Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo Aka Virtumondo


  • This topic is locked This topic is locked
3 replies to this topic

#1 dmatt36

dmatt36

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 10 May 2008 - 09:38 PM

Thanks in advance~! This kind of thing is not my specialty, so i appreciate anything anyone has to offer for advice. Maybe this is my excuse to get a Mac?
-j

Deckard's System Scanner v20071014.68
Run by Jason on 2008-05-10 11:28:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-10 18:28:06 UTC - RP726 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:47 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {b9f585b4-a3d8-4baa-ac24-39421b016e10} - {01e610b1-2493-42ca-aab4-8d3a4b585f9b} - C:\WINDOWS\system32\xocywakg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A4FD17D7-365F-4575-88A9-FCF314A55159} - C:\WINDOWS\system32\pmnoLcAS.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe35f0cbe] Rundll32.exe "C:\WINDOWS\system32\nvrlnwfl.dll",s
O4 - HKLM\..\Run: [e06c3f22] rundll32.exe "C:\WINDOWS\system32\rpgtkgik.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\Content.IE5\7FMORHHF\YAYPAL~1.SH! C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\Content.IE5\J6DNJ29L\KRIV_1~1.SH! C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\Content.IE5\42UDKM9G\GLAS_1~1.SH! C:\DOCUME~1\Jason\Cookies\JA448C~1.SH! C:\DOCUME~1\Jason\Cookies\JA832E~1.SH! C:\DOCUME~1\Jason\Cookies\JA1EDB~1.SH! C:\DOCUME~1\Jason\Cookies\JA832C~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: nnnoOiiG - nnnoOiiG.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0293291210443873) (0293291210443873mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\029329~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 10400 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 MovRVDrv32 - c:\windows\system32\drivers\movrvdrv32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 MusCDriverV32 - c:\windows\system32\drivers\muscdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 MusCVideo32 - c:\windows\system32\drivers\muscvideo32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 0293291210443873mcinstcleanup (McAfee Application Installer Cleanup (0293291210443873)) - c:\windows\temp\029329~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-16 17:21:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-07-08 20:12:51 106 --a------ C:\WINDOWS\Tasks\UPS System Shutdown Program.job


-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 11:25:03 2112 --a------ C:\WINDOWS\system32\rbmgketn.exe
2008-05-10 11:24:31 0 d-------- C:\WINDOWS\LastGood
2008-05-10 11:22:00 91712 --a------ C:\WINDOWS\system32\rpgtkgik.dll
2008-05-10 11:19:39 102464 --a------ C:\WINDOWS\system32\xocywakg.dll
2008-05-10 11:19:32 100416 --a------ C:\WINDOWS\system32\nvrlnwfl.dll
2008-05-10 11:10:40 0 d-------- C:\Program Files\Trend Micro
2008-05-10 10:18:58 0 d-------- C:\VundoFix Backups
2008-05-07 17:53:46 2112 --a------ C:\WINDOWS\system32\udyjwxlw.exe
2008-05-07 17:51:09 106560 --a------ C:\WINDOWS\system32\lhrmmgmx.dll
2008-05-07 17:51:07 96832 -----n--- C:\WINDOWS\system32\kthmityk.dll
2008-05-06 17:05:53 108608 --a------ C:\WINDOWS\system32\cblcuoqf.dll
2008-05-06 17:02:53 2112 --a------ C:\WINDOWS\system32\suiymeif.exe
2008-05-06 17:01:49 104512 --a------ C:\WINDOWS\system32\lypllopv.dll
2008-05-06 16:56:07 108608 --a------ C:\WINDOWS\system32\mjunbxnn.dll
2008-05-06 16:53:09 2112 --a------ C:\WINDOWS\system32\gflcibwa.exe
2008-05-06 16:50:07 104512 --a------ C:\WINDOWS\system32\lqlsakrh.dll
2008-05-05 18:34:55 1039180 --ahs---- C:\WINDOWS\system32\SAcLonmp.ini2
2008-05-05 18:34:53 280064 --a------ C:\WINDOWS\system32\pmnoLcAS.dll
2008-05-05 18:18:02 3768 --a------ C:\WINDOWS\system32\drivers\MusCVideo32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-05-05 18:18:02 508544 --a------ C:\WINDOWS\system32\drivers\MusCDriverV32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
2008-05-05 18:06:14 508544 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
2008-05-05 18:06:14 3768 --a------ C:\WINDOWS\system32\drivers\MovRVDrv32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-05-05 18:02:51 0 d-------- C:\Documents and Settings\Jason\Application Data\RTPlayer
2008-05-05 18:00:07 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-05 17:59:37 0 d-------- C:\Documents and Settings\Jason\Application Data\Tunebite
2008-05-05 17:58:46 0 d-------- C:\Program Files\RapidSolution
2008-05-05 17:58:46 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-04-16 17:26:24 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-05-10 11:24:30 0 d-------- C:\Program Files\McAfee
2008-05-05 18:03:27 0 d-------- C:\Documents and Settings\Jason\Application Data\Shareaza
2008-04-30 07:19:14 10516 --a------ C:\Documents and Settings\Jason\Application Data\wklnhst.dat
2008-04-29 21:39:20 0 d-------- C:\Program Files\Java
2008-04-29 21:31:42 0 d-------- C:\Program Files\Microsoft Money 2005
2008-04-29 21:31:17 0 d-------- C:\Program Files\Common Files
2008-04-27 23:04:01 0 d-------- C:\Documents and Settings\Jason\Application Data\U3
2008-04-23 22:59:52 0 d-------- C:\Documents and Settings\Jason\Application Data\Canon
2008-04-16 17:37:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-16 17:26:42 0 d-------- C:\Program Files\iTunes
2008-04-16 17:25:07 0 d-------- C:\Program Files\QuickTime
2008-03-14 13:29:54 0 d-------- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01e610b1-2493-42ca-aab4-8d3a4b585f9b}]
05/10/2008 11:19 AM 102464 --a------ C:\WINDOWS\system32\xocywakg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4FD17D7-365F-4575-88A9-FCF314A55159}]
05/05/2008 06:34 PM 280064 --a------ C:\WINDOWS\system32\pmnoLcAS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [04/25/2005 06:50 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 09:20 PM C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 10:52 AM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 02:19 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 06:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"BMe35f0cbe"="C:\WINDOWS\system32\nvrlnwfl.dll" [05/10/2008 11:19 AM]
"e06c3f22"="C:\WINDOWS\system32\rpgtkgik.dll" [05/10/2008 11:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/15/2005 08:44 PM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/07/2004 01:55 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [04/24/2008 01:28 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\Content.IE5\7FMORHHF\YAYPAL~1.SH! C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\Content.IE5\J6DNJ29L\KRIV_1~1.SH! C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\Content.IE5\42UDKM9G\GLAS_1~1.SH! C:\DOCUME~1\Jason\Cookies\JA448C~1.SH! C:\DOCUME~1\Jason\Cookies\JA832E~1.SH! C:\DOCUME~1\Jason\Cookies\JA1EDB~1.SH! C:\DOCUME~1\Jason\Cookies\JA832C~1.SH!

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/7/2005 3:53:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOiiG]
nnnoOiiG.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnoLcAS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f129ef-720a-11dc-8fa6-00123f6f8e64}]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-05-10 11:30:32 ------------

Attached Files


Edited by dmatt36, 10 May 2008 - 09:53 PM.


BC AdBot (Login to Remove)

 


#2 dmatt36

dmatt36
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 10 May 2008 - 10:39 PM

Well, as normal, i got impatient and started reading other people's posts/replies...and figured it out using other's fixes.

It worked~! What worked you ask? Briefly, this is what i did...this guy's post and combo fix. That solved all of my problems. Then i ran Hijack This again, didn't see anything out of the ordinary.

i've attached my logs, if anyone cares. i've been surfing the web for the last 10min...so far so good.

Attached Files


Edited by dmatt36, 10 May 2008 - 10:42 PM.


#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 31 May 2008 - 11:39 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new log in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 09 June 2008 - 07:21 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users