Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker.deskbar Lots Of Pop-ups


  • Please log in to reply
1 reply to this topic

#1 whitefire293

whitefire293

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 12 June 2008 - 12:17 AM

Hello, I have used superantispyware many times. And each time it finds Browser Hijacker.Deskbar. It was also finding the virus vundo. I THINK that i hav removed that virus but i am not sure. I used the program VirtumundoBeGone to delete the vundo virus. there was also an "adware.tracking cookie" that superantispyware dectected. And i have been getting lots of pop-ups. I have enabled all the pop-up blockers and everything. PLEASE HELP

please help

whitefire293







Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-11 22:04:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-06-12 05:04:13 UTC - RP737 - Deckard's System Scanner Restore Point
35: 2008-06-11 21:53:59 UTC - RP736 - Installed SUPERAntiSpyware Free Edition
34: 2008-06-11 01:07:54 UTC - RP735 - Last known good configuration
33: 2008-06-11 01:07:46 UTC - RP734 - Installed iTunes
32: 2008-06-11 01:07:46 UTC - RP733 - Removed Virtual Desktop Manager Powertoy for Windows XP


-- First Restore Point --
1: 2008-06-11 01:07:37 UTC - RP702 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 22:07:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSehomeehrecvr.exe
C:WINDOWSehomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesMcAfeeMSCmcmscsvc.exe
C:Program FilesCommon FilesMcAfeeMNAMcNASvc.exe
C:Program FilesCommon FilesMcAfeeMcProxyMcProxy.exe
C:Program FilesMcAfeeVirusScanMcshield.exe
C:WINDOWSehomeehtray.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:WINDOWSstsystra.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesJavaj2re1.4.2_03binjucheck.exe
C:Program FilesMUSICMATCHMusicmatch Jukeboxmmtask.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesDell Photo AIO Printer 922dlbtbmgr.exe
C:Program FilesSBC Self Support ToolSmartBridgeMotiveSB.exe
C:Program FilesMcAfeeMPFMpfSrv.exe
C:Program FilesSonySonicStageSSAAD.exe
C:Program FilesDell Photo AIO Printer 922dlbtbmon.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:WINDOWSvVX3000.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMcAfeeMSKmsksrver.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesSBC Self Support Toolbinmpbtn.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehmsas.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHPDigital Imagingbinhpqste08.exe
C:Program FilesMcAfeeVirusScanmcsysmon.exe
C:WINDOWSsystem32winlogon.exe
C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
C:Program FilesMcAfeeVirusScanmcods.exe
C:Program FilesMcAfeeVirusScanmcvsshld.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32HPZipm12.exe
C:Documents and SettingsAdminDesktopdss.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {2F1E29D3-6322-4D38-90A2-5F6995A1B168} - C:WINDOWSsystem32pmnmnKAT.dll (file missing)
O2 - BHO: DeskalertsBHO - {5121B863-FAE8-4935-BA76-0ABE0239AECA} - C:Program FilesDeskAlertsdeskbar.dll
O2 - BHO: {ccab668d-bd2c-f398-8ed4-4a01af81d239} - {932d18fa-10a4-4de8-893f-c2dbd866bacc} - C:WINDOWSsystem32wkarftqq.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [mmtask] C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [Dell Photo AIO Printer 922] "C:Program FilesDell Photo AIO Printer 922dlbtbmgr.exe"
O4 - HKLM..Run: [Motive SmartBridge] C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
O4 - HKLM..Run: [ISUSPM Startup] c:progra~1common~1instal~1update~1isuspm.exe -startup
O4 - HKLM..Run: [SsAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [VX3000] C:WINDOWSvVX3000.exe
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [Zune Launcher] "C:Program FilesZuneZuneLauncher.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..Run: [McAfee Backup] C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [McENUI] C:PROGRA~1McAfeeMHNMcENUI.exe /hide
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [78a78f27] rundll32.exe "C:WINDOWSsystem32cuyxpatq.dll",b
O4 - HKLM..Run: [BM7b94bcbb] Rundll32.exe "C:WINDOWSsystem32uqdfypxu.dll",s
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [googletalk] "C:Program FilesGoogleGoogle Talkgoogletalk.exe" /autostart
O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:Program FilesSBC Self Support Toolbinmatcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsAdminStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!commonyinsthelper.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135448765703
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://longsdrugs.digitalcameradeveloping....ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:Program FilesCommon FilesAOLACSAOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:Program FilesMcAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeMNAMcNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanmcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeMcProxyMcProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanMcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanmcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMpfSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKmsksrver.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe


--
End of file - 14345 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:windowssystem32driversomci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:windowssystem32driversasctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 CDRPDACC (Arrowkey Device Access) - c:program files321studiossharedcdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 Pcouffin (Low level access layer for CD devices) - c:windowssystem32driverspcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:instal~ecorebvrpmpr5.sys (file missing)
S3 NAL (Nal Service ) - c:windowssystem32driversiqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 21:01:36 330 --ah----- C:WINDOWSTasksMP Scheduled Scan.job
2007-08-15 01:00:02 264 --a------ C:WINDOWSTasksMcDefragTask.job
2007-08-01 01:00:42 356 --a------ C:WINDOWSTasksMcQcTask.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 20:55:05 0 d-------- C:WINDOWSCSC
2008-06-11 20:39:47 0 d-------- C:VundoFix Backups
2008-06-11 20:10:18 0 d-------- C:Documents and SettingsNeelsterApplication DataSUPERAntiSpyware.com
2008-06-11 14:56:17 98816 --a------ C:WINDOWSsystem32wkarftqq.dll
2008-06-11 14:54:20 0 d-------- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2008-06-11 14:54:02 0 d-------- C:Program FilesSUPERAntiSpyware
2008-06-11 14:54:01 0 d-------- C:Documents and SettingsAdminApplication DataSUPERAntiSpyware.com
2008-06-11 14:54:00 89600 --a------ C:WINDOWSsystem32uqdfypxu.dll
2008-06-11 14:53:23 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-06-11 14:50:37 98816 --a------ C:WINDOWSsystem32bwvxlguc.dll
2008-06-11 14:48:29 89600 --a------ C:WINDOWSsystem32gsrwvhlu.dll
2008-06-11 10:15:41 98816 --a------ C:WINDOWSsystem32vthnfflp.dll
2008-06-11 10:12:42 80896 --a------ C:WINDOWSsystem32cuyxpatq.dll
2008-06-11 10:10:18 89600 --a------ C:WINDOWSsystem32vjriinup.dll
2008-06-10 18:07:25 733643 --ahs---- C:WINDOWSsystem32TAKnmnmp.ini2
2008-06-10 18:00:59 58904 --a------ C:WINDOWSsystem32sysfolderazipcnt.dll
2008-06-10 18:00:59 58904 --a------ C:WINDOWSsystem32azipcontmn.dll
2008-06-10 18:00:52 156160 --a------ C:WINDOWSsystem32ztvunrar3.dll
2008-06-10 18:00:52 75264 --a------ C:WINDOWSsystem32ztvunacev2.dll
2008-06-10 18:00:52 65536 --a------ C:WINDOWSsystem32ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft ® Cabinet File API>
2008-06-10 18:00:52 360580 --a------ C:WINDOWSsystem32eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-06-10 18:00:52 94208 --a------ C:WINDOWSsystem32eSellerateControl365.dll <Not Verified; eSellerate Inc.; eSellerate ActiveX Control>
2008-06-10 18:00:52 178176 --a------ C:WINDOWSsystem327-zip32.dll <Not Verified; ; 7-zip32>
2008-06-10 18:00:51 0 d-------- C:Program FilesAlphaZIP
2008-06-10 17:12:52 0 d-------- C:Documents and SettingsAll UsersApplication DataAzureus
2008-06-10 17:12:49 0 d-------- C:Documents and SettingsAdminApplication DataAzureus
2008-06-10 17:11:53 0 d-------- C:Program FilesAzureus
2008-06-10 01:13:52 0 d-------- C:Program FilesiTunes
2008-06-10 01:12:52 0 d-------- C:Program FilesBonjour
2008-06-10 00:57:23 0 d-------- C:Program FilesApple Software Update
2008-06-10 00:56:39 0 d-------- C:Program FilesCommon FilesApple
2008-06-10 00:56:38 0 d-------- C:Documents and SettingsAll UsersApplication DataApple
2008-06-10 00:45:23 0 d-------- C:iPlus
2008-06-08 19:34:15 0 d-------- C:Documents and SettingsNeelsterApplication DataDexpot
2008-06-08 19:33:18 0 d-------- C:Documents and SettingsAdminApplication DataDexpot
2008-06-08 19:32:38 0 d-------- C:Program FilesDexpot
2008-06-08 19:21:41 0 d-------- C:Documents and SettingsNeelsterApplication DataVirtuaWin


-- Find3M Report ---------------------------------------------------------------

2008-06-11 14:53:23 0 d-------- C:Program FilesCommon Files
2008-06-11 12:29:54 0 d-------- C:Program FilesMcAfee
2008-06-10 01:17:05 0 d-------- C:Documents and SettingsAdminApplication DataApple Computer
2008-06-10 01:13:58 0 d-------- C:Program FilesiPod
2008-06-10 01:12:09 0 d-------- C:Program FilesQuickTime
2008-05-13 12:46:04 0 d-------- C:Documents and SettingsAdminApplication DataAdobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{2F1E29D3-6322-4D38-90A2-5F6995A1B168}]
C:WINDOWSsystem32pmnmnKAT.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{5121B863-FAE8-4935-BA76-0ABE0239AECA}]
02/08/2007 02:20 PM 475136 --a------ C:Program FilesDeskAlertsdeskbar.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{932d18fa-10a4-4de8-893f-c2dbd866bacc}]
06/11/2008 02:56 PM 98816 --a------ C:WINDOWSsystem32wkarftqq.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="C:WINDOWSehomeehtray.exe" [08/05/2005 02:56 PM]
"SunJavaUpdateSched"="C:Program FilesJavaj2re1.4.2_03binjusched.exe" [11/19/2003 03:48 PM]
"IAAnotif"="C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe" [04/25/2005 06:50 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:WINDOWSstsystra.exe]
"ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [03/29/2005 07:05 PM]
"DVDLauncher"="C:Program FilesCyberLinkPowerDVDDVDLauncher.exe" [02/23/2005 02:19 PM]
"mmtask"="C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe" [09/14/2004 06:50 AM]
"dla"="C:WINDOWSsystem32dlatfswctrl.exe" [12/05/2004 11:05 PM]
"Dell Photo AIO Printer 922"="C:Program FilesDell Photo AIO Printer 922dlbtbmgr.exe" [06/18/2004 08:30 AM]
"Motive SmartBridge"="C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe" [12/10/2003 05:52 AM]
"ISUSPM Startup"="c:progra~1common~1instal~1update~1isuspm.exe" [07/27/2004 02:50 PM]
"SsAAD.exe"="C:PROGRA~1SonySONICS~1SsAAD.exe" [09/27/2005 07:59 AM]
"Google Desktop Search"="C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" [01/08/2006 07:45 PM]
"MSKDetectorExe"="C:Program FilesMcAfeeSpamKillerMSKDetct.exe" [08/12/2005 05:16 PM]
"Microsoft Works Update Detection"="C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe" [08/16/2001 08:41 PM]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [07/09/2001 10:50 AM]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [05/11/2005 11:12 PM]
"VX3000"="C:WINDOWSvVX3000.exe" [10/13/2006 05:04 PM]
"LifeCam"="C:Program FilesMicrosoft LifeCamLifeExp.exe" [10/13/2006 05:01 PM]
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [11/03/2006 07:20 PM]
"Zune Launcher"="C:Program FilesZuneZuneLauncher.exe" [12/12/2006 03:45 PM]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [05/11/2007 03:06 AM]
"UserFaultCheck"="C:WINDOWSsystem32dumprep 0 -u" []
"McAfee Backup"="C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe" [01/16/2007 02:59 PM]
"MBkLogOnHook"="C:Program FilesMcAfeeMBKLogOnHook.exe" [01/08/2007 12:22 PM]
"mcagent_exe"="C:Program FilesMcAfee.comAgentmcagent.exe" [08/03/2007 11:33 PM]
"McENUI"="C:PROGRA~1McAfeeMHNMcENUI.exe" [11/30/2007 05:42 AM]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [06/02/2008 11:13 AM]
"78a78f27"="C:WINDOWSsystem32cuyxpatq.dll" [06/11/2008 10:12 AM]
"BM7b94bcbb"="C:WINDOWSsystem32uqdfypxu.dll" [06/11/2008 02:54 PM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/10/2004 03:00 AM]
"googletalk"="C:Program FilesGoogleGoogle Talkgoogletalk.exe" [01/01/2007 02:22 PM]
"NBJ"="C:Program FilesAheadNero BackItUpNBJ.exe" [02/10/2005 05:00 PM]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [10/13/2004 09:24 AM]
"SUPERAntiSpyware"="C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2/4/2006 11:47:35 PM]
Digital Line Detect.lnk - C:Program FilesDigital Line DetectDLG.exe [9/21/2005 4:48:22 AM]
HP Digital Imaging Monitor.lnk - C:Program FilesHPDigital Imagingbinhpqtra08.exe [5/11/2005 11:23:26 PM]
HP Image Zone Fast Start.lnk - C:Program FilesHPDigital Imagingbinhpqthb08.exe [5/12/2005 12:49:24 AM]
SBC Self Support Tool.lnk - C:Program FilesSBC Self Support Toolbinmatcli.exe [11/27/2005 1:52:00 PM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"=C:WINDOWSResourcesThemesRoyale.theme

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program FilesSUPERAntiSpywareSASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll 04/19/2007 01:41 PM 294912 C:Program FilesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"appinit_dlls"=C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32pmnmnKAT

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-06-11 22:08:25 ------------

i forgot to mention im running a microsoft xp. And on of the users it comes up with something like trojan.Downloader New Juan/Vm and Advare Vundo Variant/Rel

Merged posts. ~ OB

Edited by Orange Blossom, 12 June 2008 - 09:16 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 June 2008 - 06:20 AM

Hi and Welcome to the forums.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users