Infection Occurred 07/06

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Infection Occurred 07/06

Options

chipinoh View Member Profile	Jul 10 2008, 04:58 AM Post #1
New Member Group: Members Posts: 3 Joined: 8-July 08 Member No.: 221,293	Note:No extra.txt file was generated by DSS. I used Combofix on... Monday, I think... Thought I had this licked, but I guess not. Weird stuff is still going on... Thanks in advance. KASPERSKY ONLINE SCANNER 7 REPORT Thursday, July 10, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3, v.3311 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, July 10, 2008 01:50:59 Records in database: 932603 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ G:\ Scan statistics Files scanned 174660 Threat name 2 Infected objects 2 Suspicious objects 0 Duration of the scan 06:15:56 File name Threat name Threats count C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1633\A0380296.exe Infected: Trojan.Win32.Vapsup.hwy 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1633\A0380297.dll Infected: Trojan.Win32.Vapsup.hxb 1 The selected area was scanned. Deckard's System Scanner v20071014.68 Run by Super King Daddy on 2008-07-10 05:48:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 10.07 GiB (less than 15%) free. -- HijackThis (run as Super King Daddy.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:48, on 2008-07-10 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\locator.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\ThreatFire\TFTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\Hotsync.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Super King Daddy\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\SUPERK~1.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /Lv C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /Lv C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 9209 bytes -- Files created between 2008-06-10 and 2008-07-10 ----------------------------- 2008-07-09 22:04:14 0 dr-h----- C:\Documents and Settings\Super King Daddy\Recent 2008-07-09 22:03:53 0 dr-h----- C:\Documents and Settings\Dan Rako\Recent 2008-07-09 21:57:48 0 d-------- C:\Program Files\Trend Micro 2008-07-08 21:42:49 68096 --a------ C:\WINDOWS\zip.exe 2008-07-08 21:42:49 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-08 21:42:49 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-08 21:42:49 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-08 21:42:49 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-08 21:42:49 98816 --a------ C:\WINDOWS\sed.exe 2008-07-08 21:42:49 80412 --a------ C:\WINDOWS\grep.exe 2008-07-08 21:42:49 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-08 21:34:19 0 d-------- C:\Documents and Settings\Administrator.DELL.004\Application Data\Macromedia 2008-07-08 21:34:19 0 d-------- C:\Documents and Settings\Administrator.DELL.004\Application Data\Adobe 2008-07-08 21:24:58 0 d-------- C:\Documents and Settings\Administrator.DELL.004\Application Data\Mozilla 2008-07-08 06:00:43 88576 --a------ C:\WINDOWS\system32\amsabhlk.dll 2008-07-07 18:49:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-06 20:57:54 0 d-------- C:\Documents and Settings\Dan Rako\Application Data\TmpRecentIcons 2008-07-06 18:11:47 0 d-------- C:\Documents and Settings\NetworkService\Start Menu 2008-07-06 17:47:21 0 d-------- C:\Program Files\ThreatFire 2008-07-06 17:47:21 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-07-06 17:32:56 89088 --a------ C:\WINDOWS\system32\xmckjspi.dll 2008-07-04 19:40:05 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\Amazon 2008-07-04 19:35:33 0 d-------- C:\Program Files\Amazon 2008-07-04 08:03:35 0 dr-h----- C:\Documents and Settings\Jill Rako\Recent 2008-07-04 08:02:44 0 dr-h----- C:\Documents and Settings\Claire Rako\Recent 2008-07-02 09:19:10 0 dr-h----- C:\Documents and Settings\Morgan Rako\Recent 2008-06-27 09:28:54 0 dr-h----- C:\Documents and Settings\Daniel P Rako II\Recent 2008-06-21 19:39:08 0 d-------- C:\Program Files\Common Files\Pure Networks Shared 2008-06-21 19:38:03 0 d-------- C:\Program Files\Pure Networks 2008-06-21 19:37:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks 2008-06-21 10:17:19 0 d-------- C:\Program Files\Linksys EasyLink Advisor -- Find3M Report --------------------------------------------------------------- 2008-07-10 05:46:12 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-08 22:41:49 0 d-------- C:\Program Files\Symantec 2008-07-08 22:02:07 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\WinPatrol 2008-07-07 18:50:51 0 d-------- C:\Program Files\Lavasoft 2008-07-07 18:49:03 0 d-------- C:\Program Files\Common Files 2008-07-02 09:20:42 0 d-------- C:\Program Files\Norton 360 2008-06-26 11:13:48 0 d-------- C:\Program Files\PTSII_iNet 2008-06-24 14:07:23 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-23 18:42:04 0 d-------- C:\Program Files\QuickTime 2008-06-22 01:17:32 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\Symantec 2008-06-20 18:50:20 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\Mozilla 2008-06-18 21:05:10 0 d--h----- C:\Documents and Settings\Super King Daddy\Application Data\Gtek 2008-06-18 21:02:18 0 d-------- C:\Program Files\Documents To Go 2008-06-08 13:33:10 11791 --a----c- C:\WINDOWS\mozver.dat 2008-06-07 16:36:40 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\EFSoftware 2008-06-07 16:20:44 0 d-------- C:\Program Files\EF Duplicate MP3 Finder 2008-06-07 16:12:16 0 d-------- C:\Program Files\CCleaner 2008-06-07 14:40:14 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\Adobe 2008-06-07 14:22:00 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\Macromedia 2008-06-07 12:17:35 0 d-------- C:\Documents and Settings\Super King Daddy\Application Data\HotSync 2008-06-07 11:36:36 0 d-------- C:\Program Files\iTunes 2008-06-07 11:36:18 0 d-------- C:\Program Files\iPod 2008-06-07 11:35:50 0 d-------- C:\Program Files\Bonjour 2008-06-06 19:04:16 0 d-------- C:\Program Files\iTunes Library Updater 2008-05-25 18:50:48 0 d-------- C:\Program Files\Quicken 2008-05-25 18:47:21 0 d-------- C:\Program Files\Palm 2008-05-25 18:47:17 0 d-------- C:\Program Files\LandWare 2008-05-20 18:14:23 0 d-------- C:\Program Files\Microsoft Silverlight -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2008-06-30 13:44 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-03-12 20:14 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 13:44 349552] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 12:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 15:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32] "QuickTime Task"="C:\PROGRAM FILES\QUICKTIME\QTTASK.exe" [2008-05-27 10:50] "ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 16:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 14:59] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /Lv C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress C:\Documents and Settings\Super King Daddy\Start Menu\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) "ClearRecentDocsOnExit"=01 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2008-07-10 05:49:27 ------------

kahdah View Member Profile	Aug 2 2008, 03:54 PM Post #2
Forum Addict Group: HJT Team Posts: 1,219 Joined: 27-October 06 From: somewhere Member No.: 92,376	Hello chipinoh Welcome to BleepingComputer ======================== If you are still in need of assistance please post a new dss log. -------------------- If I have helped you then please consider donating to continue the fight against malware

kahdah View Member Profile	Aug 16 2008, 08:37 AM Post #3
Forum Addict Group: HJT Team Posts: 1,219 Joined: 27-October 06 From: somewhere Member No.: 92,376	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- If I have helped you then please consider donating to continue the fight against malware

« Next Oldest · HijackThis Logs and Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 7th September 2008 - 06:37 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides