Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Alert's In Taskbar... Smitfraud?


  • Please log in to reply
8 replies to this topic

#1 taxed

taxed

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 19 May 2008 - 11:08 PM

Recently a yellow traingular icon has appeared in my taskbar with the "Your computer may be infected" or "your computer is working slowly" messege etc.. when clicked it redirects me to about:security and its obvious its some bogus malware or something... I ran smitfraudFIX two times in safe mode and no results.. Ive ran ad-aware, spybot, and avg anti-virus in safe mode again with no results.. spybot detects "smitfraud" when it scans but when suposedly "fixed" it still reappears. Below is my DDR/HIJACK this log... any ideas would be much appreciated...

Deckard's System Scanner v20071014.68
Run by Grayson on 2008-05-19 21:59:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-05-20 00:11:15 UTC - RP242 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1015 MiB (1024 MiB recommended).


-- HijackThis (run as Grayson.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:44 PM, on 5/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\xwusuhzh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Users\Grayson\AppData\Roaming\Microsoft\dtsc\9591.exe
C:\Program Files\TRENDware\TEW444UB\ACU.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Grayson\Desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Grayson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\xwusuhzh.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {D296E9AC-498C-4833-B095-445223D6EC3D} - C:\Windows\system32\jkkIBSMd.dll
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqRICvU.dll,#1
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Grayson\AppData\Roaming\Microsoft\dtsc\9591.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: 802.11g Wireless Client Utility.lnk = C:\Program Files\TRENDware\TEW444UB\WLACU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Unknown owner - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7981 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mapledxp - c:\windows\system32\drivers\mapledxp.sys <Not Verified; Jeff Hurchalla and Marble Sound; MarbleSound Maple Midi XP Driver SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 iPAHelper.exe - c:\program files\ipod access for windows\ipahelper.exe

S2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
S2 ADVService (Amazon Unbox Video Service) - "c:\program files\amazon\amazon unbox video\advwindowsclientservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 21:52:50 0 d-------- C:\Program Files\Trend Micro
2008-05-19 21:48:52 14848 --a------ C:\Windows\mssys.exe
2008-05-19 21:47:34 45056 --a------ C:\Windows\system32\ssqRICvU.dll
2008-05-19 21:46:50 0 -rahs---- C:\MSDOS.SYS
2008-05-19 21:46:50 0 -rahs---- C:\IO.SYS
2008-05-19 21:44:52 22784 --a------ C:\Windows\y.exe
2008-05-19 21:44:51 9216 --a------ C:\Windows\xplugin.dll
2008-05-19 21:44:51 8960 --a------ C:\Windows\x.exe
2008-05-19 21:44:51 11776 --a------ C:\Windows\winmgnt.exe
2008-05-19 21:44:50 22272 --a------ C:\Windows\window.exe
2008-05-19 21:44:50 32512 --a------ C:\Windows\winajbm.dll
2008-05-19 21:44:50 13824 --a------ C:\Windows\win64.exe
2008-05-19 21:44:49 17664 --a------ C:\Windows\win32e.exe
2008-05-19 21:44:49 27392 --a------ C:\Windows\waol.exe
2008-05-19 21:44:48 16384 --a------ C:\Windows\users32.exe
2008-05-19 21:44:48 21248 --a------ C:\Windows\time.exe
2008-05-19 21:44:48 24832 --a------ C:\Windows\systemcritical.exe
2008-05-19 21:44:47 18432 --a------ C:\Windows\systeem.exe
2008-05-19 21:44:47 30208 --a------ C:\Windows\olehelp.exe
2008-05-19 21:44:47 26624 --a------ C:\Windows\notepad32.exe
2008-05-19 21:44:46 21248 --a------ C:\Windows\mtwirl32.dll
2008-05-19 21:44:46 28416 --a------ C:\Windows\loader.exe
2008-05-19 21:44:45 31232 --a------ C:\Windows\iexplorer.exe
2008-05-19 21:44:45 19712 --a------ C:\Windows\cpan.dll
2008-05-19 21:44:44 15360 --a------ C:\Windows\clrssn.exe
2008-05-19 21:44:44 26880 --a------ C:\Windows\avpcc.dll
2008-05-19 21:44:43 26112 --a------ C:\Windows\accesss.exe
2008-05-19 21:43:34 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-05-19 21:43:34 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-19 21:43:34 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-19 21:43:34 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-19 21:43:34 51200 --a------ C:\Windows\system32\dumphive.exe
2008-05-19 21:43:34 82944 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-19 21:43:33 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-19 21:43:33 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-19 21:42:43 26624 --a------ C:\Windows\msupdate.exe
2008-05-19 21:42:42 18944 --a------ C:\Windows\iedll.exe
2008-05-19 19:56:17 0 d-------- C:\Program Files\CCleaner
2008-05-19 19:25:47 283274 --a------ C:\Pass2.cmd
2008-05-19 19:24:26 3300 --a------ C:\Windows\system32\tmp.reg
2008-05-19 18:51:45 29696 --a------ C:\Windows\svcinit.exe
2008-05-19 18:51:44 25856 --a------ C:\Windows\svchost32.exe
2008-05-19 18:51:44 14080 --a------ C:\Windows\sistem.exe
2008-05-19 18:51:44 9216 --a------ C:\Windows\searchword.dll
2008-05-19 18:51:44 12032 --a------ C:\Windows\rundll16.exe
2008-05-19 18:51:44 27648 --a------ C:\Windows\quicken.exe
2008-05-19 18:51:43 13568 --a------ C:\Windows\qttasks.exe
2008-05-19 18:51:43 32000 --a------ C:\Windows\mswsc20.dll
2008-05-19 18:51:42 11776 --a------ C:\Windows\mswsc10.dll
2008-05-19 18:51:42 27648 --a------ C:\Windows\msspi.dll
2008-05-19 18:51:42 17408 --a------ C:\Windows\msconfd.dll
2008-05-19 18:51:41 19968 --a------ C:\Windows\internet.exe
2008-05-19 18:51:41 17664 --a------ C:\Windows\inetinf.exe
2008-05-19 18:51:40 14336 --a------ C:\Windows\helpcvs.exe
2008-05-19 18:51:40 22528 --a------ C:\Windows\gfmnaaa.dll
2008-05-19 18:51:40 22784 --a------ C:\Windows\funny.exe
2008-05-19 18:51:40 19456 --a------ C:\Windows\funniest.exe
2008-05-19 18:51:39 31488 --a------ C:\Windows\explorer32.exe
2008-05-19 18:51:39 20480 --a------ C:\Windows\explore.exe
2008-05-19 18:51:39 27648 --a------ C:\Windows\editpad.exe
2008-05-19 18:51:38 9216 --a------ C:\Windows\dnsrelay.dll
2008-05-19 18:51:38 24576 --a------ C:\Windows\directx32.exe
2008-05-19 18:51:38 27392 --a------ C:\Windows\ctrlpan.dll
2008-05-19 18:51:38 12288 --a------ C:\Windows\ctfmon32.exe
2008-05-19 18:13:17 93248 --a------ C:\Windows\system32\ijibetgs.dll
2008-05-19 18:07:05 17676 --ahs---- C:\Windows\system32\dMSBIkkj.ini2
2008-05-19 18:06:53 276992 --a------ C:\Windows\system32\jkkIBSMd.dll
2008-05-19 18:03:44 0 d-------- C:\Program Files\uTorrent
2008-05-19 18:03:15 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-05-19 18:01:49 57344 --a------ C:\Windows\system32\vtUnnkjh.dll
2008-05-19 18:01:37 57344 --a------ C:\Windows\system32\opnmLday.dll
2008-05-19 18:01:33 45056 --a------ C:\Windows\system32\ddcYpoNf.dll
2008-05-18 18:51:55 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-16 18:51:53 87513 --a------ C:\Windows\system32\xwusuhzh.exe <Not Verified; Microsoft; XML Media>


-- Find3M Report ---------------------------------------------------------------

2008-05-19 21:57:55 0 d-------- C:\Users\Grayson\AppData\Roaming\uTorrent
2008-05-19 21:57:30 0 d-------- C:\Users\Grayson\AppData\Roaming\DNA
2008-05-19 21:43:53 35 --a------ C:\Users\Grayson\AppData\Roaming\SetValue.bat
2008-05-19 21:43:53 691 --a------ C:\Users\Grayson\AppData\Roaming\GetValue.vbs
2008-05-19 21:11:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 21:11:08 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-05-19 21:08:53 0 d-------- C:\Program Files\AbiSuite2
2008-05-19 19:30:03 0 d-------- C:\Users\Grayson\AppData\Roaming\OpenOffice.org2
2008-05-19 19:18:30 0 d-------- C:\Users\Grayson\AppData\Roaming\BitTorrent
2008-05-19 18:00:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-18 18:51:04 0 d-------- C:\Program Files\Java
2008-05-17 13:21:54 0 d-------- C:\Program Files\World of Warcraft
2008-05-14 03:01:34 0 d-------- C:\Program Files\Windows Mail
2008-05-03 22:44:20 0 d-------- C:\Users\Grayson\AppData\Roaming\dvdcss
2008-04-19 02:49:33 0 d-------- C:\Program Files\Soulseek
2008-04-18 00:54:59 0 d-------- C:\Program Files\Common Files\Real
2008-04-18 00:54:55 0 d-------- C:\Program Files\Common Files
2008-04-18 00:54:41 0 d-------- C:\Users\Grayson\AppData\Roaming\Real
2008-04-18 00:53:44 0 d-------- C:\Users\Grayson\AppData\Roaming\MP3Rocket
2008-04-03 16:49:17 0 d-------- C:\Users\Grayson\AppData\Roaming\Adobe
2008-04-03 16:47:40 1518 --a------ C:\Windows\mozver.dat
2008-03-30 20:55:18 259 --a------ C:\Users\Grayson\AppData\Roaming\iPod Access v4 Prefs
2008-03-20 15:50:29 0 d-------- C:\Users\Grayson\AppData\Roaming\Ventrilo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D296E9AC-498C-4833-B095-445223D6EC3D}]
05/19/2008 06:06 PM 276992 --a------ C:\Windows\system32\jkkIBSMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/03/2007 01:58 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 05:59 AM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 02:13 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 03:42 PM]
"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 08:54 PM]
"MSServer"="C:\Windows\system32\ssqRICvU.dll" [05/19/2008 06:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [06/01/2007 02:40 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 01:26 PM]
"Citrus Alarm Clock"="C:\Program Files\Citrus Alarm Clock\citrusac.exe" [10/21/2001 11:50 PM]
"Microsoft Windows Installer"="C:\Users\Grayson\AppData\Roaming\Microsoft\dtsc\9591.exe" [05/17/2008 07:18 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
802.11g Wireless Client Utility.lnk - C:\Program Files\TRENDware\TEW444UB\WLACU.exe [10/27/2007 10:04:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7BF35B6F-822C-4030-B347-B68760697E2F}"= C:\Windows\system32\ssqRICvU.dll [05/19/2008 06:01 PM 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\xwusuhzh.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\jkkIBSMd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a91c82-929a-11dc-bb82-0014d1c1faff}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2d445f9-91ab-11dc-8a4e-0014d1c1faff}]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-19 22:02:39 ------------

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 22 May 2008 - 02:24 PM

taxed

That is a very nasty infection you have there, and it has infected some critical areas of your PC.
I am not telling you this to scare you, but to fore-warn you that there is a possiblity that you may have to reload the operating system.
I will make every effort to clean the PC to avoid this, but there is no guarantee.

So before we begin I am going to suggest that you back up any important files and documents to a USB storage device or to disk before we begin.

When you are ready to begin let me know.
Posted Image
Microsoft MVP - Windows Security

#3 taxed

taxed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 25 May 2008 - 09:04 PM

well, i ran a couple more removal programs in safe mode.. cleared out a couple program files from software i didnt want or didnt know i hade, and the smitfraud icon or the taskbar icon that first showed up has dissapeared. i dont want to start this if i may not have too. want me to post another log or something that may help you know if its still there or possibly gone?

thanks for the help

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 26 May 2008 - 08:27 AM

taxed

Post another DSS log (Deckard System Scanner) and let's see how you did
Posted Image
Microsoft MVP - Windows Security

#5 taxed

taxed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 26 May 2008 - 01:14 PM

Aight, here is the new scan... cross my fingers =D

Deckard's System Scanner v20071014.68
Run by Grayson on 2008-05-26 12:12:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1015 MiB (1024 MiB recommended).


-- HijackThis (run as Grayson.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:25 PM, on 5/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\TRENDware\TEW444UB\ACU.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Users\Grayson\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Grayson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: 802.11g Wireless Client Utility.lnk = C:\Program Files\TRENDware\TEW444UB\WLACU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Unknown owner - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5560 bytes

-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-19 23:48:03 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-19 23:48:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 21:52:50 0 d-------- C:\Program Files\Trend Micro
2008-05-19 21:46:50 0 -rahs---- C:\MSDOS.SYS
2008-05-19 21:46:50 0 -rahs---- C:\IO.SYS
2008-05-19 21:44:51 9216 --a------ C:\Windows\xplugin.dll
2008-05-19 21:44:51 8960 --a------ C:\Windows\x.exe
2008-05-19 21:44:45 31232 --a------ C:\Windows\iexplorer.exe
2008-05-19 21:44:45 19712 --a------ C:\Windows\cpan.dll
2008-05-19 21:43:34 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-05-19 21:43:34 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-19 21:43:34 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-19 21:43:34 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-19 21:43:34 51200 --a------ C:\Windows\system32\dumphive.exe
2008-05-19 21:43:34 82944 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-19 21:43:33 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-19 21:43:33 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-19 19:56:17 0 d-------- C:\Program Files\CCleaner
2008-05-19 19:25:47 283274 --a------ C:\Pass2.cmd
2008-05-19 19:24:26 3300 --a------ C:\Windows\system32\tmp.reg
2008-05-19 18:51:45 29696 --a------ C:\Windows\svcinit.exe
2008-05-19 18:51:44 25856 --a------ C:\Windows\svchost32.exe
2008-05-19 18:51:44 14080 --a------ C:\Windows\sistem.exe
2008-05-19 18:51:44 9216 --a------ C:\Windows\searchword.dll
2008-05-19 18:51:44 12032 --a------ C:\Windows\rundll16.exe
2008-05-19 18:51:44 27648 --a------ C:\Windows\quicken.exe
2008-05-19 18:51:43 13568 --a------ C:\Windows\qttasks.exe
2008-05-19 18:51:43 32000 --a------ C:\Windows\mswsc20.dll
2008-05-19 18:51:42 11776 --a------ C:\Windows\mswsc10.dll
2008-05-19 18:51:42 27648 --a------ C:\Windows\msspi.dll
2008-05-19 18:51:42 17408 --a------ C:\Windows\msconfd.dll
2008-05-19 18:51:41 19968 --a------ C:\Windows\internet.exe
2008-05-19 18:51:41 17664 --a------ C:\Windows\inetinf.exe
2008-05-19 18:51:40 14336 --a------ C:\Windows\helpcvs.exe
2008-05-19 18:51:40 22528 --a------ C:\Windows\gfmnaaa.dll
2008-05-19 18:51:40 22784 --a------ C:\Windows\funny.exe
2008-05-19 18:51:40 19456 --a------ C:\Windows\funniest.exe
2008-05-19 18:51:39 31488 --a------ C:\Windows\explorer32.exe
2008-05-19 18:51:39 20480 --a------ C:\Windows\explore.exe
2008-05-19 18:51:39 27648 --a------ C:\Windows\editpad.exe
2008-05-19 18:51:38 9216 --a------ C:\Windows\dnsrelay.dll
2008-05-19 18:51:38 24576 --a------ C:\Windows\directx32.exe
2008-05-19 18:51:38 27392 --a------ C:\Windows\ctrlpan.dll
2008-05-19 18:51:38 12288 --a------ C:\Windows\ctfmon32.exe
2008-05-19 18:03:44 0 d-------- C:\Program Files\uTorrent
2008-05-19 18:03:15 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-05-19 18:01:49 57344 --a------ C:\Windows\system32\vtUnnkjh.dll
2008-05-18 18:51:55 0 d-------- C:\Program Files\OpenOffice.org 2.4


-- Find3M Report ---------------------------------------------------------------

2008-05-26 12:08:06 0 d-------- C:\Users\Grayson\AppData\Roaming\DNA
2008-05-26 10:50:12 0 d-------- C:\Users\Grayson\AppData\Roaming\BitTorrent
2008-05-20 12:12:21 0 d-------- C:\Users\Grayson\AppData\Roaming\uTorrent
2008-05-19 23:49:20 0 d-------- C:\Users\Grayson\AppData\Roaming\Malwarebytes
2008-05-19 21:43:53 35 --a------ C:\Users\Grayson\AppData\Roaming\SetValue.bat
2008-05-19 21:43:53 691 --a------ C:\Users\Grayson\AppData\Roaming\GetValue.vbs
2008-05-19 21:11:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 21:11:08 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-05-19 21:08:53 0 d-------- C:\Program Files\AbiSuite2
2008-05-19 19:30:03 0 d-------- C:\Users\Grayson\AppData\Roaming\OpenOffice.org2
2008-05-19 18:00:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-18 18:51:04 0 d-------- C:\Program Files\Java
2008-05-17 13:21:54 0 d-------- C:\Program Files\World of Warcraft
2008-05-14 03:01:34 0 d-------- C:\Program Files\Windows Mail
2008-05-03 22:44:20 0 d-------- C:\Users\Grayson\AppData\Roaming\dvdcss
2008-04-19 02:49:33 0 d-------- C:\Program Files\Soulseek
2008-04-18 00:54:59 0 d-------- C:\Program Files\Common Files\Real
2008-04-18 00:54:55 0 d-------- C:\Program Files\Common Files
2008-04-18 00:54:41 0 d-------- C:\Users\Grayson\AppData\Roaming\Real
2008-04-18 00:53:44 0 d-------- C:\Users\Grayson\AppData\Roaming\MP3Rocket
2008-04-03 16:49:17 0 d-------- C:\Users\Grayson\AppData\Roaming\Adobe
2008-04-03 16:47:40 1518 --a------ C:\Windows\mozver.dat
2008-03-30 20:55:18 259 --a------ C:\Users\Grayson\AppData\Roaming\iPod Access v4 Prefs


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/03/2007 01:58 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 05:59 AM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 02:13 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 03:42 PM]
"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 08:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [06/01/2007 02:40 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 01:26 PM]
"Citrus Alarm Clock"="C:\Program Files\Citrus Alarm Clock\citrusac.exe" [10/21/2001 11:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
802.11g Wireless Client Utility.lnk - C:\Program Files\TRENDware\TEW444UB\WLACU.exe [10/27/2007 10:04:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a91c82-929a-11dc-bb82-0014d1c1faff}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2d445f9-91ab-11dc-8a4e-0014d1c1faff}]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-26 12:12:53 ------------

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 26 May 2008 - 01:41 PM

taxed

Looks better. You actually made some good progress. But we still need to clean up a few things.

1. Please download the Killbox.1)Save it to the desktop
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select "Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Windows\xplugin.dll
C:\Windows\x.exe
C:\Windows\iexplorer.exe
C:\Windows\cpan.dll
C:\Windows\svcinit.exe
C:\Windows\svchost32.exe
C:\Windows\sistem.exe
C:\Windows\searchword.dll
C:\Windows\rundll16.exe
C:\Windows\quicken.exe
C:\Windows\qttasks.exe
C:\Windows\mswsc20.dll
C:\Windows\mswsc10.dll
C:\Windows\msspi.dll
C:\Windows\msconfd.dll
C:\Windows\internet.exe
C:\Windows\inetinf.exe
C:\Windows\helpcvs.exe
C:\Windows\gfmnaaa.dll
C:\Windows\funny.exe
C:\Windows\funniest.exe
C:\Windows\explorer32.exe
C:\Windows\explore.exe
C:\Windows\editpad.exe
C:\Windows\dnsrelay.dll
C:\Windows\directx32.exe
C:\Windows\ctrlpan.dll
C:\Windows\ctfmon32.exe
C:\Windows\system32\vtUnnkjh.dll


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
7) Click the red-and-white "Delete File" button.  Click "Yes" at the Delete on Reboot prompt.
[/list]2. Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
Posted Image
Microsoft MVP - Windows Security

#7 taxed

taxed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 26 May 2008 - 10:37 PM

Ok, ran killbox as requested... how we looking =)

Deckard's System Scanner v20071014.68
Run by Grayson on 2008-05-26 21:30:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1015 MiB (1024 MiB recommended).


-- HijackThis (run as Grayson.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:43 PM, on 5/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\TRENDware\TEW444UB\ACU.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Grayson\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Grayson.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: 802.11g Wireless Client Utility.lnk = C:\Program Files\TRENDware\TEW444UB\WLACU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Unknown owner - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6164 bytes

-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 21:16:18 91700 --a------ C:\Windows\system32\drivers\klin.dat
2008-05-26 21:16:18 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-05-26 21:13:34 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-26 21:13:34 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-26 21:13:30 1919264 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-05-26 20:39:50 0 d-------- C:\!KillBox
2008-05-19 23:48:03 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-19 23:48:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 21:52:50 0 d-------- C:\Program Files\Trend Micro
2008-05-19 21:46:50 0 -rahs---- C:\MSDOS.SYS
2008-05-19 21:46:50 0 -rahs---- C:\IO.SYS
2008-05-19 21:43:34 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-05-19 21:43:34 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-19 21:43:34 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-19 21:43:34 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-19 21:43:34 51200 --a------ C:\Windows\system32\dumphive.exe
2008-05-19 21:43:34 82944 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-19 21:43:33 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-19 21:43:33 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-19 19:56:17 0 d-------- C:\Program Files\CCleaner
2008-05-19 19:25:47 283274 --a------ C:\Pass2.cmd
2008-05-19 19:24:26 3300 --a------ C:\Windows\system32\tmp.reg
2008-05-19 18:03:44 0 d-------- C:\Program Files\uTorrent
2008-05-19 18:03:15 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-05-18 18:51:55 0 d-------- C:\Program Files\OpenOffice.org 2.4


-- Find3M Report ---------------------------------------------------------------

2008-05-26 21:19:55 0 d-------- C:\Users\Grayson\AppData\Roaming\DNA
2008-05-26 21:19:53 0 d-------- C:\Users\Grayson\AppData\Roaming\BitTorrent
2008-05-20 12:12:21 0 d-------- C:\Users\Grayson\AppData\Roaming\uTorrent
2008-05-19 23:49:20 0 d-------- C:\Users\Grayson\AppData\Roaming\Malwarebytes
2008-05-19 21:43:53 35 --a------ C:\Users\Grayson\AppData\Roaming\SetValue.bat
2008-05-19 21:43:53 691 --a------ C:\Users\Grayson\AppData\Roaming\GetValue.vbs
2008-05-19 21:11:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 21:11:08 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-05-19 21:08:53 0 d-------- C:\Program Files\AbiSuite2
2008-05-19 19:30:03 0 d-------- C:\Users\Grayson\AppData\Roaming\OpenOffice.org2
2008-05-19 18:00:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-18 18:51:04 0 d-------- C:\Program Files\Java
2008-05-17 13:21:54 0 d-------- C:\Program Files\World of Warcraft
2008-05-14 03:01:34 0 d-------- C:\Program Files\Windows Mail
2008-05-03 22:44:20 0 d-------- C:\Users\Grayson\AppData\Roaming\dvdcss
2008-04-19 02:49:33 0 d-------- C:\Program Files\Soulseek
2008-04-18 00:54:59 0 d-------- C:\Program Files\Common Files\Real
2008-04-18 00:54:55 0 d-------- C:\Program Files\Common Files
2008-04-18 00:54:41 0 d-------- C:\Users\Grayson\AppData\Roaming\Real
2008-04-18 00:53:44 0 d-------- C:\Users\Grayson\AppData\Roaming\MP3Rocket
2008-04-03 16:49:17 0 d-------- C:\Users\Grayson\AppData\Roaming\Adobe
2008-04-03 16:47:40 1518 --a------ C:\Windows\mozver.dat
2008-03-30 20:55:18 259 --a------ C:\Users\Grayson\AppData\Roaming\iPod Access v4 Prefs


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/03/2007 01:58 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 05:59 AM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 02:13 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 03:42 PM]
"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 08:54 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [06/01/2007 02:40 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 01:26 PM]
"Citrus Alarm Clock"="C:\Program Files\Citrus Alarm Clock\citrusac.exe" [10/21/2001 11:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
802.11g Wireless Client Utility.lnk - C:\Program Files\TRENDware\TEW444UB\WLACU.exe [10/27/2007 10:04:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a91c82-929a-11dc-bb82-0014d1c1faff}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2d445f9-91ab-11dc-8a4e-0014d1c1faff}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - KL1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-26 21:32:08 ------------

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 27 May 2008 - 08:01 AM

taxed

Looks good. How's your PC running now?
Posted Image
Microsoft MVP - Windows Security

#9 taxed

taxed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 27 May 2008 - 12:00 PM

im pretty sure im doing good :thumbsup: thanks a ton for your help. much appreciated!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users