Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked


  • This topic is locked This topic is locked
7 replies to this topic

#1 rjrevers

rjrevers

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 27 June 2008 - 10:18 PM

last night i keept getting redirected whenever i would go to a websute taking me to different adware pop ups for spyware programs and some site for fling.com. there was a program called advanced registry optimizer that i never downloaded that i deleted. i then ran a scan with bitdefender and the following things showed up... after the first scan they appeared again and after the second they were gone.

Dropped adware BHO.WRF detected
Dropped adware BHO.WRF detected
trojan.fakealert.ppdetected
trojan.html.zlob detected
trojan.html.zlob detected
win32.freetrip.c@mm detected

also downloaded and ran spybot which found a few more.

the popups seemed to have stopped so far had one or two ocasionally and the spyware program that kept popping up in my taskbar called winspyprotect seemed to go away

when i log in to windows u get an error message saying that this file could not load: iiffGXoP.dll.


i downloaded hijack this and here is the logfile. am i still infected?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:47 PM, on 6/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitDefender\BitDefender 2008\history.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\rob\AppData\Local\Temp\iiffGXoP.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7478 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:13 PM

Posted 09 July 2008 - 09:55 PM

Hello rjrevers,

Sorry for the delay. We have many logs backed up.


Please disable Windows Defender before running Malwarebytes' Anti-Malware, as it will prevent registry changes.

To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll




We need to create a Deckard's System Scanner (DSS) Log.
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.
Primary Mirror
Secondary Mirror

DSS will do the following:
1. Create a new System Restore point in Windows XP and Vista.
2. Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
3. Check some important areas of your system and produce a report for an analyst to review.
4. Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.

Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.

1. Close all applications and windows.
2. Double-click on dss.exe to run it and follow the prompts.

3. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
4. When the scan is complete, two text files will open in Notepad:
main.txt <-- Will be maximized
extra.txt <-- Will be minimized
5. If not, they both can be found in the C:\Deckard\System Scanner folder.
6. Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.

Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

In your next reply, I need to see the following reports:
DSS Main.txt
DSS Extra.txt

Edited by SifuMike, 09 July 2008 - 09:59 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 rjrevers

rjrevers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 10 July 2008 - 10:15 PM

I already downloaded and ran the malware antibytes after reading the tips on this site and here is the log from it. I will do the dss log now and posty the results

Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 6.0.6000

9:10:18 PM 7/1/2008
mbam-log-7-1-2008 (21-10-18).txt

Scan type: Quick Scan
Objects scanned: 37383
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b6cea820-02ef-4b54-854a-6287d23cb2ac} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c35880-9726-410d-8304-a132ccb58f32} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{065087e0-953f-43a7-90c8-caab09567047} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\rob\AppData\Local\Temp\ddcYRjhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\fvinvcny.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\hcbinbgc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\iifgFUlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\jcbxpfto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\mlJBRHwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\qoMggfgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp00005cee (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp00005e74 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp00006048 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp000062a8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp00006640 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp0000780c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp00008e88 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp0000e60a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp00022220 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tmp003482e6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\tohgyctf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\vtUlKCrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\yaYpNHXr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\yayxyawU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\Local Settings\Temporary Internet Files\Content.IE5\IMS9EAUC\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\rob\Local Settings\Temporary Internet Files\Content.IE5\IOE9CHE9\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080625113417699.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080626180607133.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\rob\AppData\Local\Temp\media.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 rjrevers

rjrevers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 10 July 2008 - 10:26 PM

here are the dss logs

Deckard's System Scanner v20071014.68
Run by rob on 2008-07-10 22:17:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2008-07-10 08:00:55 UTC - RP183 - Windows Update
9: 2008-07-10 05:00:00 UTC - RP182 - Scheduled Checkpoint
8: 2008-07-09 05:00:00 UTC - RP181 - Scheduled Checkpoint
7: 2008-07-08 12:51:49 UTC - RP180 - Scheduled Checkpoint
6: 2008-07-07 05:00:00 UTC - RP179 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-07-05 11:43:22 UTC - RP174 - Windows Vista Service Pack 1


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as rob.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:56 PM, on 7/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\rob\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rob.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2178618052-737436260-3868941118-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Maureen')
O4 - HKUS\S-1-5-21-2178618052-737436260-3868941118-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Guest')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7420 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 BDSelfPr - \??\c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 00:56:22 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{44E454CB-3B2C-4FE7-A8F8-3382BBFC2DEA}.job


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 18:33:42 32 -ra------ C:\Users\All Users\hash.dat
2008-07-10 18:20:01 0 dr------- C:\Users\Guest\Searches
2008-07-10 18:19:51 0 dr------- C:\Users\Guest\Contacts
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Videos
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Templates
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Start Menu
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\SendTo
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Saved Games
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Recent
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\PrintHood
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Pictures
2008-07-10 18:19:46 786432 --ahs---- C:\Users\Guest\NTUSER.DAT
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\NetHood
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\My Documents
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Music
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Local Settings
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Links
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Favorites
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Downloads
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Documents
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Desktop
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Cookies
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Application Data
2008-07-10 18:19:46 0 d--h----- C:\Users\Guest\AppData
2008-07-08 07:10:39 81984 --a------ C:\Windows\system32\bdod.bin
2008-07-05 22:09:41 0 d-------- C:\Users\All Users\NVIDIA
2008-07-05 06:41:42 0 d-------- C:\e01b9b515abfaeb5ff
2008-07-01 22:19:37 0 d-------- C:\Users\All Users\allTunes
2008-07-01 21:03:15 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-01 21:03:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 00:18:37 0 d-------- C:\Program Files\AML Products
2008-06-27 21:53:23 0 d-------- C:\Program Files\Trend Micro
2008-06-26 23:38:13 0 dr------- C:\Users\Maureen\Searches
2008-06-26 23:38:04 0 dr------- C:\Users\Maureen\Contacts
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Templates
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Start Menu
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\SendTo
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Recent
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\PrintHood
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\NetHood
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\My Documents
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Local Settings
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Cookies
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Application Data
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Videos
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Saved Games
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Pictures
2008-06-26 23:37:54 786432 --ahs---- C:\Users\Maureen\ntuser.dat
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Music
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Links
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Favorites
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Downloads
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Documents
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Desktop
2008-06-26 23:37:54 0 d--h----- C:\Users\Maureen\AppData
2008-06-26 22:21:31 0 d-------- C:\Windows\BDOSCAN8
2008-06-17 00:05:43 0 d-------- C:\PerfLogs
2008-06-16 22:47:00 0 d-------- C:\Windows\pss


-- Find3M Report ---------------------------------------------------------------

2008-07-10 03:12:03 0 d-------- C:\Program Files\Windows Mail
2008-07-05 22:47:35 174 --ahs---- C:\Program Files\desktop.ini
2008-07-05 22:41:47 0 d-------- C:\Program Files\Windows Sidebar
2008-07-05 22:41:47 0 d-------- C:\Program Files\Windows Calendar
2008-07-05 22:41:47 0 d-------- C:\Program Files\Movie Maker
2008-07-05 22:41:46 0 d-------- C:\Program Files\Windows Photo Gallery
2008-07-05 22:41:46 0 d-------- C:\Program Files\Windows Journal
2008-07-05 22:41:46 0 d-------- C:\Program Files\Windows Collaboration
2008-07-05 22:41:45 0 d-------- C:\Program Files\Windows Defender
2008-07-01 22:19:40 0 d-------- C:\Users\rob\AppData\Roaming\allTunes
2008-07-01 21:03:17 0 d-------- C:\Users\rob\AppData\Roaming\Malwarebytes
2008-06-26 23:25:28 0 d-------- C:\Users\rob\AppData\Roaming\Sammsoft
2008-06-26 21:41:49 0 d-------- C:\Program Files\Common Files
2008-06-11 14:02:56 0 d-------- C:\Users\rob\AppData\Roaming\Apple Computer
2008-06-08 23:50:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-08 23:46:45 0 -rahs---- C:\MSDOS.SYS
2008-06-08 23:46:45 0 -rahs---- C:\IO.SYS
2008-05-29 03:07:44 0 d-------- C:\Program Files\Google
2008-05-20 22:13:07 0 d-------- C:\Users\rob\AppData\Roaming\Roxio
2008-05-01 23:35:33 50 --a------ C:\Windows\system32\BRIDF04A.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [01/17/2008 07:22 AM C:\Windows\RtHDVCpl.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"@"="" []
"dscactivate"="c:\dell\dsca.exe" [07/30/2007 02:40 PM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 04:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [07/05/2008 11:15 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/08/2007 02:00 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [07/19/2006 02:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/03/2008 12:16 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/03/2008 12:16 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 01:09 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 02:33 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/31/2008 9:24:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-10 22:21:43 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1981.76 MiB / 1105.79 MiB
Pagefile Memory (total/avail): 4204.06 MiB / 3214.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.09 MiB

C: is Fixed (NTFS) - 288.04 GiB total, 250.81 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.01 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD321KJ SCSI Disk Device - 298.09 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 288.04 GiB - C:

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Bitdefender Antivirus v8.0 (BitDefender)
AS: BitDefender Antispyware v8.0 (BitDefender)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\rob\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROB-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\rob
LOCALAPPDATA=C:\Users\rob\AppData\Local
LOGONSERVER=\\ROB-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\rob\AppData\Local\Temp
TMP=C:\Users\rob\AppData\Local\Temp
USERDOMAIN=rob-PC
USERNAME=rob
USERPROFILE=C:\Users\rob
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

rob
Maureen
Guest (new local, guest, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
allTunes 0.9.31.158 --> "C:\Program Files\allTunes\unins000.exe"
BitDefender Antivirus 2008 --> MsiExec.exe /I{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}
Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Music, Photos & Videos Launcher --> MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\Windows\system32\nvunrm.exe UninstallGUI
NVIDIANetworkDiagnostic --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5133 / Success
Event Submitted/Written: 07/10/2008 03:13:52 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5131 / Success
Event Submitted/Written: 07/10/2008 03:13:52 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type5129 / Success
Event Submitted/Written: 07/10/2008 03:13:43 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type5081 / Warning
Event Submitted/Written: 07/08/2008 07:13:55 AM
Event ID/Source: 0 / AtBroker
Event Description:
GetSessionValue Failed to Open session value return error 2

Event Record #/Type5080 / Warning
Event Submitted/Written: 07/08/2008 07:13:55 AM
Event ID/Source: 0 / AtBroker
Event Description:
GetSessionValue Failed to Open session value return error 2



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42409 / Error
Event Submitted/Written: 07/10/2008 10:19:00 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
BrSplService0

Event Record #/Type42402 / Warning
Event Submitted/Written: 07/10/2008 09:49:02 PM
Event ID/Source: 4 / Microsoft-Windows-FilterManager
Event Description:
0xc0000013608bdfsfltr2007-12-31T03:12:12.000Z14\Device\CdRom0

Event Record #/Type42401 / Warning
Event Submitted/Written: 07/10/2008 09:47:11 PM
Event ID/Source: 4 / Microsoft-Windows-FilterManager
Event Description:
0xc0000013608bdfsfltr2007-12-31T03:12:12.000Z14\Device\CdRom0

Event Record #/Type42381 / Warning
Event Submitted/Written: 07/10/2008 05:45:51 PM
Event ID/Source: 4 / Microsoft-Windows-FilterManager
Event Description:
0xc0000013608bdfsfltr2007-12-31T03:12:12.000Z14\Device\CdRom0

Event Record #/Type42338 / Warning
Event Submitted/Written: 07/10/2008 03:16:45 AM
Event ID/Source: 4 / Microsoft-Windows-FilterManager
Event Description:
0xc0000013608bdfsfltr2007-12-31T03:12:12.000Z14\Device\CdRom0



-- End of Deckard's System Scanner: finished at 2008-07-10 22:21:43 ------------


thank you for your help with this is there anything else I need to do?

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:13 PM

Posted 10 July 2008 - 10:58 PM

Hi rjrevers,

Your log looks good. :thumbsup: How is your computer running?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u7-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

Edited by SifuMike, 10 July 2008 - 11:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 rjrevers

rjrevers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 11 July 2008 - 12:04 AM

had a bit of a scare with the java download i downloaded the file to desktop, deleted the previous version and rebooted. when i rebooted my cpu was very slow to start up. the java file would not open. I tried to open internet explorer and it wouldnt open even after 5 mins, so i tried sytem restore and after about 5 mins it said it timed out, nothing would open. finall ie opened and i went to the java site to download. activex would not open to download but a uac popped up saying installer needs to install update. i clicked ok and then java downloaded. i neeed to know if i have the new versin now or not. here is my log

Deckard's System Scanner v20071014.68
Run by rob on 2008-07-11 00:00:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as rob.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:18 AM, on 7/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\rob\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rob.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7621 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-10 23:50:05 0 d-------- C:\Program Files\Java
2008-07-10 23:48:21 0 d-------- C:\Program Files\Common Files\Java
2008-07-10 23:34:32 0 d-------- C:\Users\All Users\WindowsSearch
2008-07-10 18:33:42 32 -ra------ C:\Users\All Users\hash.dat
2008-07-10 18:20:01 0 dr------- C:\Users\Guest\Searches
2008-07-10 18:19:51 0 dr------- C:\Users\Guest\Contacts
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Videos
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Templates
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Start Menu
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\SendTo
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Saved Games
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Recent
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\PrintHood
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Pictures
2008-07-10 18:19:46 786432 --ahs---- C:\Users\Guest\NTUSER.DAT
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\NetHood
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\My Documents
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Music
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Local Settings
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Links
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Favorites
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Downloads
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Documents
2008-07-10 18:19:46 0 dr------- C:\Users\Guest\Desktop
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Cookies
2008-07-10 18:19:46 0 d--hs---- C:\Users\Guest\Application Data
2008-07-10 18:19:46 0 d--h----- C:\Users\Guest\AppData
2008-07-08 07:10:39 81984 --a------ C:\Windows\system32\bdod.bin
2008-07-05 22:09:41 0 d-------- C:\Users\All Users\NVIDIA
2008-07-05 06:41:42 0 d-------- C:\e01b9b515abfaeb5ff
2008-07-01 22:19:37 0 d-------- C:\Users\All Users\allTunes
2008-07-01 21:03:15 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-01 21:03:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 00:18:37 0 d-------- C:\Program Files\AML Products
2008-06-27 21:53:23 0 d-------- C:\Program Files\Trend Micro
2008-06-26 23:38:13 0 dr------- C:\Users\Maureen\Searches
2008-06-26 23:38:04 0 dr------- C:\Users\Maureen\Contacts
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Templates
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Start Menu
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\SendTo
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Recent
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\PrintHood
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\NetHood
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\My Documents
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Local Settings
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Cookies
2008-06-26 23:37:55 0 d--hs---- C:\Users\Maureen\Application Data
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Videos
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Saved Games
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Pictures
2008-06-26 23:37:54 786432 --ahs---- C:\Users\Maureen\ntuser.dat
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Music
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Links
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Favorites
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Downloads
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Documents
2008-06-26 23:37:54 0 dr------- C:\Users\Maureen\Desktop
2008-06-26 23:37:54 0 d--h----- C:\Users\Maureen\AppData
2008-06-26 22:21:31 0 d-------- C:\Windows\BDOSCAN8
2008-06-17 00:05:43 0 d-------- C:\PerfLogs
2008-06-16 22:47:00 0 d-------- C:\Windows\pss


-- Find3M Report ---------------------------------------------------------------

2008-07-10 23:48:21 0 d-------- C:\Program Files\Common Files
2008-07-10 03:12:03 0 d-------- C:\Program Files\Windows Mail
2008-07-05 22:47:35 174 --ahs---- C:\Program Files\desktop.ini
2008-07-05 22:41:47 0 d-------- C:\Program Files\Windows Sidebar
2008-07-05 22:41:47 0 d-------- C:\Program Files\Windows Calendar
2008-07-05 22:41:47 0 d-------- C:\Program Files\Movie Maker
2008-07-05 22:41:46 0 d-------- C:\Program Files\Windows Photo Gallery
2008-07-05 22:41:46 0 d-------- C:\Program Files\Windows Journal
2008-07-05 22:41:46 0 d-------- C:\Program Files\Windows Collaboration
2008-07-05 22:41:45 0 d-------- C:\Program Files\Windows Defender
2008-07-01 22:19:40 0 d-------- C:\Users\rob\AppData\Roaming\allTunes
2008-07-01 21:03:17 0 d-------- C:\Users\rob\AppData\Roaming\Malwarebytes
2008-06-26 23:25:28 0 d-------- C:\Users\rob\AppData\Roaming\Sammsoft
2008-06-11 14:02:56 0 d-------- C:\Users\rob\AppData\Roaming\Apple Computer
2008-06-08 23:50:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-08 23:46:45 0 -rahs---- C:\MSDOS.SYS
2008-06-08 23:46:45 0 -rahs---- C:\IO.SYS
2008-05-29 03:07:44 0 d-------- C:\Program Files\Google
2008-05-20 22:13:07 0 d-------- C:\Users\rob\AppData\Roaming\Roxio
2008-05-01 23:35:33 50 --a------ C:\Windows\system32\BRIDF04A.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [01/17/2008 07:22 AM C:\Windows\RtHDVCpl.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"@"="" []
"dscactivate"="c:\dell\dsca.exe" [07/30/2007 02:40 PM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 04:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [07/05/2008 11:15 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/08/2007 02:00 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [07/19/2006 02:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/03/2008 12:16 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/03/2008 12:16 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 01:09 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 02:33 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/31/2008 9:24:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-11 00:02:06 ------------

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:13 PM

Posted 11 July 2008 - 09:59 AM

Hi rjrevers,

Yes, you have the new version of Java.

I think you are good to go. :thumbsup:

Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:13 PM

Posted 17 July 2008 - 06:06 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users