Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Lost Al Desktop Control


  • Please log in to reply
1 reply to this topic

#1 pleasehelp413

pleasehelp413

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 18 June 2008 - 12:26 AM

when i got home today i found my computer filled with pop ups saying you have a virus, then my computer restarted on me and now when i log on my desktop turns white and tells me click here to activate my desktop. In the bottom corner i have a little message by the timer saying "You have a virus". I tried booting into safe mode and i have no admin on my account i usually do, but i think the virus made it's own admin account since there is one in the safe mode log in menu. But when i start in safe mode every 15 seconds a message pops up asking if i want to use safe mode or pick a restore date. Please help here is my hjt file

Deckard's System Scanner v20071014.68
Run by AARON on 2008-06-18 01:14:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2008-06-18 05:14:17 UTC - RP849 - Deckard's System Scanner Restore Point
90: 2008-06-18 04:44:34 UTC - RP848 - Last known good configuration
89: 2008-06-18 04:44:21 UTC - RP847 - Restore Operation
88: 2008-06-18 04:44:20 UTC - RP846 - Last known good configuration
87: 2008-06-18 04:44:19 UTC - RP845 - Last known good configuration


-- First Restore Point --
1: 2008-06-18 04:43:51 UTC - RP759 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as AARON.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15: VIRUS ALERT!, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RTDCPL.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AARON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AARON.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CC5EC028-CF80-4333-A705-E02C2191D8C5} - C:\WINDOWS\system32\qoMccYPH.dll
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\geBsTjge.dll
O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149456555500
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: fccawvu - fccawvu.dll (file missing)
O20 - Winlogon Notify: geBsTjge - C:\WINDOWS\SYSTEM32\geBsTjge.dll
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MySQL - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9249 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080617-215800-532 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080617-221847-818 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20080617-223438-566 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080617-223438-814 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmmbd (Trend Micro MBD Driver) - c:\windows\system32\drivers\tm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 cmudaxp (Razer Barracuda AC-1 Gaming Interface) - c:\windows\system32\drivers\cmudaxp.sys <Not Verified; Razer; Razer Audio Driver (WDM)>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 npkcrypt - c:\program files\lineage\npkcrypt.sys (file missing)
S3 npkcusb - c:\program files\lineage\npkcusb.sys (file missing)
S3 OmniUsb (Ideazon USB Zboard Driver) - c:\windows\system32\drivers\omniusb.sys <Not Verified; Ideazon; IdeazonŽ KeyboardŽ System>
S3 OmniUsbl (Ideazon USBl Zboard Driver) - c:\windows\system32\drivers\omniusbl.sys <Not Verified; Ideazon; IdeazonŽ KeyboardŽ System>
S3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 uisp (Freescale USB JW32 driver) - c:\windows\system32\drivers\usbicp.sys <Not Verified; Motorola; >
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~2\pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~2\tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~2\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~2\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:\progra~1\trendm~1\intern~2\pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>

S2 Apache - "c:\progra~1\easyph~1\apache\apache.exe" --ntservice
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 MySQL - c:\progra~1\easyph~1\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\easyph~1\mysql\my.ini mysql
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 16:12:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 00:47:14 0 d-------- C:\Documents and Settings\BILL\Application Data\Malwarebytes
2008-06-18 00:09:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-18 00:05:36 1956 --ahs---- C:\WINDOWS\system32\HPYccMoq.ini2
2008-06-17 23:47:26 8568832 --a------ C:\Documents and Settings\AARON\ntuser.dat
2008-06-17 23:47:24 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-17 23:21:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-17 23:15:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-17 23:06:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-17 22:56:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-17 22:56:45 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-17 22:56:45 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-17 22:56:44 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-17 22:56:44 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-17 22:56:44 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-17 22:49:22 0 d-------- C:\Documents and Settings\AARON\Application Data\Malwarebytes
2008-06-17 22:49:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 22:49:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 18:13:17 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-06-17 18:13:17 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-06-17 18:13:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-17 18:13:17 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-17 18:13:17 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-06-17 18:13:17 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-06-17 18:13:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-17 18:13:17 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-06-17 18:13:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-06-17 18:13:17 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-06-17 18:13:17 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-17 18:13:17 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-17 18:13:17 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-06-17 18:13:17 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-17 18:00:40 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-06-17 17:56:58 0 d-------- C:\Documents and Settings\BILL\Application Data\TmpRecentIcons
2008-06-17 17:40:14 0 d-------- C:\Program Files\BurstWriting
2008-06-17 15:31:01 322944 --a------ C:\WINDOWS\system32\qoMccYPH.dll
2008-06-17 15:26:00 0 d-------- C:\Documents and Settings\AARON\Application Data\TmpRecentIcons
2008-06-17 13:46:25 28800 --a------ C:\WINDOWS\system32\geBsTjge.dll
2008-06-17 13:06:20 0 dr-h----- C:\Documents and Settings\AARON\Recent


-- Find3M Report ---------------------------------------------------------------

2008-06-18 00:41:55 0 d-------- C:\Documents and Settings\AARON\Application Data\DNA
2008-06-17 23:48:14 0 d-------- C:\Program Files\Steam
2008-06-17 22:57:15 3548 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-17 21:42:10 0 d-------- C:\Program Files\Trend Micro
2008-06-17 13:46:25 0 d-------- C:\Program Files\LimeWire
2008-06-17 02:18:52 0 d-------- C:\Program Files\Warcraft III
2008-06-14 12:01:34 0 d-------- C:\Program Files\mIRC
2008-06-06 17:31:17 16720 --a------ C:\Documents and Settings\AARON\Application Data\wklnhst.dat
2008-05-16 19:41:53 0 d-------- C:\Program Files\World of Warcraft
2008-05-14 07:05:12 0 d-------- C:\Program Files\Funcom
2008-05-08 17:16:42 0 d-------- C:\Program Files\Project64 1.6
2008-04-18 00:47:56 0 d-------- C:\Program Files\Lx_cats
2008-03-30 02:49:33 73976 --a------ C:\Documents and Settings\AARON\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC5EC028-CF80-4333-A705-E02C2191D8C5}]
06/17/2008 15:31: VIRUS ALERT! 322944 --a------ C:\WINDOWS\system32\qoMccYPH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6258CA6-2028-4CDD-B496-CACC18721A60}]
06/17/2008 13:46: VIRUS ALERT! 28800 --a------ C:\WINDOWS\system32\geBsTjge.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTDCPL"="RTDCPL.EXE" [07/08/2005 13:16: VIRUS ALERT! C:\WINDOWS\system32\RTDCPL.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 16:50: VIRUS ALERT!]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 16:50: VIRUS ALERT!]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12: VIRUS ALERT!]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [11/02/2004 15:03: VIRUS ALERT!]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [01/18/2005 09:35: VIRUS ALERT!]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20: VIRUS ALERT!]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [08/25/2006 07:25: VIRUS ALERT!]
"CTHelper"="CTHELPER.EXE" [04/09/2007 12:32: VIRUS ALERT! C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [04/09/2007 12:32: VIRUS ALERT! C:\WINDOWS\system32\Ctxfihlp.exe]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [11/25/2005 10:53: VIRUS ALERT!]
"nwiz"="nwiz.exe" [01/09/2008 01:53: VIRUS ALERT! C:\WINDOWS\system32\nwiz.exe]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [04/08/2007 09:22: VIRUS ALERT!]
"Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [09/12/2007 12:52: VIRUS ALERT!]
"Lycosa"="C:\Program Files\Razer\Lycosa\razerhid.exe" [10/12/2007 15:43: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 13:10: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51: VIRUS ALERT!]
"Cmaudio8788"="cmicnfgp.cpl" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/09/2008 02:53: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [08/24/2005 18:25: VIRUS ALERT!]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [08/18/2006 14:06: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00: VIRUS ALERT!]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24: VIRUS ALERT!]
"Steam"="c:\program files\steam\steam.exe" [03/27/2008 21:50: VIRUS ALERT!]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [05/09/2007 20:23: VIRUS ALERT!]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 20:25: VIRUS ALERT!]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [06/29/2007 16:03: VIRUS ALERT!]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 17:17: VIRUS ALERT!]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07/29/2006 20:34: VIRUS ALERT!]
"C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43: VIRUS ALERT!]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 13:55: VIRUS ALERT! 77824]
"{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:\WINDOWS\system32\geBsTjge.dll [06/17/2008 13:46: VIRUS ALERT! 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/01/2007 17:11: VIRUS ALERT! 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawvu]
fccawvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsTjge]
geBsTjge.dll 06/17/2008 13:46: VIRUS ALERT! 28800 C:\WINDOWS\system32\geBsTjge.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 6200 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8722 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-18 01:19:44 ------------

Edited by pleasehelp413, 18 June 2008 - 10:53 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2008 - 06:33 AM

Hi and Welcome to the forums.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users