Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Osmim.dll And Ossproxy.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 1newguy

1newguy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 23 June 2008 - 01:28 PM

my avest antivirus picked these up, when I delete them they always return, this is my first experience with getting a virus, so I hope I posted log corectly,
I dont know what this vrus is acctually ding, other than making my computer slightly slower- any help would be appriciated
thanx.
I have noticed my antivirus comes up sevral times an hr.- the number keeps changing ex.- `os10.tmp, 11.tp etc


C:\WINDOWS\TEMP\~os10.tmp\osmim.dll
C:\WINDOWS\TEMP\~os10.tmp\ossproxy.exe






Deckard's System Scanner v20071014.68
Run by erik on 2008-06-23 11:15:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2008-06-23 18:15:43 UTC - RP164 - Deckard's System Scanner Restore Point
46: 2008-06-23 15:57:00 UTC - RP163 - Made by Registry Mechanic
45: 2008-06-23 15:40:05 UTC - RP162 - Made by Registry Mechanic
44: 2008-06-23 06:58:26 UTC - RP161 - Restore Operation
43: 2008-06-23 06:08:53 UTC - RP160 - ComboFix created restore point


-- First Restore Point --
1: 2008-05-19 15:09:30 UTC - RP118 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as erik.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16, on 2008-06-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system32\pmropn.exe
C:\Documents and Settings\erik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\erik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {609204F4-EF7D-4B36-BD20-C6E4885014EC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://66.163.131.195/activex/AMC.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O20 - Winlogon Notify: qoMGXoli - qoMGXoli.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9367 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 STYLEXPHELPER - c:\program files\tgtsoft\stylexp\stylexphelper.exe (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 PPDrv (Protector Plus Driver (UnRegistered)) - c:\protector plus\ppdrv.sys (file missing)
S3 PPEMSCAN (Protector Plus Email Scan Driver) - c:\protector plus\ppemscan.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&13826118&0&30A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&13826118&0&30A4
Service: RTL8023xp


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 10:30:18 118784 --a------ C:\WINDOWS\system32\pmai.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-06-23 10:29:15 5430 --a------ C:\WINDOWS\system32\pmoci.bin
2008-06-23 00:43:32 0 d-------- C:\Program Files\Trend Micro
2008-06-23 00:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-22 23:38:46 0 d-------- C:\RECYCLER(2)
2008-06-22 23:08:47 3915776 --a------ C:\Documents and Settings\erik\ntuser.dat
2008-06-22 23:08:20 68096 --a------ C:\WINDOWS\zip.exe
2008-06-22 23:08:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-22 23:08:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-22 23:08:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 23:08:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-22 23:08:20 98816 --a------ C:\WINDOWS\sed.exe
2008-06-22 23:08:20 80412 --a------ C:\WINDOWS\grep.exe
2008-06-22 23:08:20 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-22 12:04:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-22 12:04:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-22 12:04:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-22 12:04:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-22 12:04:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-22 12:04:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-22 12:04:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-22 12:04:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-22 11:46:18 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-22 11:46:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-22 11:46:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-22 11:46:17 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-22 11:46:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-22 11:46:15 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-06-22 10:13:42 0 d-------- C:\Documents and Settings\erik\Application Data\Malwarebytes
2008-06-22 10:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 10:13:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 22:05:24 0 d-------- C:\Program Files\absolutist.com
2008-06-21 20:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Absolutist
2008-06-21 20:12:00 0 d-------- C:\Documents and Settings\erik\Application Data\Google
2008-06-21 20:09:49 0 d-------- C:\Program Files\Google
2008-06-21 19:14:04 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-21 19:13:08 0 d-------- C:\Documents and Settings\erik\Application Data\Morpheus Software
2008-06-21 19:12:17 86016 --a------ C:\WINDOWS\system32\pmservice.exe <Not Verified; PremierOpinion; PremierOpinion>
2008-06-21 19:12:17 1605632 --a------ C:\WINDOWS\system32\pmropn.exe <Not Verified; PremierOpinion; PremierOpinion>
2008-06-21 19:12:17 352256 --a------ C:\WINDOWS\system32\pmls.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-06-21 19:11:50 0 d-------- C:\Program Files\Morpheus Photo Animation Suite
2008-06-13 12:10:37 0 d-------- C:\WINDOWS\Applian FLV Player
2008-06-13 12:10:37 0 d-------- C:\Program Files\FLV Player
2008-06-13 12:01:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-11 12:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-11 12:27:02 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-11 12:27:02 0 d-------- C:\Documents and Settings\erik\Application Data\Vso
2008-06-11 12:27:02 47360 --a------ C:\Documents and Settings\erik\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-11 12:26:50 0 d-------- C:\Program Files\DVDFab 5
2008-06-08 11:11:32 0 d-------- C:\Program Files\Axis Communications
2008-06-06 18:20:37 0 d-------- C:\Documents and Settings\erik\Application Data\Snapfish
2008-06-04 23:08:33 0 d-------- C:\Documents and Settings\erik\Application Data\Wal-Mart


-- Find3M Report ---------------------------------------------------------------

2008-06-22 11:28:08 0 d-------- C:\Documents and Settings\erik\Application Data\U3
2008-06-21 20:44:54 0 d-------- C:\Documents and Settings\erik\Application Data\LimeWire
2008-06-21 19:14:04 0 d-------- C:\Program Files\Common Files
2008-06-17 11:40:40 0 d-------- C:\Program Files\BPK1
2008-06-11 12:27:09 34 --a------ C:\Documents and Settings\erik\Application Data\pcouffin.log
2008-06-11 12:27:02 1144 --a------ C:\Documents and Settings\erik\Application Data\pcouffin.inf
2008-06-11 12:27:02 7887 --a------ C:\Documents and Settings\erik\Application Data\pcouffin.cat
2008-05-22 22:47:46 0 d-------- C:\Program Files\Java
2008-05-18 10:45:07 0 d-------- C:\Program Files\XL Delete
2008-05-16 15:19:44 1016 --a------ C:\WINDOWS\sremcon_startup.dat
2008-05-16 15:19:44 3038 --a------ C:\WINDOWS\sremcon_drivers.dat
2008-05-16 15:05:33 0 d-------- C:\Documents and Settings\erik\Application Data\Spy Emergency
2008-05-16 00:59:36 0 d-------- C:\Program Files\DVD Shrink
2008-05-15 10:22:02 0 d-------- C:\Program Files\InterActual
2008-05-11 23:00:42 0 d-------- C:\Documents and Settings\erik\Application Data\AdobeUM
2008-05-11 20:47:51 0 d-------- C:\Documents and Settings\erik\Application Data\acccore
2008-05-11 20:47:27 0 d-------- C:\Program Files\AIM6
2008-05-11 20:47:01 0 d-------- C:\Program Files\Viewpoint
2008-05-11 20:46:23 0 d-------- C:\Program Files\Common Files\AOL
2008-05-10 16:51:56 0 d-------- C:\Program Files\VDJ5
2008-05-10 12:09:26 0 d-------- C:\Program Files\plasq
2008-05-10 12:08:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 00:20:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 00:20:19 0 d-------- C:\Documents and Settings\erik\Application Data\Adobe
2008-05-08 00:54:19 0 d-------- C:\Program Files\Stardock
2008-05-08 00:54:19 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-06 13:00:26 0 d-------- C:\Documents and Settings\erik\Application Data\DVDCopy
2008-05-06 13:00:16 0 d-------- C:\Program Files\DVD EZ Copy
2008-05-06 10:47:19 0 d-------- C:\Program Files\NETGATE
2008-05-06 10:31:11 0 d-------- C:\Documents and Settings\erik\Application Data\UseNeXT
2008-05-04 12:46:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-28 23:29:42 0 d-------- C:\Documents and Settings\erik\Application Data\Juce VST Host
2008-04-28 12:47:10 0 d-------- C:\Program Files\Lavasoft
2008-04-27 23:04:58 0 d-------- C:\Documents and Settings\erik\Application Data\Thinstall
2008-04-25 12:46:32 0 d-------- C:\Documents and Settings\erik\Application Data\Sun
2008-04-25 11:27:46 0 d-------- C:\Program Files\OhmsLaw 2
2008-04-24 23:26:21 0 d-------- C:\Documents and Settings\erik\Application Data\gtk-2.0
2008-04-24 22:05:57 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-24 22:04:16 0 d-------- C:\Program Files\Hp
2008-04-24 12:39:18 0 d-------- C:\Program Files\GIMP-2.0
2008-04-24 00:25:40 0 d-------- C:\Program Files\dvd43
2008-04-23 11:31:11 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-23 11:14:13 0 d-------- C:\Documents and Settings\erik\Application Data\InterVideo
2008-04-22 01:33:54 50500 --a------ C:\WINDOWS\hpdins03.dat
2008-04-22 00:31:01 0 -rahs---- C:\MSDOS.SYS
2008-04-22 00:31:01 0 -rahs---- C:\IO.SYS
2008-04-22 00:31:01 0 --a------ C:\CONFIG.SYS
2008-04-22 00:26:41 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-21 17:17:42 62 --ahs---- C:\Documents and Settings\erik\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}]
2007-05-09 07:17 40960 --a------ C:\Program Files\BPK1\bpkwb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{609204F4-EF7D-4B36-BD20-C6E4885014EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-18 09:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 21:05]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-22 01:00]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 16:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 10:59]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 16:19]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-04-09 10:00]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 04:42]
"DeviceDiscovery"="C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"PremierOpinion"="c:\windows\system32\pmropn.exe" [2008-06-23 10:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"Aim6"="" []

C:\Documents and Settings\erik\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-05-08 00:54:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll 2007-10-13 10:33 352256 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMGXoli]
qoMGXoli.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqQiffD

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-23 11:17:05 ------------

BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:15 PM

Posted 17 July 2008 - 05:07 AM

Hello,

You might want to save this page on your favorites, so you can find it again when you return.

Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to.

If you have not resolved this issue and still need assistance, post a HJT log as your system may have changed since your original post.

Thanks for your patience. :thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:15 PM

Posted 22 July 2008 - 05:15 AM

Due to inactivity this thread has been closed to prevent others with similar problems posting to it.
If you need it re-opened please PM a member of the moderating team with a link to your thread.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users