Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/adware Problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 MDH

MDH

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 30 May 2008 - 08:17 PM

I've been experiencing this recurring malware/adware problem and it's time to seek outside help. I've run through Spybot, etc and every time it runs it finds and supposedly removes instances of spyware, but the problem always seems to come back. When I'm working in Internet Explorer or online in general, I get random ads that come up and it then locks up my computer so I'm unable to do anything else.

I've followed the instructions listed in the help section to run the DSS.exe and produce the HijackThis log, the results of which are below. Any assistance you could give is greatly appreciated. I am running a brand new dual-core 2.4GHz machine with WinXP Pro SP2.

Deckard's System Scanner v20071014.68
Run by Feinthel on 2008-05-30 21:12:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Feinthel.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:53 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Feinthel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Feinthel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {079CE177-7C15-47C0-A116-0778958F7F1B} - C:\WINDOWS\system32\cbXOGXOh.dll
O2 - BHO: (no name) - {1392B03A-7D21-40B1-9468-270900A2EF03} - C:\WINDOWS\system32\awtsQGAr.dll (file missing)
O2 - BHO: (no name) - {21C63899-6532-40D7-8379-7ED788B98D28} - C:\WINDOWS\system32\mlJdATjG.dll
O2 - BHO: (no name) - {CBB0B770-AFFA-45A5-92A0-3A9D3E9B31CB} - C:\WINDOWS\system32\ssqQifgG.dll (file missing)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BM9b147555] Rundll32.exe "C:\WINDOWS\system32\wahcogvw.dll",s
O4 - HKLM\..\Run: [982746c9] rundll32.exe "C:\WINDOWS\system32\mwyvtqxu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: mlJdATjG - C:\WINDOWS\SYSTEM32\mlJdATjG.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6629 bytes

-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-30 21:11:37 0 d-------- C:\Program Files\Trend Micro
2008-05-30 21:04:41 117248 --a------ C:\WINDOWS\system32\mwyvtqxu.dll
2008-05-30 21:04:26 135168 --a------ C:\WINDOWS\system32\hxekmfyx.dll
2008-05-20 21:32:33 135168 --a------ C:\WINDOWS\system32\rqrwivjx.dll
2008-05-20 21:32:19 117248 -----n--- C:\WINDOWS\system32\xvwabmxw.dll
2008-05-20 21:29:58 126976 --a------ C:\WINDOWS\system32\wahcogvw.dll
2008-05-20 21:29:18 893688 --ahs---- C:\WINDOWS\system32\hOXGOXbc.ini2
2008-05-20 21:29:05 370176 --a------ C:\WINDOWS\system32\cbXOGXOh.dll
2008-05-20 20:59:04 0 d-------- C:\WINDOWS\pss
2008-05-20 20:21:04 117248 --a------ C:\WINDOWS\system32\yaelwgwj.dll
2008-05-20 20:18:05 2560 --a------ C:\WINDOWS\system32\hkwcarhw.exe
2008-05-20 20:15:04 135168 --a------ C:\WINDOWS\system32\apoelnma.dll
2008-05-20 20:12:44 126976 --a------ C:\WINDOWS\system32\sbclejny.dll
2008-05-20 20:12:04 896841 --ahs---- C:\WINDOWS\system32\GgfiQqss.ini2
2008-05-20 19:51:47 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-20 19:51:25 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-20 19:33:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 19:27:13 0 d-------- C:\Program Files\Lavasoft
2008-05-20 19:27:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 19:26:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 19:20:36 117248 -----n--- C:\WINDOWS\system32\noqbgpjh.dll
2008-05-20 13:38:11 126976 --a------ C:\WINDOWS\system32\bdaxyhtf.dll
2008-05-19 11:59:05 2048 --a------ C:\WINDOWS\system32\iiraqsth.exe
2008-05-19 11:58:53 114176 --a------ C:\WINDOWS\system32\koisalfr.dll
2008-05-19 11:58:06 0 d-------- C:\Program Files\Windows Defender
2008-05-19 11:55:53 133632 --a------ C:\WINDOWS\system32\rlqwxdhj.dll
2008-05-13 23:41:25 133632 --a------ C:\WINDOWS\system32\mfdfuois.dll
2008-05-13 23:38:49 2048 --a------ C:\WINDOWS\system32\dyaxumum.exe
2008-05-13 23:34:27 114176 --a------ C:\WINDOWS\system32\qwcpmkcm.dll
2008-05-13 23:32:16 123392 --a------ C:\WINDOWS\system32\yxcfwlcs.dll
2008-05-12 13:35:32 132096 --a------ C:\WINDOWS\system32\ccecrduo.dll
2008-05-12 13:33:26 2048 --a------ C:\WINDOWS\system32\xjimbtgb.exe
2008-05-12 13:33:10 125952 --a------ C:\WINDOWS\system32\fwdwiitk.dll
2008-05-11 20:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-11 20:57:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-11 20:09:55 0 d-------- C:\CloneDVDTemp
2008-05-11 19:57:47 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-11 19:57:37 33161 --a------ C:\WINDOWS\system32\khfGXRHX.dll
2008-05-11 19:56:02 1041513 --ahs---- C:\WINDOWS\system32\rAGQstwa.ini2
2008-05-11 19:49:43 0 d-------- C:\Program Files\SlySoft
2008-05-11 19:49:31 33161 --a------ C:\WINDOWS\system32\mlJdATjG.dll
2008-05-06 00:24:54 0 d-------- C:\WINDOWS\system32\Lang
2008-05-06 00:23:06 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-05-06 00:22:47 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-06 00:21:39 0 d-------- C:\Program Files\Realtek
2008-05-06 00:21:17 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-06 00:21:16 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-04 08:34:01 0 d-------- C:\Documents and Settings\Feinthel\Application Data\Apple Computer
2008-05-04 08:33:52 0 d-------- C:\Program Files\iPod
2008-05-04 08:33:50 0 d-------- C:\Program Files\iTunes
2008-05-04 08:33:42 0 d-------- C:\Program Files\Bonjour
2008-05-04 08:33:23 0 d-------- C:\Program Files\QuickTime
2008-05-04 08:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-04 08:33:15 0 d-------- C:\Program Files\Apple Software Update
2008-05-04 08:32:43 0 d-------- C:\Program Files\Common Files\Apple
2008-05-04 08:32:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 18:12:33 0 d-------- C:\Documents and Settings\Feinthel\Application Data\FUJIFILM
2008-05-03 18:08:17 0 d-------- C:\WINDOWS\network diagnostic
2008-05-03 18:07:23 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-05-03 18:07:23 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-05-03 18:07:07 0 d-------- C:\Program Files\FinePixViewer
2008-05-03 18:06:22 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-05-03 18:06:22 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-05-03 18:06:22 0 d-------- C:\Program Files\REGSHAVE
2008-05-03 18:06:21 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-05-03 18:06:21 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-05-03 18:04:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-03 07:28:11 0 d-------- C:\Documents and Settings\Feinthel\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-05-20 19:26:49 0 d-------- C:\Program Files\Common Files
2008-05-06 00:21:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 00:21:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-28 20:30:25 0 d-------- C:\Program Files\Messenger
2008-04-28 20:25:30 0 d-------- C:\Program Files\MSXML 4.0
2008-04-28 20:19:35 0 d-------- C:\Program Files\MSXML 6.0
2008-04-28 20:14:32 0 d-------- C:\Program Files\Western Digital
2008-04-28 18:36:36 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-28 18:35:31 0 d-------- C:\Documents and Settings\Feinthel\Application Data\Ahead
2008-04-28 18:34:39 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-28 18:31:31 0 d-------- C:\Program Files\Nero
2008-04-28 03:58:51 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-28 03:58:48 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-28 03:58:30 62 --ahs---- C:\Documents and Settings\Feinthel\Application Data\desktop.ini
2008-04-27 21:26:30 0 d-------- C:\Documents and Settings\Feinthel\Application Data\Macromedia
2008-04-27 09:06:25 0 d-------- C:\Documents and Settings\Feinthel\Application Data\InstallShield
2008-04-27 08:55:49 0 d-------- C:\Documents and Settings\Feinthel\Application Data\TMP
2008-04-27 08:21:18 0 d-------- C:\Program Files\Network Associates
2008-04-27 08:21:18 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-27 08:21:03 0 d-------- C:\Program Files\Common Files\Network Associates
2008-04-27 08:15:26 0 d-------- C:\Documents and Settings\Feinthel\Application Data\Identities
2008-04-27 08:11:58 0 d-------- C:\Program Files\microsoft frontpage
2008-04-27 08:11:46 0 -rahs---- C:\MSDOS.SYS
2008-04-27 08:11:46 0 -rahs---- C:\IO.SYS
2008-04-27 08:11:46 0 --a------ C:\CONFIG.SYS
2008-04-27 08:11:46 0 --a------ C:\AUTOEXEC.BAT
2008-04-27 08:10:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-27 08:10:17 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-27 08:10:12 0 d-------- C:\Program Files\Movie Maker
2008-04-27 08:09:40 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-27 08:09:23 0 d-------- C:\Program Files\Online Services
2008-04-27 08:09:16 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-27 08:09:10 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{079CE177-7C15-47C0-A116-0778958F7F1B}]
05/20/2008 09:29 PM 370176 --a------ C:\WINDOWS\system32\cbXOGXOh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392B03A-7D21-40B1-9468-270900A2EF03}]
C:\WINDOWS\system32\awtsQGAr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21C63899-6532-40D7-8379-7ED788B98D28}]
05/11/2008 07:49 PM 33161 --a------ C:\WINDOWS\system32\mlJdATjG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBB0B770-AFFA-45A5-92A0-3A9D3E9B31CB}]
C:\WINDOWS\system32\ssqQifgG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/27/2007 06:59 AM]
"nwiz"="nwiz.exe" [08/27/2007 06:59 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/27/2007 06:59 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"RTHDCPL"="RTHDCPL.EXE" [08/20/2007 03:38 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [09/20/2003 03:23 PM]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [11/02/2002 02:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"BM9b147555"="C:\WINDOWS\system32\wahcogvw.dll" [05/20/2008 09:29 PM]
"982746c9"="C:\WINDOWS\system32\mwyvtqxu.dll" [05/30/2008 09:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2007 10:21 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [02/26/2007 01:01 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{21C63899-6532-40D7-8379-7ED788B98D28}"= C:\WINDOWS\system32\mlJdATjG.dll [05/11/2008 07:49 PM 33161]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJdATjG]
mlJdATjG.dll 05/11/2008 07:49 PM 33161 C:\WINDOWS\system32\mlJdATjG.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXOGXOh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-30 21:13:49 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:56 AM

Posted 31 May 2008 - 10:06 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:56 AM

Posted 09 June 2008 - 07:20 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users