Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware And "spyguard"pro Virus/trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 ProfessorGlass

ProfessorGlass

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 12 January 2008 - 10:36 PM

Every time I load my computer, a box appears containing the following message:

Windows File Protection:
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.


Unfortunately, I do not have the XP Cd-Roms as my computer was shipped with the Operating System preloaded...

Other problems/areas of concern
Internet Explorer has installed itself and opens randomly to various ads...



Below are my Combofix and Hijackthis logs...

Combo fix Log:

ComboFix 08-01-13.1 - Joseph Wun 2007-01-12 19:05:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.358 [GMT -8:00]
Running from: C:\Documents and Settings\Joseph Wun\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Joseph Wun\Application Data\SpyGuardPro
C:\Documents and Settings\Joseph Wun\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\Joseph Wun\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\Joseph Wun\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Joseph Wun\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Joseph Wun\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~1\w?auboot.exe
C:\Program Files\Common Files\SpyGuardPro
C:\Program Files\Common Files\SpyGuardPro\bm.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\mantec~1
C:\Program Files\mantec~1\??mantec\
C:\Program Files\mantec~1\csrss.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.6\wbuninst.exe
C:\Program Files\web buying\v1.8.6\webbuying.exe
C:\Program Files\Windows NT\mepowy4444.dll
C:\Program Files\Windows NT\mepowy83122.dll
C:\SpyGuardPro
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\system32\zycc.dll
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 19:16 . 2008-01-13 19:16 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-13 19:16 . 2008-01-13 19:16 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-13 19:16 . 2008-01-13 19:16 319 --ahs---- C:\WINDOWS\system32\utstv.ini
2008-01-13 19:15 . 2008-01-13 19:15 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-13 19:14 . 2008-01-13 19:14 <DIR> d-------- C:\TEMP\tn3
2008-01-13 19:14 . 2008-01-13 19:15 335,360 --a------ C:\WINDOWS\system32\vtstu.dll
2008-01-13 19:13 . 2008-01-13 19:13 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2007-12-25 01:30 . 2007-12-25 01:30 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-25 01:29 . 2007-12-25 01:29 <DIR> d-------- C:\Program Files\DVDVideoSoft
2007-12-24 15:06 . 2008-01-13 19:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 15:06 . 2007-12-24 15:06 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-24 15:02 . 2007-12-24 15:02 <DIR> d-------- C:\Program Files\iPod
2007-12-24 15:00 . 2008-01-13 19:17 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 14:58 . 2007-12-24 14:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 14:58 . 2007-12-24 14:58 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-24 14:58 . 2007-12-24 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 14:58 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 03:18 --------- d-----w C:\Program Files\Dot1XCfg
2008-01-14 03:17 --------- d-----w C:\Program Files\iTunes
2008-01-14 03:17 --------- d-----w C:\Program Files\DellSupport
2008-01-14 03:16 355,840 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-11 08:20 --------- d-----w C:\Program Files\Precalculus Functions and Graphs
2007-12-31 07:24 --------- d-----w C:\Documents and Settings\Joseph Wun\Application Data\AdobeUM
2007-12-26 00:38 --------- d-----w C:\Program Files\iDump
2007-12-24 22:59 --------- d-----w C:\Program Files\Apple Software Update
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 04:14 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.
<pre>
----a-w			81,920 2008-01-14 03:16:59  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   249,856 2008-01-14 03:16:53  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w		   684,032 2008-01-14 03:16:38  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w		   460,784 2008-01-14 03:17:58  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			61,440 2008-01-14 03:18:05  C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w			49,152 2008-01-14 03:17:24  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   385,024 2008-01-14 03:16:22  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w		   267,048 2008-01-14 03:17:35  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			32,881 2008-01-14 03:16:07  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w		 1,694,208 2008-01-14 03:17:46  C:\Program Files\Messenger\msmsgs .exe
----a-w		   286,720 2008-01-14 03:17:29  C:\Program Files\QuickTime\QTTask .exe
----a-w			26,112 2008-01-14 03:16:47  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   761,947 2008-01-14 03:16:11  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   823,362 2008-01-14 03:14:26  C:\Program Files\Trend Micro\Internet Security 12\PccGuide .exe
----a-w		   176,201 2008-01-14 03:17:37  C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
----a-w			67,584 2008-01-14 03:15:56  C:\WINDOWS\ehome\ehtray .exe
----a-w			77,824 2008-01-14 03:16:03  C:\WINDOWS\system32\hkcmd .exe
----a-w		   114,688 2008-01-14 03:16:05  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2008-01-14 03:15:56  C:\WINDOWS\system32\igfxtray .exe
----a-w		   122,940 2008-01-14 03:17:20  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bad13ae-c3d5-4ecd-9957-e1103b19aaa9}]
2007-01-12 15:27 171520 --a------ C:\WINDOWS\system32\sepuytj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C403F8C7-BD31-4517-9E83-CC1FD71B3D41}]
2008-01-13 19:15 335360 --a------ C:\WINDOWS\system32\vtstu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4576C73-52BD-4401-B966-5A128C4433D4}]
2007-01-12 15:27 39424 --a------ C:\WINDOWS\system32\ddccywv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2008-01-13 19:16 517632]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-13 19:16 2225664]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-13 19:16 867840]
"Uaol"="C:\PROGRA~1\MANTEC~1\csrss.exe" [ ]
"Xrzefm"="C:\Program Files\Common Files\?dobe\w?auboot.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-13 19:16 400384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2007-01-12 15:32 407552]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-12 15:32 434176]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-12 15:32 417792]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-12 15:32 454656]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2007-01-12 15:32 371712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:32 1130496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-01-12 15:32 733184]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 21:19 393216 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset .exe" [2008-01-13 19:16 684032]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-12 15:32 375296]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2008-01-13 19:16 348160]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [2008-01-13 19:16 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-13 19:16 423424]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2007-01-12 15:33 1196544]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2008-01-13 19:16 488448]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-13 19:16 390144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-13 19:17 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-13 19:16 697344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-25 00:16:52]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D4576C73-52BD-4401-B966-5A128C4433D4}"= C:\WINDOWS\system32\ddccywv.dll [2007-01-12 15:27 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccywv]
ddccywv.dll 2007-01-12 15:27 39424 C:\WINDOWS\system32\ddccywv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 14:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtstu.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtstu

R1 updatee;updatee;C:\WINDOWS\system32\drivers\updatee.sys [2007-01-12 15:27]
R2 SDPASVC;SDPAUMS server service;C:\WINDOWS\system32\sdpasvc.exe [2001-08-07 14:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 03:51:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 19:15:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\utstv.ini2 319 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ddccywv.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ddccywv.dll
-> C:\WINDOWS\system32\vtstu.dll
.
Completion time: 2008-01-13 19:22:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 03:22:40
.
2007-01-11 10:29:50 --- E O F ---

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:40 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide .exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\QuickSet\quickset .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW .EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\xrun.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\xpre.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstu.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\MANTEC~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Xrzefm] "C:\Program Files\Common Files\?dobe\w?auboot.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on CD - C:\AHD4WITHTHESAURUS\ahd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Lookup on CD - {CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521} - C:\AHD4WITHTHESAURUS\ahd.htm (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9390 bytes

Edited by ProfessorGlass, 13 January 2008 - 05:05 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:48 PM

Posted 25 January 2008 - 12:39 AM

Hello ProfessorGlass,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:48 PM

Posted 08 February 2008 - 09:22 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users