Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Help..


  • Please log in to reply
1 reply to this topic

#1 maiellenmai

maiellenmai

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 23 May 2008 - 01:57 AM

Deckard's System Scanner v20071014.68
Run by Lacandula on 2008-05-23 17:12:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-24 00:12:52 UTC - RP253 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Lacandula.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:21 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\ScannerU\KYESCAN.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lacandula\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lacandula.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU!
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: KYESCAN.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayxxyVo - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

--
End of file - 6986 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080523-170200-156 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080523-170200-387 O2 - BHO: (no name) - {813C43A8-D330-4935-83C0-AF96370CE0DA} - blank (file missing)
backup-20080523-170200-800 O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - blank (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 tffsport (M-Systems DiskOnChip 2000) - c:\windows\system32\drivers\tffsport.sys <Not Verified; M-Systems; TrueFFS ® Port Driver>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys <Not Verified; Siemens Subscriber Networks, Inc.; Speedstream Ethernet USB Adapter>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWCD2 - c:\windows\system32\drivers\hsfhwcd2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S1 mferkdk (VSCore mferkdk) - c:\program files\mcafee\virusscan enterprise\mferkdk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MTD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MTD\0000
Service:

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0001
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0001
Service: tffsport


-- Files created between 2008-04-23 and 2008-05-23 -----------------------------

2008-05-23 16:30:22 0 d-------- C:\Program Files\Trend Micro
2008-05-23 01:42:00 0 d-------- C:\Program Files\Avira
2008-05-23 01:42:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-17 10:23:22 0 d-------- C:\Program Files\Winamp Toolbar
2008-05-17 10:23:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-05-17 10:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-17 10:22:24 0 d-------- C:\Program Files\Winamp Remote
2008-04-29 19:30:23 0 d-------- C:\Program Files\CONEXANT
2008-04-29 19:27:23 90112 -ra------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface>
2008-04-29 19:27:22 32218 -ra------ C:\WINDOWS\system32\HSFCI009.dll <Not Verified; Conexant Systems, Inc.; SoftK56>
2008-04-29 19:27:22 11043 -ra------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
2008-04-29 19:27:22 201728 -ra------ C:\WINDOWS\system32\drivers\HSFHWCD2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2008-04-29 19:27:22 1041536 -ra------ C:\WINDOWS\system32\drivers\HSF_DP.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2008-04-29 19:27:21 682624 -ra------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2008-04-29 19:19:50 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8139 Family Fast Ethernet Adapter>
2008-04-29 14:10:45 58244 --ahs---- C:\WINDOWS\system32\KTDeNXyb.ini2
2008-04-29 13:56:03 0 d--h----- C:\ckis
2008-04-29 11:39:42 0 d-------- C:\Program Files\Voobys
2008-04-29 11:29:47 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-29 08:55:07 0 d-------- C:\Documents and Settings\Lacandula\Application Data\BitTorrent
2008-04-29 08:53:18 0 d-------- C:\Program Files\DNA
2008-04-29 08:53:18 0 d-------- C:\Documents and Settings\Lacandula\Application Data\DNA
2008-04-29 08:53:15 0 d-------- C:\Program Files\BitTorrent
2008-04-29 08:35:35 0 d-------- C:\Program Files\Ares
2008-04-28 05:01:03 28857 -----n--- C:\WINDOWS\system32\drivers\enethusb.sys <Not Verified; Siemens Subscriber Networks, Inc.; Speedstream Ethernet USB Adapter>
2008-04-28 05:00:49 0 d-------- C:\Program Files\Siemens Subscriber Networks
2008-04-28 05:00:48 50934 -----n--- C:\WINDOWS\system32\drivers\vvpciusb.sys <Not Verified; Efficient Networks; Efficient Networks USB/Ethernet ADSL Modem>
2008-04-28 05:00:48 50911 -----n--- C:\WINDOWS\system32\drivers\vvbususb.sys <Not Verified; Virata; Virata ISOS for ATOM family devices>
2008-04-28 05:00:48 15309 -----n--- C:\WINDOWS\system32\drivers\vvbetht.sys <Not Verified; Virata; Virata ISOS for ATOM family devices>
2008-04-28 05:00:47 15332 -----n--- C:\WINDOWS\system32\drivers\vvbeth.sys <Not Verified; Efficient Networks; Efficient Networks USB/Ethernet ADSL Modem>


-- Find3M Report ---------------------------------------------------------------

2008-05-23 12:43:06 0 d-------- C:\Documents and Settings\Lacandula\Application Data\AVG7
2008-05-23 03:46:10 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80651102}.dat
2008-05-23 03:46:10 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-80651102}.dat
2008-05-23 02:04:09 0 d-------- C:\Documents and Settings\Lacandula\Application Data\U3
2008-05-22 20:59:30 114352 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-22 20:59:21 0 d-------- C:\Documents and Settings\Lacandula\Application Data\VersionTracker Pro
2008-05-22 20:19:50 0 d-------- C:\Program Files\mIRC
2008-05-17 10:38:21 0 d-------- C:\Program Files\Winamp
2008-05-12 21:13:18 0 d-------- C:\Program Files\PhotoScape
2008-05-04 07:33:25 0 d-------- C:\Documents and Settings\Lacandula\Application Data\Macromedia
2008-05-04 07:25:08 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-04 07:25:06 0 d-------- C:\Program Files\Macromedia
2008-05-04 07:25:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 13:53:55 0 d-------- C:\Program Files\OpenOffice.org 2.1
2008-04-29 13:50:30 0 d-------- C:\Program Files\Apache Software Foundation
2008-04-29 12:18:34 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-29 07:37:25 0 d-------- C:\Documents and Settings\Lacandula\Application Data\Skype
2008-04-25 22:53:04 16 --a------ C:\WINDOWS\popcinfot.dat
2008-04-25 03:41:51 0 d-------- C:\Documents and Settings\Lacandula\Application Data\Adobe
2008-04-19 07:06:33 0 d-------- C:\Program Files\AVIConverter
2008-04-19 06:58:10 0 d-------- C:\Program Files\MP4Tool
2008-04-19 06:54:25 0 d-------- C:\Program Files\MP3 Player Utilities 4.18
2008-04-19 06:52:21 0 d-------- C:\Program Files\SigmaTel
2008-04-12 10:08:57 0 d-------- C:\Documents and Settings\Lacandula\Application Data\Ahead


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
03/19/2008 03:36 PM 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 01:00 AM]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 02:56 AM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [08/10/2007 07:03 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/28/2003 09:00 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/11/2008 10:47 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/11/2008 03:39 AM]
"ares"="C:\Program Files\Ares\Ares.exe" [02/20/2008 07:33 AM]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [03/31/2008 06:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
KYESCAN.lnk - C:\PROGRA~1\ScannerU\KYESCAN.exe [2/5/2008 7:28:01 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxxyVo]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNeDTK

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lacandula^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lacandula^Start Menu^Programs^Startup^Voobys.lnk]
backup=C:\WINDOWS\pss\Voobys.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{234e1acc-461a-11dc-bbd6-82ee5fdcffc3}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS36.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b43ab3c-97b5-11dc-a953-e74af4917ac5}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS23.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d36de24-45fd-11dc-96e1-b80af91b69c1}]
AutoRun\command- F:\
explore\Command- F:\RECYCLER\INFO.exe
open\Command- F:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96007162-abb6-11dc-90df-da86c4a2d7c2}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS1216.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca995028-a527-11dc-90bf-894a5b3250c5}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS128.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dee50b40-d2ad-11dc-9615-c661e2da28c2}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS23.dll.vbs

*Newly Created Service* - SSMDRV



-- End of Deckard's System Scanner: finished at 2008-05-23 17:24:50 ------------

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:11:11 PM

Posted 21 June 2008 - 07:29 AM

Hello maiellenmai and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users