Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log, Can Someone Help?


  • Please log in to reply
1 reply to this topic

#1 dawn_37

dawn_37

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 09 May 2008 - 07:54 AM

Deckard's System Scanner v20071014.68
Run by Dawn on 2008-05-09 13:43:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis (run as Dawn.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:45, on 09/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dawn\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dawn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUplden-gb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - - C:\Windows\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8029 bytes

-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 13:42:00 0 d-------- C:\Program Files\Trend Micro
2008-05-09 12:47:10 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-09 12:13:46 0 d-------- C:\Program Files\XoftSpySE
2008-05-09 12:06:05 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-09 12:05:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-08 19:02:10 0 d-------- C:\Program Files\Spyware Doctor
2008-05-08 12:17:43 0 d-------- C:\Users\All Users\ArcSoft
2008-05-08 12:16:08 0 d-------- C:\Program Files\ArcSoft
2008-05-08 12:16:06 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-08 12:12:07 0 d-------- C:\Windows\LastGood.Tmp
2008-05-08 12:11:39 217 --a------ C:\Windows\system32\AF15IRTBL.bin
2008-05-08 12:11:39 28672 --a------ C:\Windows\system32\AF15BDAEX.dll <Not Verified; afa; afa AF15BDAEX>
2008-05-08 12:04:45 0 d-------- C:\Users\All Users\NVIDIA
2008-05-03 09:32:51 0 d-------- C:\DVDVideoSoft
2008-05-03 09:31:49 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-05-03 09:31:40 0 d-------- C:\Program Files\DVDVideoSoft
2008-05-02 17:45:00 0 d-------- C:\Users\Dawn\Karaoke
2008-04-30 13:58:35 0 d-------- C:\Program Files\Common Files\cdrdao
2008-04-28 14:27:49 0 d-------- C:\Users\All Users\Pets Fun House
2008-04-28 14:27:05 0 d-------- C:\PetsFunHouse
2008-04-28 14:26:12 0 d-------- C:\Windows\Pets Fun House
2008-04-28 14:26:12 0 d-------- C:\Program Files\Pets Fun House
2008-04-28 13:53:17 0 d-------- C:\Program Files\Lavasoft
2008-04-25 17:47:37 0 d-------- C:\Users\All Users\GoBit Games
2008-04-25 17:16:58 0 d-------- C:\Program Files\McDonaldsDragons
2008-04-25 17:16:36 0 d--hs---- C:\Windows\ftpcache
2008-04-24 13:11:20 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-04-23 13:31:57 0 d-------- C:\Windows\Mystery Cookbook
2008-04-23 13:31:57 0 d-------- C:\Program Files\Mystery Cookbook
2008-04-23 13:05:59 0 d-------- C:\Program Files\PowerISO
2008-04-18 12:29:27 0 d-------- C:\Program Files\iTunes
2008-04-18 12:27:10 0 d-------- C:\Program Files\Common Files\Apple
2008-04-18 12:12:46 0 d-------- C:\Users\All Users\Apple
2008-04-17 11:45:15 0 d-------- C:\Garmin
2008-04-15 14:08:21 0 d-------- C:\Users\All Users\Oberon Games
2008-04-14 15:45:51 0 d-------- C:\Users\All Users\3 Blokes Studios
2008-04-14 15:45:30 0 d-------- C:\Users\All Users\Magical Forest
2008-04-13 18:29:57 0 d-------- C:\Users\All Users\vsosdk
2008-04-13 17:29:02 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-13 17:29:02 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-13 17:29:02 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-13 17:29:02 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-13 17:29:01 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-13 17:28:59 0 d-------- C:\Program Files\VSO
2008-04-13 16:18:26 0 d-------- C:\Users\All Users\Canopus
2008-04-13 16:15:48 0 d-------- C:\Users\All Users\Apple Computer
2008-04-13 15:59:28 188482 -ra------ C:\Windows\system32\helixprodctrl.dll <Not Verified; RealNetworks, Inc.; Helix Producer ActiveX Control>
2008-04-13 15:59:03 22528 --a------ C:\Windows\system32\csthread.dll <Not Verified; Canopus Corporation; Canopus Thread Manager>
2008-04-13 15:59:03 1089625 --a------ C:\Windows\system32\csedvh.dll <Not Verified; Canopus Co., Ltd.; Canopus Software Engine>
2008-04-13 15:59:03 385108 --a------ C:\Windows\system32\csedv.dll <Not Verified; Canopus Co., Ltd.; Canopus Software Engine>
2008-04-13 15:59:03 32256 --a------ C:\Windows\system32\cdvccodc.dll <Not Verified; Canopus Co., Ltd.; Canopus DV Product>
2008-04-13 15:59:03 0 d-------- C:\Program Files\Common Files\Canopus Shared
2008-04-13 15:59:02 376832 --a------ C:\Windows\system32\hlcdvc.dll <Not Verified; Canopus Co., Ltd.; Canopus Software Engine>
2008-04-13 15:59:02 147456 --a------ C:\Windows\system32\csccdvcx.dll <Not Verified; Canopus Co., Ltd.; Canopus Software Engine>
2008-04-13 15:59:02 159832 --a------ C:\Windows\system32\csccdvc.dll <Not Verified; Canopus Co., Ltd.; Canopus Software Engine>
2008-04-13 15:59:00 0 d-------- C:\Program Files\Canopus
2008-04-13 15:58:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 15:57:55 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-13 15:51:09 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-04-13 15:51:08 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-13 15:51:08 0 d-------- C:\Program Files\Xvid
2008-04-13 15:36:46 0 d-------- C:\Users\All Users\SlySoft
2008-04-13 15:32:57 0 d-------- C:\Users\All Users\Elaborate Bytes
2008-04-13 15:30:20 0 d-------- C:\Program Files\SlySoft
2008-04-13 15:22:44 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-13 14:58:48 0 d-------- C:\Program Files\Blaze Media Pro
2008-04-13 14:57:44 0 d-------- C:\Users\All Users\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-04-10 12:59:22 0 d-------- C:\Users\All Users\HipSoft
2008-04-10 12:59:05 0 d-------- C:\Windows\Build-a-lot 2 - Town of the Year
2008-04-10 12:59:05 0 d-------- C:\Program Files\Build-a-lot 2 - Town of the Year


-- Find3M Report ---------------------------------------------------------------

2008-05-09 13:43:56 0 d-------- C:\Users\Dawn\AppData\Roaming\Azureus
2008-05-09 12:05:12 0 d-------- C:\Users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
2008-05-09 12:04:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 21:11:02 0 d-------- C:\Program Files\Lx_cats
2008-05-08 12:20:48 0 d-------- C:\Users\Dawn\AppData\Roaming\ArcSoft
2008-05-08 12:16:06 0 d-------- C:\Program Files\Common Files
2008-05-06 22:04:04 0 d-------- C:\Users\Dawn\AppData\Roaming\Vso
2008-05-06 22:04:01 12171648 --a------ C:\Users\Dawn\AppData\Roaming\vso_ts_preview.xml
2008-05-02 17:07:32 0 d-------- C:\Users\Dawn\AppData\Roaming\EleFun Games
2008-04-30 13:58:40 0 d-------- C:\Users\Dawn\AppData\Roaming\Doblon
2008-04-23 13:32:09 0 d-------- C:\Users\Dawn\AppData\Roaming\Gaijin Ent
2008-04-21 09:38:46 0 d-------- C:\Users\Dawn\AppData\Roaming\iWin
2008-04-18 12:31:14 0 d-------- C:\Users\Dawn\AppData\Roaming\Apple Computer
2008-04-18 12:12:46 0 d-------- C:\Program Files\Apple Software Update
2008-04-17 10:32:43 0 d-------- C:\Program Files\Azureus
2008-04-15 12:43:02 0 d-------- C:\Program Files\In Living Colors
2008-04-13 17:30:12 34 --a------ C:\Users\Dawn\AppData\Roaming\pcouffin.log
2008-04-13 17:29:11 7887 --a------ C:\Users\Dawn\AppData\Roaming\pcouffin.cat
2008-04-13 16:16:15 0 d-------- C:\Program Files\QuickTime
2008-04-13 16:02:51 0 d-------- C:\Users\Dawn\AppData\Roaming\Canopus
2008-04-13 15:45:22 0 d-------- C:\Users\Dawn\AppData\Roaming\Ahead
2008-04-12 10:31:38 0 d-------- C:\Program Files\uTorrent
2008-04-11 18:49:05 0 d-------- C:\Program Files\Buyertools Reminder
2008-04-11 14:20:59 0 d-------- C:\Users\Dawn\AppData\Roaming\LimeWire
2008-04-09 03:18:51 0 d-------- C:\Program Files\Windows Mail
2008-04-08 14:56:03 0 d-------- C:\Users\Dawn\AppData\Roaming\SprillBermudeEng
2008-04-08 12:42:21 0 d-------- C:\Program Files\MediaMonkey
2008-04-08 11:54:45 0 d-------- C:\Program Files\Diskeeper Corporation
2008-04-07 16:38:25 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-06 16:37:20 0 d-------- C:\Program Files\Rainbow Web 2
2008-04-06 16:29:58 0 d-------- C:\Program Files\Cooking Academy
2008-03-28 16:30:38 0 d-------- C:\Program Files\Megastore Madness
2008-03-27 14:44:42 0 d-------- C:\Program Files\Balloon Bliss
2008-03-27 14:37:23 0 d-------- C:\Users\Dawn\AppData\Roaming\VisualShape
2008-03-26 17:58:02 0 d-------- C:\Program Files\Electronic Arts
2008-03-25 14:15:51 0 d-------- C:\Users\Dawn\AppData\Roaming\DAEMON Tools
2008-03-24 22:56:30 0 d-------- C:\Users\Dawn\AppData\Roaming\Adobe
2008-03-24 22:55:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 21:26:21 0 d-------- C:\Program Files\Java
2008-03-20 22:13:14 0 d-------- C:\Users\Dawn\AppData\Roaming\IMVU
2008-03-19 15:24:38 0 d-------- C:\Program Files\LimeWire
2008-03-19 15:19:47 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 14:04:27 0 d-------- C:\Program Files\MSXML 4.0
2008-03-18 04:31:38 174 --ahs---- C:\Program Files\desktop.ini
2008-03-18 04:26:38 0 d-------- C:\Program Files\Windows Defender
2008-03-18 04:26:28 0 d-------- C:\Program Files\Windows Sidebar
2008-03-18 04:09:46 0 d-------- C:\Program Files\Windows Live
2008-03-17 20:15:18 0 d-------- C:\Program Files\Yahoo!
2008-03-17 19:38:32 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-17 19:36:08 0 d-------- C:\Program Files\Nero
2008-03-17 14:37:23 0 d-------- C:\Program Files\real
2008-03-17 14:29:41 0 d-------- C:\Program Files\AVG
2008-03-17 14:24:40 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-17 14:24:36 0 d-------- C:\Program Files\KaraokeDX
2008-03-17 14:24:34 0 d-------- C:\Program Files\Driver-Soft
2008-03-17 14:24:33 0 d-------- C:\Program Files\Doblon
2008-03-17 14:24:27 0 d-------- C:\Program Files\DART Karaoke Studio CDG
2008-03-17 14:24:18 0 d-------- C:\Program Files\CyberLink
2008-03-17 14:22:04 0 d-------- C:\Program Files\RAXCO
2008-03-17 14:21:14 0 d-------- C:\Users\Dawn\AppData\Roaming\WinRAR
2008-03-17 14:19:42 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-03-17 14:14:37 0 d-------- C:\Program Files\Microsoft Works
2008-03-17 14:14:21 0 d-------- C:\Program Files\MSBuild
2008-03-17 14:13:15 0 d-------- C:\Program Files\Microsoft.NET
2008-03-17 14:10:45 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-17 13:52:19 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-17 13:51:22 0 d-------- C:\Users\Dawn\AppData\Roaming\TuneUp Software
2008-03-17 13:44:57 0 d-------- C:\Users\Dawn\AppData\Roaming\Google
2008-03-17 13:32:31 0 d-------- C:\Program Files\Google
2008-03-17 13:11:30 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-17 13:09:43 0 d-------- C:\Users\Dawn\AppData\Roaming\Macromedia
2008-03-17 13:07:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-17 12:59:10 0 d-------- C:\Program Files\Lexmark 4300 Series
2008-03-17 12:46:13 0 d-------- C:\Program Files\Windows Calendar
2008-03-17 12:02:09 0 d-------- C:\Program Files\Games
2008-03-17 11:59:07 0 d-------- C:\Program Files\Escape the Museum - HoneyB[SeCtIoN8]
2008-03-17 11:58:52 0 d-------- C:\Program Files\AVG Anti-Virus 8 Pro + key
2008-03-17 11:53:12 0 d-------- C:\Users\Dawn\AppData\Roaming\Identities
2008-03-12 03:28:53 0 d-------- C:\Program Files\Christmasville
2008-03-11 10:23:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 19:21:34 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-03-03 15:25:38 5702 --ah----- C:\Windows\nod32restoretemdono.reg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [22/02/2007 06:17]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20/02/2008 12:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/03/2008 04:15]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/11/2007 20:00]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/11/2007 20:00]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/11/2007 20:00]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [17/04/2008 14:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18/03/2008 04:06]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [17/03/2008 13:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/05/2008 16:24]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [08/05/2008 12:16:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74093105-f44f-11dc-97ce-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be26e470-fa95-11dc-bb1d-001617e3dffe}]
AutoRun\command- G:\Autorun.exe

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-09 13:44:17 ------------




Event Record #/Type72364 / Success
Event Submitted/Written: 05/08/2008 09:09:41 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20240 / Warning
Event Submitted/Written: 05/09/2008 01:29:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20239 / Warning
Event Submitted/Written: 05/09/2008 00:15:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20236 / Warning
Event Submitted/Written: 05/09/2008 11:23:52 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20235 / Warning
Event Submitted/Written: 05/09/2008 10:35:48 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20234 / Warning
Event Submitted/Written: 05/09/2008 10:26:45 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-09 13:40:29 ------------

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:29 AM

Posted 27 May 2008 - 02:04 PM

Hello dawn_37 and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users