Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Trying To Remove The Viruses On My Computer, And This Is My Latest Hijackthis Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 themadavenger

themadavenger

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 29 December 2007 - 09:56 AM

Deckard's System Scanner v20071014.68
Run by Felizadio on 2007-12-29 22:52:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 239 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-29 22:53:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSTpscre\Tpscrex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Felizadio\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\poke idle.exe
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\awvtt.dll,c
O4 - HKCU\..\Run: [DDC] C:\DOCUME~1\FELIZA~1\LOCALS~1\Temp\yxpatybx.exe
O4 - HKCU\..\Run: [e4ba6add] rundll32.exe "C:\DOCUME~1\FELIZA~1\LOCALS~1\Temp\vmtksdjg.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [for junk] C:\DOCUME~1\FELIZA~1\APPLIC~1\SLOWEX~1\MPEGHTM.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://122.3.10.146/Remote/msrdp.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Galvan\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe


--
End of file - 7304 bytes

-- Files created between 2007-11-29 and 2007-12-29 -----------------------------

2007-12-29 09:26:14 0 d-------- C:\log
2007-12-28 21:35:46 0 d-------- C:\WINDOWS\ERUNT
2007-12-28 20:12:33 229489 --a------ C:\WINDOWS\Funny UST Scandal.exe
2007-12-28 13:10:45 0 d-------- C:\Program Files\PrevxCSI
2007-12-28 13:03:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-28 13:02:36 0 d-------- C:\Documents and Settings\Felizadio\Application Data\PrevxCSI
2007-12-28 10:55:54 0 d--hs---- C:\WINDOWS\UgQe
2007-12-26 07:58:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-25 20:15:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
2007-12-25 20:14:33 0 d-------- C:\Program Files\SLOW EXTRA 01
2007-12-25 20:14:32 0 d-------- C:\Documents and Settings\Felizadio\Application Data\SLOW EXTRA 01
2007-12-25 20:13:17 0 d-------- C:\Program Files\BitDownload
2007-12-24 09:33:24 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-12-24 09:33:23 0 d-------- C:\Documents and Settings\Felizadio\Application Data\FloodLightGames
2007-12-24 09:32:41 0 d-------- C:\Program Files\Death On The Nile
2007-12-23 14:46:23 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Hewlett-Packard
2007-12-18 14:35:02 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
2007-12-18 14:34:56 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2007-12-18 14:34:48 22528 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
2007-12-18 14:34:48 31170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2007-12-18 14:34:46 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Regrun
2007-12-18 14:34:46 0 d-------- C:\backreg
2007-12-18 14:34:21 16384 --a------ C:\WINDOWS\WinBait.exe
2007-12-18 14:34:21 441856 --a------ C:\WINDOWS\RunGuard.exe <Not Verified; Greatis Software; RegRun Security Suite>
2007-12-18 14:34:16 0 d-------- C:\Program Files\Greatis
2007-12-17 18:09:04 14513802 --a------ C:\WINDOWS\system32\MyOfficeSim.scr
2007-12-17 18:08:41 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2007-12-16 19:13:26 0 d-------- C:\Program Files\IntelligentAdvisor
2007-12-16 19:13:11 0 d-------- C:\Program Files\PlayMP3z
2007-12-15 08:59:45 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Home Sweet Home
2007-12-14 17:52:00 0 d-------- C:\Documents and Settings\Felizadio\Shared
2007-12-14 17:51:57 0 d-------- C:\Documents and Settings\Felizadio\Incomplete
2007-12-14 17:51:40 0 d-------- C:\Documents and Settings\Felizadio\Application Data\LimeWire
2007-12-12 17:44:40 40 --a------ C:\WINDOWS\RSoftInfo.dat
2007-12-11 11:09:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-12-11 10:16:51 582 --a------ C:\WINDOWS\wwwconfig.dat
2007-12-11 09:11:00 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Legends of pirates
2007-12-10 16:52:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-12-10 16:15:27 0 d-------- C:\Documents and Settings\Felizadio\Saved Games
2007-12-10 16:15:27 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Flood Light Games
2007-12-10 16:15:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-12-07 21:12:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-01 11:42:15 0 d-------- C:\Program Files\LimeWire
2007-11-30 14:05:02 0 d-------- C:\Documents and Settings\Felizadio\Application Data\MysteryStudio


-- Find3M Report ---------------------------------------------------------------

2007-12-28 14:32:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-28 12:59:39 142 --a------ C:\Documents and Settings\Felizadio\Application Data\Messenger.rbee_yssa.1198817979187hinhem.scr
2007-12-27 17:05:35 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Yahoo!
2007-12-25 10:25:48 0 d-------- C:\Documents and Settings\Felizadio\Application Data\PlayFirst
2007-12-23 13:26:24 0 d-------- C:\Program Files\MSTpscre
2007-12-02 06:53:46 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-28 17:40:47 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Gamelab
2007-11-28 16:59:47 291 --a------ C:\WINDOWS\bbbconfig.dat
2007-11-26 20:32:16 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Adobe
2007-11-26 16:21:45 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Macromedia
2007-11-26 15:18:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-11-26 15:16:50 0 d-------- C:\Documents and Settings\Felizadio\Application Data\Jane s Hotel
2007-11-26 15:09:38 0 d-------- C:\Program Files\ReflexiveArcade
2007-11-11 10:11:05 0 d-------- C:\Documents and Settings\Felizadio\Application Data\SUPERAntiSpyware.com
2007-11-11 08:20:32 0 d-------- C:\Program Files\Common Files
2007-11-11 08:20:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-10 14:42:17 102047 --ahs---- C:\WINDOWS\system32\ttvwa.bak2
2007-11-09 20:26:02 153440 --ahs---- C:\WINDOWS\system32\ttvwa.ini2
2007-11-04 20:01:13 0 d-------- C:\Documents and Settings\Felizadio\Application Data\WinRAR
2007-11-02 13:37:00 0 d-------- C:\Documents and Settings\Felizadio\Application Data\GameHouse
2007-11-02 09:13:27 85056 --a------ C:\WINDOWS\system32\uwkcfabh.dll
2007-11-01 07:03:29 85568 --a------ C:\WINDOWS\system32\bwfhnadk.dll
2007-10-28 10:30:26 6470 --ahs---- C:\WINDOWS\system32\ttvwa.bak1
2007-10-07 20:56:42 62 --ahs---- C:\Documents and Settings\Felizadio\Application Data\desktop.ini
2007-10-07 14:55:57 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-10-07 13:34:45 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-07 13:08:44 0 -rahs---- C:\MSDOS.SYS
2007-10-07 13:08:44 0 -rahs---- C:\IO.SYS
2007-10-07 13:08:44 0 --a------ C:\CONFIG.SYS
2007-10-07 13:08:44 0 --a------ C:\AUTOEXEC.BAT
2007-10-07 13:04:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
12/12/2007 05:27 AM 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/16/2003 10:50 PM C:\WINDOWS\SOUNDMAN.EXE]
"Tpscrex"="C:\Program Files\MSTpscre\Tpscrex.exe" [12/23/2007 01:29 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/07/2007 01:51 PM]
"stupid creative poll axis"="C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\poke idle.exe" [12/29/2007 07:28 PM]
"PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/07/2007 01:51 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"cmds"="C:\WINDOWS\system32\awvtt.dll,c" []
"DDC"="C:\DOCUME~1\FELIZA~1\LOCALS~1\Temp\yxpatybx.exe" []
"e4ba6add"="C:\DOCUME~1\FELIZA~1\LOCALS~1\Temp\vmtksdjg.dll,b" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"for junk"="C:\DOCUME~1\FELIZA~1\APPLIC~1\SLOWEX~1\MPEGHTM.exe" [12/25/2007 08:14 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Galvan^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Galvan\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Galvan^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Galvan\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4ba6add]
rundll32.exe "C:\WINDOWS\system32\uvjixfyq.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46b756f1-81c6-11dc-8313-000ea69ed882}]
Autoplay\Command- G:\xmss.exe
AutoRun\command- G:\xmss.exe
Explore\Command- G:\xmss.exe
Open\Command- G:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46ee2821-770f-11dc-82f4-000ea69ed882}]
Autoplay\Command- G:\xmss.exe
AutoRun\command- G:\xmss.exe
Explore\Command- G:\xmss.exe
Open\Command- G:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c146aa-b41f-11dc-83be-000ea69ed882}]
AutoRun\command- G:\SCVHSOT.exe
Open\command- G:\SCVHSOT.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c146ab-b41f-11dc-83be-000ea69ed882}]
0pen\command- G:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe




-- End of Deckard's System Scanner: finished at 2007-12-29 22:53:53 ------------

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:07:47 AM

Posted 13 January 2008 - 07:41 PM

Hello themadavenger,

Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please follow these steps:

If you still have dss on the desktop, click start > Run, copy&paste this line into the empty runbox:

"%userprofile%/desktop/dss.exe" /config

Press OK.
You will see DSS Configuration window, click on Check All then click Scan!, when the scanning is done, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you don't have HijackThis installed on your computer, dss will prompt you to download and install it for you, please allow this to happen ! If dss doesn't ask to download and install HijackThis then follow these steps:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Close it for now because we will not use it since dss reports will provide the information that is needed so we can proceed.
Regards,
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:07:47 AM

Posted 21 January 2008 - 06:00 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users