 User: NT AUTHORITY\NETWORK SERVICE Name: %NT AUTHORITY271 ID: %NT AUTHORITY272 Severity ID: %NT AUTHORITY273 Category ID: %NT AUTHORITY274 Path Found: %NT AUTHORITY276 Detection Type: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-08-01 09:58:24 ------------ |
#6
|
||||
|
||||
Thanks for the help.
|
#7
|
||||
|
||||
A fair amound of infection there, so let's scan some out then do more manual repairs after.
Then To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download Malwarebytes' Anti-Malware from Here or Here. Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ============================ Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following: System Restore Temp Cleanup Process Modules Then under Extra Log, uncheck all the boxes. Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder) Post that along with the Malwarebytes log please. |
#8
|
||||
|
||||
Sorry for the delay guys. Mbam log
Malwarebytes' Anti-Malware 1.24
Database version: 1030 Windows 6.0.6000 09:25:45 07/08/2008 mbam-log-8-7-2008 (09-25-45).txt Scan type: Quick Scan Objects scanned: 37818 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 11 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Windows\System32\kkarmaeg.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\xxyxYsPh.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\ojvfvnvw.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\nNeBtrqp.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f22f719a-d273-446e-80f6-be6b207894af} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{f22f719a-d273-446e-80f6-be6b207894af} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f1079574-5d98-4990-9ecb-36ae259cb2c8} (Trojan.BHO) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{f1079574-5d98-4990-9ecb-36ae259cb2c8} (Trojan.BHO) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\bm77ce9eb1 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{f1079574-5d98-4990-9ecb-36ae259cb2c8} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxysph -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxysph -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\xxyxYsPh.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\hPsYxyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\hPsYxyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\kkarmaeg.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\geamrakk.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\ojvfvnvw.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\nNeBtrqp.dll (Trojan.BHO) -> Delete on reboot. C:\Windows\System32\kkqloapl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\yahnycba.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\rqRJCVMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\mlJyxWoL.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\ssqPfcaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully. |
#9
|
||||
|
||||
main.txt 1 of 2
Deckard's System Scanner v20071014.68
Run by myhorse on 2008-08-07 09:28:33 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 1022 MiB (1024 MiB recommended). -- HijackThis (run as myhorse.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:28:38, on 07/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Apache\bin\ApacheMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\Apache\bin\httpd.exe C:\Apache\bin\httpd.exe C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\cmd.exe C:\Users\myhorse\desktop\dss.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\myhorse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhorse.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&c...ie&ibd=0070805 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {4B0D465E-FC29-4634-88E7-E31D01518F4D} - C:\Windows\system32\byXNheFw.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {E3D076D7-6BD4-4D39-81B2-09A26EB4C3F4} - C:\Windows\system32\xxyyxWQh.dll (file missing) O2 - BHO: (no name) - {F1079574-5D98-4990-9ECB-36AE259CB2C8} - C:\Windows\system32\nNeBtrqp.dll O2 - BHO: (no name) - {F22F719A-D273-446E-80F6-BE6B207894AF} - C:\Windows\system32\xxyxYsPh.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nNeBtrqp.dll,#1 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 10002 bytes |
#10
|
||||
|
||||
2 of 2
-- Files created between 2008-07-07 and 2008-08-07 -----------------------------
2008-08-07 09:09:55 0 d-------- C:\Users\All Users\Malwarebytes 2008-08-07 09:09:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-06 17:21:18 36352 -----n--- C:\Windows\system32\nNeBtrqp.dll 2008-08-06 17:06:11 93184 -----n--- C:\Windows\system32\ojvfvnvw.dll 2008-08-06 17:05:26 246272 -----n--- C:\Windows\system32\xxyxYsPh.dll 2008-08-01 10:35:45 0 d-------- C:\Program Files\Ares 2008-07-31 10:04:51 0 d-------- C:\Program Files\Trend Micro 2008-07-30 17:07:05 388122 --ahs---- C:\Windows\system32\wFehNXyb.ini2 2008-07-29 17:40:55 0 d-------- C:\cygwin 2008-07-28 17:47:36 770048 --a------ C:\Windows\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module> 2008-07-28 17:47:35 532480 --a------ C:\Windows\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module> 2008-07-28 17:47:35 589824 --a------ C:\Windows\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module> 2008-07-28 17:47:35 73728 --a------ C:\Windows\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module> 2008-07-28 17:47:34 655360 --a------ C:\Windows\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module> 2008-07-28 17:40:29 0 d-------- C:\Users\All Users\Sony Corporation 2008-07-28 17:34:44 0 d-a------ C:\Users\All Users\TEMP 2008-07-28 17:34:44 0 d-------- C:\Program Files\Sony 2008-07-28 17:34:42 0 d-------- C:\Windows\system32\Iosubsys 2008-07-28 17:31:25 0 d-------- C:\Program Files\Common Files\Sony Shared 2008-07-24 11:08:54 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-24 10:59:52 345 --ahs---- C:\Windows\system32\tCccfNpo.ini2 2008-07-24 10:07:02 0 d--h----- C:\$AVG8.VAULT$ 2008-07-24 09:35:05 80384 -----n--- C:\Windows\system32\kkarmaeg.dll 2008-07-24 09:29:03 392743 --ahs---- C:\Windows\system32\hQWxyyxx.ini2 2008-07-24 09:23:45 0 d-------- C:\Users\All Users\avg8 2008-07-24 09:23:45 0 d-------- C:\Program Files\AVG 2008-07-23 16:11:15 0 d-------- C:\Program Files\0x90.org 2008-07-23 12:09:34 345 --ahs---- C:\Windows\system32\cLkSAJjl.ini2 2008-07-23 09:51:44 0 d-------- C:\Users\myhorse\AcunetixScanner <ACUNET~1> 2008-07-23 09:51:23 0 d-------- C:\Program Files\Acunetix 2008-07-21 09:49:47 0 d-------- C:\Windows\pss 2008-07-21 09:17:39 0 d-------- C:\Users\All Users\Lavasoft 2008-07-17 13:36:43 0 d-------- C:\Program Files\TeamViewer3 2008-07-17 13:36:28 0 d-------- C:\Users\myhorse\temp 2008-07-17 12:47:22 0 d-------- C:\Program Files\UltraVNC 2008-07-17 11:58:42 0 d-------- C:\Program Files\RealVNC 2008-07-17 09:45:26 58904 --a------ C:\Windows\system32\sysfolderazipcnt.dll 2008-07-17 09:45:26 58904 --a------ C:\Windows\system32\azipcontmn.dll 2008-07-17 09:45:23 0 d-------- C:\Program Files\AlphaZIP 2008-07-14 15:24:11 0 d-------- C:\Users\All Users\Nokia 2008-07-14 15:24:09 0 d-------- C:\Program Files\Common Files\Nokia 2008-07-14 15:23:14 0 d-------- C:\Users\All Users\PC Suite 2008-07-14 15:21:45 0 d-------- C:\Program Files\Common Files\PCSuite 2008-07-14 15:14:12 0 d-------- C:\Program Files\PC Connectivity Solution 2008-07-14 15:10:40 90624 --a------ C:\Windows\system32\nmwcdcls.dll <Not Verified; Nokia; > 2008-07-14 15:10:40 0 d-------- C:\Program Files\Nokia -- Find3M Report --------------------------------------------------------------- 2008-08-07 09:22:24 0 d-------- C:\Users\myhorse\AppData\Roaming\Skype 2008-08-07 09:10:06 0 d-------- C:\Users\myhorse\AppData\Roaming\Malwarebytes 2008-08-07 08:02:35 0 d-------- C:\Users\myhorse\AppData\Roaming\skypePM 2008-07-31 09:18:29 0 d-------- C:\Program Files\PHP Editor 2008-07-31 08:58:41 0 d-------- C:\Program Files\activePDF 2008-07-31 08:56:40 0 d-------- C:\Program Files\Common Files 2008-07-30 11:44:59 0 d-------- C:\Users\myhorse\AppData\Roaming\LimeWire 2008-07-28 17:48:49 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-28 17:31:27 0 d-------- C:\Users\myhorse\AppData\Roaming\Sony Corporation 2008-07-23 10:24:29 0 d-------- C:\Program Files\Common Files\Adobe 2008-07-21 11:00:44 0 d-------- C:\Users\myhorse\AppData\Roaming\Opera 2008-07-17 13:42:39 0 d-------- C:\Users\myhorse\AppData\Roaming\Adobe 2008-07-17 13:36:47 0 d-------- C:\Users\myhorse\AppData\Roaming\TeamViewer 2008-07-17 11:18:25 0 d-------- C:\Users\myhorse\AppData\Roaming\WinRAR 2008-07-14 15:26:01 0 d-------- C:\Users\myhorse\AppData\Roaming\Nokia 2008-07-14 15:23:19 0 d-------- C:\Users\myhorse\AppData\Roaming\PC Suite 2008-07-10 03:09:16 174 --ahs---- C:\Program Files\desktop.ini 2008-07-10 03:00:55 0 d-------- C:\Program Files\Windows Mail 2008-06-26 15:28:09 0 d-------- C:\Program Files\Google 2008-06-25 11:05:13 1160 --a------ C:\Windows\mozver.dat 2008-06-23 16:25:36 0 d-------- C:\Users\myhorse\AppData\Roaming\Macromedia 2008-06-17 14:56:33 0 d-------- C:\Program Files\Macromedia 2008-06-17 14:53:36 0 d-------- C:\Program Files\Common Files\Macromedia 2008-06-17 09:10:06 0 d-------- C:\Program Files\ubcam 2008-06-16 17:53:54 0 d-------- C:\Program Files\Softland 2008-06-16 14:16:19 0 d-------- C:\Program Files\Apache Software Foundation 2008-06-13 15:01:52 4874301 --a------ C:\Windows\system32\php5ts.dll <Not Verified; The PHP Group; PHP Script Interpreter> 2008-06-13 15:01:47 2076672 --a------ C:\Windows\system32\libmysql.dll 2008-06-13 13:03:55 0 --a------ C:\Windows\nsreg.dat 2008-06-13 13:03:49 0 d-------- C:\Users\myhorse\AppData\Roaming\Mozilla 2008-06-13 11:22:04 56 --ah----- C:\Windows\system32\ezsidmv.dat 2008-06-13 10:49:13 0 d-------- C:\Users\myhorse\AppData\Roaming\Google 2008-06-13 10:33:55 0 d-------- C:\Program Files\Skype 2008-06-13 10:33:53 0 d-------- C:\Program Files\Common Files\Skype 2008-06-13 09:25:02 0 d-------- C:\Users\myhorse\AppData\Roaming\SmartFTP 2008-06-13 09:24:35 0 d-------- C:\Program Files\SmartFTP Client 2008-06-13 09:23:29 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-06-13 09:17:20 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0D465E-FC29-4634-88E7-E31D01518F4D}] C:\Windows\system32\byXNheFw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3D076D7-6BD4-4D39-81B2-09A26EB4C3F4}] C:\Windows\system32\xxyyxWQh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1079574-5D98-4990-9ECB-36AE259CB2C8}] 23/07/2008 12:04 36352 --------- C:\Windows\system32\nNeBtrqp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F22F719A-D273-446E-80F6-BE6B207894AF}] 06/08/2008 17:05 246272 --------- C:\Windows\system32\xxyxYsPh.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 19:50] "RtHDVCpl"="RtHDVCpl.exe" [14/05/2007 10:03 C:\Windows\RtHDVCpl.exe] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/08/2007 12:10] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [20/10/2006 17:23] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 02:12] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 18:58] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [03/10/2006 11:35] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [30/07/2008 20:07] "MSServer"="C:\Windows\system32\nNeBtrqp.dll" [23/07/2008 12:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 12:09] "@"="" [] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 15:54] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:34] "ares"="C:\Program Files\Ares\Ares.exe" [20/02/2008 15:33] C:\Users\myhorse\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\ Monitor Apache Servers.lnk - C:\Apache\bin\ApacheMonitor.exe [18/01/2008 00:38:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{F1079574-5D98-4990-9ECB-36AE259CB2C8}"= C:\Windows\system32\nNeBtrqp.dll [23/07/2008 12:04 36352] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Authentication Packages"= msv1_0 C:\Windows\system32\xxyxYsPh [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\Windows\pss\Adobe Gamma.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubcam] "C:\Program Files\ubcam\ubcam_gui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-08-07 09:29:19 ------------ |
#11
|
||||
|
||||
Was a bit of a delay. The results are not quite as thorough as I had anticipated from the Malwarebytes scan. I am assuming you did reboot when prompted, right?
To be sure here, open Malwarebytes again and do an update. * Once the program has loaded, select "Perform Complete Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ============================ Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following: System Restore Temp Cleanup Process Modules Then under Extra Log, uncheck all the boxes except this one: Security Center Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder) Post that along with the Malwarebytes log please. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Please solve this problem for me | Jscottwsy91 | Hardware | 4 | January 28th, 2010 04:23 PM |
Help - A problem nobody can solve | ecswtrav | Internet / Browsers | 4 | August 22nd, 2002 08:48 AM |
A Problem I can never solve :-P | Nightmare | Hardware | 1 | October 16th, 2001 02:01 AM |
All times are GMT +1. The time now is 12:55 PM.