Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?


  • This topic is locked This topic is locked
2 replies to this topic

#1 pacoo

pacoo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 17 June 2008 - 05:37 PM

Hello. My computer seems to have been infected with something but I am not really sure what. I keep getting popups and it has problems accessing the internet.
Here is my log file.

Thank you in advance.

Deckard's System Scanner v20071014.68
Run by jeffrey on 2008-06-17 15:22:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-06-17 22:22:53 UTC - RP59 - Deckard's System Scanner Restore Point
27: 2008-06-17 02:13:18 UTC - RP58 - Restore Operation
26: 2008-06-17 01:08:22 UTC - RP57 - Installed Ad-Aware
25: 2008-06-15 23:48:29 UTC - RP56 - Last known good configuration
24: 2008-06-15 23:48:21 UTC - RP55 - System Checkpoint


-- First Restore Point --
1: 2008-06-15 23:48:17 UTC - RP32 - Installed Orka


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-17 15:24:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Svconr\Svconr.exe
C:\Documents and Settings\jeffrey\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\jeffrey\My Documents\F?nts\mshta.exe
C:\Program Files\Common Files\??stem\n?pdb.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\jeffrey\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {05D8E552-46C3-40F3-8EA0-2EE6EBB226BD} - C:\WINDOWS\system32\opnMddCs.dll
O2 - BHO: (no name) - {0F8F84CF-DCBA-4426-AC18-30A8AB00C526} - C:\WINDOWS\system32\efcDTnnO.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {4dd6f3cb-ab0f-b29a-9c64-431f59559f8a} - {a8f95595-f134-46c9-a92b-f0babc3f6dd4} - C:\WINDOWS\system32\whugaubk.dll
O2 - BHO: (no name) - {D240E94A-5789-0378-AE4E-70A290E84BC5} - C:\WINDOWS\system32\pwxlzo.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [f4c47a34] rundll32.exe "C:\WINDOWS\system32\xqtmqyxn.dll",b
O4 - HKLM\..\Run: [BMf7f749a8] Rundll32.exe "C:\WINDOWS\system32\jbawbxeg.dll",s
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\jeffrey\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Stsm] "C:\DOCUME~1\jeffrey\MYDOCU~1\FNTS~1\mshta.exe" -vt ndrv
O4 - HKCU\..\Run: [Ewtwdt] "C:\Program Files\Common Files\??stem\n?pdb.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [QdrPack17] "C:\Program Files\QdrPack\QdrPack17.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209094887000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209096819812
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
O20 - Winlogon Notify: efcDTnnO - C:\WINDOWS\system32\efcDTnnO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


--
End of file - 7028 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
S3 XDva143 - c:\windows\system32\xdva143.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: BCM92045NMD
Device ID: USB\VID_0A5C&PID_2101\5&3431B5FC&0&1
Manufacturer:
Name: BCM92045NMD
PNP Device ID: USB\VID_0A5C&PID_2101\5&3431B5FC&0&1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_10DE&DEV_0058&SUBSYS_2052161F&REV_A2\3&267A616A&0&21
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_10DE&DEV_0058&SUBSYS_2052161F&REV_A2\3&267A616A&0&21
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TRENDnet TEW-421PC/TEW-423PI 802.11g Wireless Cardbus/PCI Adapter
Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&31AECDFC&0&5048
Manufacturer: Realtek
Name: TRENDnet TEW-421PC/TEW-423PI 802.11g Wireless Cardbus/PCI Adapter
PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&31AECDFC&0&5048
Service: rtl8185


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 14:37:18 94720 --a------ C:\WINDOWS\system32\jbawbxeg.dll
2008-06-16 19:11:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 19:11:42 0 d--hs---- C:\WINDOWS\SmVmZnJleSBCZXJ0dWNo
2008-06-16 19:11:41 0 d-------- C:\Program Files\QdrPack
2008-06-16 19:11:41 0 d-------- C:\Program Files\ISM
2008-06-16 19:11:41 0 d-------- C:\Program Files\iCheck
2008-06-16 19:11:40 0 d-------- C:\Program Files\Temporary
2008-06-16 19:11:40 0 d-------- C:\Program Files\Svconr
2008-06-16 19:11:40 0 d-------- C:\Program Files\Spcron
2008-06-16 19:11:40 0 d-------- C:\Program Files\mjc
2008-06-16 19:11:40 0 d-------- C:\Program Files\Common Files\??stem
2008-06-16 19:11:40 0 d-------- C:\Documents and Settings\jeffrey\Application Data\SpeedRunner
2008-06-16 18:08:25 0 d-------- C:\Program Files\Lavasoft
2008-06-16 18:08:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 18:01:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-16 17:57:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-06-16 17:52:22 0 d-------- C:\Program Files\GetModule
2008-06-16 17:52:15 0 d-------- C:\Program Files\GetPack
2008-06-16 17:47:45 0 d-------- C:\WINDOWS\mwqm
2008-06-16 17:47:45 0 d-------- C:\Program Files\Common Files\mwqm
2008-06-16 17:42:21 60928 --a------ C:\WINDOWS\system32\pwxlzo.dll
2008-06-16 10:17:38 87040 --a------ C:\WINDOWS\system32\xqtmqyxn.dll
2008-06-16 10:14:38 101888 --a------ C:\WINDOWS\system32\whugaubk.dll
2008-06-16 10:12:24 94720 --a------ C:\WINDOWS\system32\abyetkvq.dll
2008-06-15 16:48:06 682148 --ahs---- C:\WINDOWS\system32\sCddMnpo.ini2
2008-06-15 16:48:01 285696 --a------ C:\WINDOWS\system32\opnMddCs.dll
2008-06-15 16:43:02 41984 --a------ C:\WINDOWS\mrofinu1535.exe
2008-06-15 16:42:57 33792 --a------ C:\WINDOWS\system32\efcDTnnO.dll
2008-06-15 11:28:21 0 d-------- C:\Logs
2008-06-15 08:38:30 0 d-------- C:\Program Files\World of Warcraft
2008-06-15 08:38:30 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-13 11:13:51 0 d-------- C:\Program Files\Gravity
2008-06-13 09:21:35 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-13 09:20:17 0 d-------- C:\Program Files\PlayOnline
2008-06-13 08:09:37 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-06-13 08:09:35 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-13 07:52:30 214016 --a------ C:\WINDOWS\b148.exe
2008-06-13 07:05:04 95232 --a------ C:\WINDOWS\b152.exe
2008-06-13 01:06:59 0 d-------- C:\Program Files\Red Kawa
2008-06-13 00:25:28 1847 --a------ C:\Documents and Settings\jeffrey\bankofamerica
2008-06-13 00:25:28 0 d-------- C:\Documents and Settings\jeffrey\Application Data\gtk-2.0
2008-06-13 00:20:19 0 d-------- C:\Documents and Settings\jeffrey\.gnome2_private
2008-06-13 00:20:19 0 d-------- C:\Documents and Settings\jeffrey\.gnome2
2008-06-13 00:20:19 0 d-------- C:\Documents and Settings\jeffrey\.gconfd
2008-06-13 00:20:19 0 d-------- C:\Documents and Settings\jeffrey\.gconf
2008-06-13 00:20:17 0 d-------- C:\Documents and Settings\jeffrey\.gnucash
2008-06-13 00:19:10 0 d-------- C:\Program Files\gnucash
2008-06-12 20:03:42 0 d-------- C:\Program Files\Silkroad
2008-06-12 19:58:40 0 d-------- C:\Program Files\MindArk
2008-06-12 07:58:22 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-12 07:58:22 78085 --a------ C:\WINDOWS\War3Unin.dat
2008-06-12 07:58:21 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-12 07:54:04 0 d-------- C:\Program Files\Warcraft III
2008-06-12 07:21:58 266240 --a------ C:\WINDOWS\system32\MyRossoPlugin.dll <Not Verified; Gonzo Rosso (M) Sdn Bhd; MyRossoPlugin Module>
2008-06-12 07:21:55 0 d-------- C:\Program Files\MyRosso
2008-06-12 07:21:46 0 d-------- C:\Documents and Settings\jeffrey\Application Data\InstallShield
2008-06-09 20:57:25 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-09 20:57:25 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-09 20:57:25 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-09 20:56:50 0 d-------- C:\Program Files\Starcraft
2008-06-08 20:31:41 0 d-------- C:\Program Files\Eternal Lands
2008-06-06 07:29:52 0 d-------- C:\Program Files\Brak Software
2008-06-06 07:29:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Brak Software
2008-06-06 06:49:46 0 d-------- C:\Downloads
2008-06-06 06:48:05 0 d-------- C:\Program Files\uTorrent
2008-06-06 06:47:59 0 d-------- C:\Documents and Settings\jeffrey\Application Data\uTorrent
2008-05-28 10:15:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-28 10:15:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 09:53:09 0 d-------- C:\Program Files\Neffy
2008-05-28 04:02:06 74240 --a------ C:\WINDOWS\b156.exe
2008-05-26 21:02:31 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Media Player Classic
2008-05-26 20:59:42 0 d-------- C:\Documents and Settings\jeffrey\Application Data\DivX
2008-05-26 19:54:13 0 d-------- C:\Program Files\Steam
2008-05-26 18:07:32 0 d-------- C:\Program Files\NCSoft
2008-05-26 18:04:22 0 d-------- C:\Documents and Settings\jeffrey\Application Data\GetRightToGo
2008-05-26 17:48:02 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Secret of the Solstice
2008-05-26 17:23:51 0 d-------- C:\Program Files\Common Files\DirectX
2008-05-26 17:23:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-05-26 17:17:16 0 d-------- C:\Program Files\Outspark
2008-05-26 16:45:38 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-26 15:53:08 0 d-------- C:\WINDOWS\Sun
2008-05-26 15:53:08 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Sun
2008-05-25 15:37:38 0 d-------- C:\Program Files\OpenAL
2008-05-25 15:37:37 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-25 15:37:37 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-25 15:36:37 0 d-------- C:\Program Files\NGD Studios
2008-05-25 12:54:04 0 d-------- C:\AeriaGames
2008-05-25 11:53:44 0 d-------- C:\Program Files\Java
2008-05-25 11:53:38 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-06-17 14:36:40 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-16 19:11:40 0 d-------- C:\Program Files\Common Files\??stem
2008-06-16 19:11:16 0 d-------- C:\Program Files\Common Files
2008-06-13 11:13:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 09:23:25 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Adobe
2008-05-28 10:28:17 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-04 23:22:14 0 d-------- C:\Program Files\DivX
2008-05-04 23:19:52 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Winamp
2008-05-04 23:18:57 0 d-------- C:\Program Files\Winamp
2008-05-01 23:37:34 0 d-------- C:\Program Files\Alcohol Soft
2008-04-25 12:07:49 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Macromedia
2008-04-25 11:35:44 0 d-------- C:\Documents and Settings\jeffrey\Application Data\WinRAR
2008-04-24 22:30:49 0 d-------- C:\Program Files\MSXML 6.0
2008-04-24 21:52:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-24 21:44:04 0 d-------- C:\Program Files\MSBuild
2008-04-24 21:41:25 0 d-------- C:\Program Files\Reference Assemblies
2008-04-24 21:32:17 0 d-------- C:\Program Files\Messenger
2008-04-24 21:00:47 0 d-------- C:\Program Files\Movie Maker
2008-04-24 20:59:18 0 d-------- C:\Program Files\Windows NT
2008-04-24 20:41:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 20:39:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 20:39:53 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Mozilla
2008-04-24 20:26:00 0 d-------- C:\Program Files\AMD
2008-04-24 20:24:11 0 d-------- C:\Program Files\Synaptics
2008-04-24 20:23:01 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-24 20:20:22 0 d-------- C:\Program Files\Analog Devices
2008-04-24 19:51:09 0 d-------- C:\Program Files\Marvell
2008-04-24 19:43:45 0 d-------- C:\Documents and Settings\jeffrey\Application Data\Identities
2008-04-24 19:39:12 0 d-------- C:\Program Files\microsoft frontpage
2008-04-24 19:38:55 0 -rahs---- C:\MSDOS.SYS
2008-04-24 19:38:55 0 -rahs---- C:\IO.SYS
2008-04-24 19:38:55 0 --a------ C:\CONFIG.SYS
2008-04-24 19:38:55 0 --a------ C:\AUTOEXEC.BAT
2008-04-24 19:36:51 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-24 19:36:07 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-24 19:35:40 0 d-------- C:\Program Files\Online Services
2008-04-24 19:35:29 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 12:29:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 12:29:15 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 12:28:53 62 --ahs---- C:\Documents and Settings\jeffrey\Application Data\desktop.ini
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 13:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05D8E552-46C3-40F3-8EA0-2EE6EBB226BD}]
06/15/2008 04:48 PM 285696 --a------ C:\WINDOWS\system32\opnMddCs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}]
06/15/2008 04:42 PM 33792 --a------ C:\WINDOWS\system32\efcDTnnO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
06/16/2008 04:57 PM 55808 --a------ C:\Program Files\Spcron\Spc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f95595-f134-46c9-a92b-f0babc3f6dd4}]
06/16/2008 10:14 AM 101888 --a------ C:\WINDOWS\system32\whugaubk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D240E94A-5789-0378-AE4E-70A290E84BC5}]
05/29/2008 11:34 AM 60928 --a------ C:\WINDOWS\system32\pwxlzo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/08/2006 06:21 PM]
"nwiz"="nwiz.exe" [05/08/2006 06:21 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [05/08/2006 06:21 PM C:\WINDOWS\system32\nvmctray.dll]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 09:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/25/2005 12:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 02:36 PM]
"BisonTrayIcon"="C:\WINDOWS\BisonCam\BisonTrayIcon.exe" [10/06/2005 06:49 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 11:49 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:31 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/29/2002 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 05:00 AM]
"f4c47a34"="C:\WINDOWS\system32\xqtmqyxn.dll" [06/16/2008 10:17 AM]
"BMf7f749a8"="C:\WINDOWS\system32\jbawbxeg.dll" [06/17/2008 02:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [03/20/2008 09:46 AM]
"mjc"="C:\Program Files\mjc\mjc.exe" [06/16/2008 04:52 PM]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [06/16/2008 05:02 PM]
"SpeedRunner"="C:\Documents and Settings\jeffrey\Application Data\SpeedRunner\SpeedRunner.exe" [06/16/2008 05:37 PM]
"Stsm"="C:\DOCUME~1\jeffrey\MYDOCU~1\FNTS~1\mshta.exe" [06/16/2008 06:59 PM]
"Ewtwdt"="C:\Program Files\Common Files\??stem\n?pdb.exe" []
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [06/10/2008 02:08 AM]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [06/09/2008 02:40 PM]
"QdrPack17"="C:\Program Files\QdrPack\QdrPack17.exe" [05/29/2008 05:31 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}"= C:\WINDOWS\system32\efcDTnnO.dll [06/15/2008 04:42 PM 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDTnnO]
efcDTnnO.dll 06/15/2008 04:42 PM 33792 C:\WINDOWS\system32\efcDTnnO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnMddCs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-17 15:24:39 ------------

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 06 July 2008 - 11:40 AM

Hello pacoo,

I apologise for the delay, the forum is too busy.

If you still need help post back a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 11 July 2008 - 12:59 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users