Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I Still Have Have Junk On My Computer?


  • Please log in to reply
1 reply to this topic

#1 happydude

happydude

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 03 May 2008 - 12:54 AM

SuperAntiSpyware and trojan hunter have removed numerous items from my infected computer and was wondering if you could tell me if anything else may be lingering.
At one point I had Virtumonde and win32.netbooster

I thank you all for your help and suggestions!


Deckard's System Scanner v20071014.68

Run by joe r. dung on 2008-05-02 23:26:39

Computer is in Normal Mode.

--------------------------------------------------------------------------------







-- HijackThis Clone ------------------------------------------------------------





Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-05-02 23:26:47

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

C:\Program Files\McAfee\VirusScan\Mcshield.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ThreatFire\TFService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\alg.exe

C:\Program Files\McAfee\VirusScan\mcsysmon.exe

C:\Program Files\McAfee\MSC\mcupdmgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\TrojanHunter 4.6\THGuard.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\WINDOWS\NOTEPAD.EXE

C:\Documents and Settings\cathy moe\Desktop\dss.exe

C:\Documents and Settings\cathy moe\Desktop\HiJackThis_v2.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\byXNebXO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: AutorunsDisabled

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: https://online.musicmatch.com (HKLM)

O15 - Trusted Zone: *.msn.com (HKCU)

O15 - Trusted Zone: *.passport.net (HKCU)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: byXNebXO - C:\WINDOWS\system32\byXNebXO.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe





--

End of file - 12382 bytes



-- Files created between 2008-04-02 and 2008-05-02 -----------------------------



2008-05-02 22:17:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-05-02 21:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-05-02 21:34:48 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-05-02 21:34:48 0 d-------- C:\Documents and Settings\cathy moe\Application Data\SUPERAntiSpyware.com

2008-05-02 21:34:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-02 21:28:15 0 d-------- C:\Documents and Settings\cathy moe\Application Data\TrojanHunter

2008-05-02 21:09:24 0 d-------- C:\Program Files\TrojanHunter 4.6

2008-05-02 19:51:55 0 d-------- C:\Program Files\SpywareBlaster

2008-05-02 19:50:54 0 d-------- C:\Documents and Settings\cathy moe\Application Data\Webroot

2008-05-02 19:46:28 0 d-------- C:\john2

2008-05-02 19:18:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu

2008-05-02 19:03:55 0 d-------- C:\WINDOWS\ERUNT

2008-05-02 19:00:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-02 18:59:49 0 d-------- C:\Program Files\ThreatFire

2008-05-02 18:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools

2008-05-02 18:59:16 0 d-------- C:\john

2008-05-01 20:34:00 0 d-------- C:\Documents and Settings\cathy moe\Application Data\TmpRecentIcons

2008-05-01 19:36:23 96320 --a------ C:\WINDOWS\system32\lptkkhdr.dll

2008-05-01 19:35:17 7794 --ahs---- C:\WINDOWS\system32\jSCcdfii.ini2

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\winsystem.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\userconfig9x.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\vbsys2.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\thun32.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\thun.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\temp#01.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\taack.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\taack.dat

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\sysreq.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\ssvchost.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\ssvchost.com

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\ssurf022.dll

2008-05-01 19:27:05 0 d-------- C:\WINDOWS\system32\smp

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\Rundl1.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\regm64.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\regc64.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\ps1.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\newsd32.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\netode.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\mwin32.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\mtr2.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\mssecu.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\msnbho.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\msgp.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\medup020.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\medup012.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\hoproxy.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\emesx.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\bdn.com

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\awtoolb.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\anticipator.dll

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\system32\akttzn.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\mssecu.exe

2008-05-01 19:27:05 0 d-------- C:\WINDOWS\mslagent

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\FVProtect.exe

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\bdn.com

2008-05-01 19:27:05 4096 --a------ C:\WINDOWS\a.bat

2008-05-01 19:27:05 0 d-------- C:\Program Files\Inet Delivery

2008-05-01 19:26:58 0 d-------- C:\Documents and Settings\All Users\Application Data\itifslqv

2008-05-01 19:26:56 37376 --a------ C:\WINDOWS\system32\hgGyabAS.dll

2008-05-01 19:26:24 37376 --a------ C:\WINDOWS\system32\byXNebXO.dll

2008-05-01 19:25:50 102400 --a------ C:\WINDOWS\xbaqktfv.exe

2008-05-01 19:25:50 94208 --a------ C:\WINDOWS\spwoqbmv.exe

2008-05-01 19:25:50 307200 --a------ C:\WINDOWS\qadovnel.dll

2008-05-01 19:25:50 311296 --a------ C:\WINDOWS\bdkpfxqw.dll





-- Find3M Report ---------------------------------------------------------------



2008-05-02 21:34:34 0 d-------- C:\Program Files\Common Files

2008-05-01 18:59:24 0 d-------- C:\Documents and Settings\cathy moe\Application Data\MSN6

2008-04-19 12:28:58 0 d-------- C:\Documents and Settings\cathy moe\Application Data\HP

2008-04-13 17:34:52 0 d-------- C:\Documents and Settings\cathy moe\Application Data\HPAppData

2008-03-30 20:55:19 147606 --a------ C:\WINDOWS\hpoins21.dat

2008-03-30 20:44:07 0 d-------- C:\Program Files\HP

2008-03-30 20:42:39 0 d-------- C:\Program Files\Common Files\HP

2008-03-30 20:42:24 0 d-------- C:\Program Files\Hewlett-Packard

2008-03-30 20:42:10 0 d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-03-12 21:38:41 0 d-------- C:\Program Files\LimeWire

2008-03-08 08:19:53 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-08 08:19:43 0 d-------- C:\Program Files\Windows Live

2008-03-07 22:20:50 0 d-------- C:\Program Files\iTunes

2008-03-07 22:18:17 0 d-------- C:\Program Files\McAfee

2008-03-07 22:16:22 0 d-------- C:\Program Files\iPod

2008-03-07 22:15:03 0 d-------- C:\Program Files\Bonjour

2008-03-07 22:14:55 0 d-------- C:\Program Files\QuickTime

2008-03-07 22:13:28 0 d-------- C:\Program Files\Apple Software Update

2008-03-07 22:13:08 0 d-------- C:\Program Files\Common Files\Apple

2008-03-06 16:50:31 0 d-------- C:\Documents and Settings\cathy moe\Application Data\Walgreens

2008-02-27 22:42:06 5120 --a------ C:\Documents and Settings\cathy moe\Application Data\dvd.bmk





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]

03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}]

05/01/2008 07:26 PM 37376 --a------ C:\WINDOWS\system32\byXNebXO.dll



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 07:39 AM]

"SigmatelSysTrayApp"="stsystra.exe" [07/24/2006 09:20 AM C:\WINDOWS\stsystra.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 06:15 AM]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 02:12 AM]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 04:20 AM]

"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/13/2003 10:36 PM]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]

"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [12/20/2007 11:13 AM]

"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [06/14/2007 04:08 PM]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/16/2006 08:29 PM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/2005 11:05 AM]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 07:52 AM]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/22/2006 6:01:49 PM]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\WINDOWS\system32\byXNebXO.dll [05/01/2008 07:26 PM 37376]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXNebXO]

byXNebXO.dll 05/01/2008 07:26 PM 37376 C:\WINDOWS\system32\byXNebXO.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifdcCSj



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt hpqcxs08 hpqddsvc





[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe









-- End of Deckard's System Scanner: finished at 2008-05-02 23:27:16 ------------

Edited by happydude, 03 May 2008 - 08:32 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:49 PM

Posted 04 May 2008 - 09:44 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
If you could please remove the double space format before you post the next log. It's difficult to read that way.


Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users