Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 chingon5

chingon5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 14 June 2008 - 01:31 AM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-13 23:25:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
92: 2008-06-14 06:25:41 UTC - RP271 - Deckard's System Scanner Restore Point
91: 2008-06-12 19:09:51 UTC - RP270 - Last known good configuration
90: 2008-06-12 19:06:55 UTC - RP269 - System Checkpoint
89: 2008-06-12 19:06:48 UTC - RP268 - Software Distribution Service 3.0
88: 2008-06-12 19:06:42 UTC - RP267 - System Checkpoint


-- First Restore Point --
1: 2008-06-12 19:00:42 UTC - RP180 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-13 23:26:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-70LKB.tmp\mbam-setup.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\system32\215651\215651.dll
O2 - BHO: QXK Olive - {1FAB923F-38D7-47E0-A1AF-9889F89B99B9} - C:\WINDOWS\kvsdpfeaoqn.dll
O2 - BHO: (no name) - {2FB68C59-C098-415B-8563-837B33DD7D0D} - C:\WINDOWS\system32\rqRJDvvV.dll
O2 - BHO: (no name) - {348B6A0E-8C19-497C-9646-D5EAA2A036C7} - C:\WINDOWS\system32\ljJYRKax.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll
O2 - BHO: superiorads browser optimizer - {99877959-0b90-0653-8521-7630cb3ca3c2} - C:\WINDOWS\system32\{dd2b0a75-f1f7-8dfc-cd8b-a94030940e10}.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: rtsplgob - {4840F5B3-C8E8-4900-BEBF-667735B7C7DB} - C:\WINDOWS\rtsplgob.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pathname] C:\WINDOWS\system32\pathname.exe
O4 - HKLM\..\Run: [{c3c0b3c1-656e-47f4-e825-11c93b785da4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{dd2b0a75-f1f7-8dfc-cd8b-a94030940e10}.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193068306531
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://139.102.80.41/activex/AxisCamControl.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: rqRJDvvV - C:\WINDOWS\system32\rqRJDvvV.dll
O21 - SSODL: xkefqtgs - {D1964508-9149-457F-A5E2-E024F4F2A426} - C:\WINDOWS\xkefqtgs.dll
O21 - SSODL: rnopbfgt - {954CBF42-94F0-482E-9270-FAAF5ACD0CF1} - C:\WINDOWS\rnopbfgt.dll
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxci_device - Unknown owner - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe


--
End of file - 10174 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>

S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_9360\9205291
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_9360\9205291
Service: USBSTOR


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 21:30:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-31 16:56:24 384 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 23:18:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-13 23:18:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 23:18:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 12:15:06 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-12 12:00:22 274041 --ahs---- C:\WINDOWS\system32\xaKRYJjl.ini2
2008-06-12 12:00:08 322944 --a------ C:\WINDOWS\system32\ljJYRKax.dll
2008-06-12 11:51:28 29312 --a------ C:\WINDOWS\system32\yayvVPJY.dll
2008-06-12 11:51:12 0 d-------- C:\Program Files\Antivirus 2008 PRO
2008-06-12 11:50:59 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-06-12 11:50:45 29312 --a------ C:\WINDOWS\system32\awtSiJyw.dll
2008-06-12 11:50:39 163840 --a------ C:\WINDOWS\extr.exe
2008-06-12 11:50:38 258048 --a------ C:\WINDOWS\xkefqtgs.dll
2008-06-12 11:50:38 29312 --a------ C:\WINDOWS\system32\rqRJDvvV.dll
2008-06-12 11:50:38 188416 --a------ C:\WINDOWS\rtsplgob.dll
2008-06-12 11:50:38 286720 --a------ C:\WINDOWS\rnopbfgt.dll
2008-06-12 11:50:38 81920 --a------ C:\WINDOWS\pebgkxwq.exe
2008-06-12 11:50:38 249856 --a------ C:\WINDOWS\kvsdpfeaoqn.dll
2008-06-12 11:50:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-26 03:39:02 365056 --a------ C:\WINDOWS\system32\{dd2b0a75-f1f7-8dfc-cd8b-a94030940e10}.dll
2008-05-24 21:53:50 204 --a------ C:\WINDOWS\system32\pathname.dll
2008-05-24 21:53:47 106381 --a------ C:\WINDOWS\system32\pathname.exe
2008-05-22 16:36:30 0 d-------- C:\Program Files\vixy.net
2008-05-15 20:10:39 0 d-------- C:\Program Files\SpeedBit Video Accelerator


-- Find3M Report ---------------------------------------------------------------

2008-06-13 23:27:49 0 d-------- C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-06-11 21:00:58 0 d-------- C:\Program Files\Lx_cats
2008-05-27 16:31:13 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-12 22:48:36 0 d-------- C:\Program Files\eRightSoft
2008-05-12 22:29:02 1028 --a------ C:\Documents and Settings\Owner\Application Data\AVIEncoder.wff
2008-05-10 12:46:00 0 d-------- C:\Program Files\NCH Software
2008-05-08 23:01:19 0 d-------- C:\Program Files\Common Files
2008-05-08 22:41:45 0 d-------- C:\Program Files\Ares
2008-05-05 20:32:36 70512 --a------ C:\WINDOWS\system32\uninstall.exe
2008-05-04 22:21:24 0 d-------- C:\Documents and Settings\Owner\Application Data\River Past G5
2008-05-04 18:08:09 0 d-------- C:\Program Files\LimeWire
2008-05-02 15:56:12 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-04-17 11:48:44 0 d-------- C:\Program Files\Yahoo!
2008-04-16 13:43:04 0 d-------- C:\Program Files\Windows Live
2008-04-16 13:42:28 0 d-------- C:\Program Files\MySpace
2008-04-14 15:01:29 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-28 07:16:09 40730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}]
04/08/2008 18:51: VIRUS ALERT! 13824 --a------ C:\WINDOWS\system32\215651\215651.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FAB923F-38D7-47E0-A1AF-9889F89B99B9}]
06/12/2008 08:32: VIRUS ALERT! 249856 --a------ C:\WINDOWS\kvsdpfeaoqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FB68C59-C098-415B-8563-837B33DD7D0D}]
06/12/2008 11:50: VIRUS ALERT! 29312 --a------ C:\WINDOWS\system32\rqRJDvvV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348B6A0E-8C19-497C-9646-D5EAA2A036C7}]
06/12/2008 12:00: VIRUS ALERT! 322944 --a------ C:\WINDOWS\system32\ljJYRKax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
11/19/2007 03:36: VIRUS ALERT! 64000 --a------ C:\WINDOWS\system32\spads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99877959-0b90-0653-8521-7630cb3ca3c2}]
05/26/2008 03:39: VIRUS ALERT! 365056 --a------ C:\WINDOWS\system32\{dd2b0a75-f1f7-8dfc-cd8b-a94030940e10}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
12/06/2007 12:58: VIRUS ALERT! 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00: VIRUS ALERT!]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00: VIRUS ALERT!]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00: VIRUS ALERT!]
"VTTimer"="VTTimer.exe" [03/08/2005 04:33: VIRUS ALERT! C:\WINDOWS\system32\VTTimer.exe]
"LXCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [02/24/2006 14:05: VIRUS ALERT!]
"lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [09/30/2005 07:47: VIRUS ALERT!]
"EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [08/01/2005 05:05: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 00:43: VIRUS ALERT!]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58: VIRUS ALERT!]
"spa_start"="C:\WINDOWS\system32\spads.dll" [11/19/2007 03:36: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16: VIRUS ALERT!]
"pathname"="C:\WINDOWS\system32\pathname.exe" [05/24/2008 21:53: VIRUS ALERT!]
"{c3c0b3c1-656e-47f4-e825-11c93b785da4}"="C:\WINDOWS\system32\{dd2b0a75-f1f7-8dfc-cd8b-a94030940e10}.dll" [05/26/2008 03:39: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00: VIRUS ALERT!]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/05/2008 23:47: VIRUS ALERT!]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 08:20: VIRUS ALERT!]
"ares"="C:\Program Files\Ares\Ares.exe" [02/20/2008 07:33: VIRUS ALERT!]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [06/12/2008 11:51: VIRUS ALERT!]
"C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [06/12/2008 11:50: VIRUS ALERT!]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/7/2008 6:04:27 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/5/2008 11:47:51 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2FB68C59-C098-415B-8563-837B33DD7D0D}"= C:\WINDOWS\system32\rqRJDvvV.dll [06/12/2008 11:50: VIRUS ALERT! 29312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {D1964508-9149-457F-A5E2-E024F4F2A426} - C:\WINDOWS\xkefqtgs.dll [06/12/2008 08:32: VIRUS ALERT! 258048]
"rnopbfgt"= {954CBF42-94F0-482E-9270-FAAF5ACD0CF1} - C:\WINDOWS\rnopbfgt.dll [06/12/2008 08:32: VIRUS ALERT! 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDvvV]
rqRJDvvV.dll 06/12/2008 11:50: VIRUS ALERT! 29312 C:\WINDOWS\system32\rqRJDvvV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYRKax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"lxci_device"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{636d4390-e4de-11dc-9f15-00112fa721a0}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74396dd4-881b-11dc-9eea-00112fa721a0}]
AutoRun\command- I:\JDSecure\Windows\JDSecure20.exe




-- End of Deckard's System Scanner: finished at 2008-06-13 23:28:51 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:21 PM

Posted 04 July 2008 - 11:13 PM

Hello chingon5,

you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world. :thumbsup:

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!




I see you already have Malwarebytes' Anti-Malware installed.
I want you to update it and run it again.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply.



Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Edited by SifuMike, 04 July 2008 - 11:57 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:21 PM

Posted 17 July 2008 - 05:34 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users