Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Flashy Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wielder

Wielder

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 03 July 2008 - 11:42 AM

Hey guys! My laptop (OS: Windows Vista) got infected by the flashy virus via my USB a day ago and for some reason AVG wasn't able to detect it. I've tried ComboFix, and while it did restore my Task Manager (which'd gotten disabled) and normalized the clock (which'd gone wonky), it didn't exactly remove the virus. I can't open my Documents without it crashing a few seconds later, and that friggin' flashy folder won't disappear from my USB no matter how many times I try to delete/reformat it. Help...? ;___;



Here's the DSS log:


Run by Owner on 2008-07-04 00 _linenums:19'>Deckard's System Scanner v20071014.68Run by Owner on 2008-07-04 00:19:43Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 2 Restore Point(s) --2: 2008-07-03 14:46:45 UTC - RP182 - Windows Defender Checkpoint1: 2008-07-03 14:31:47 UTC - RP180 - Last known good configurationBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 1012 MiB (1024 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:54 AM, on 7/4/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\Dwm.exeC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Rainlendar2\Rainlendar2.exeC:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Windows\system32\conime.exeC:\Program Files\Grisoft\AVG7\avgwb.datC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\Explorer.exeC:\Windows\System32\mobsync.exeC:\Users\Owner\Desktop\dss.exeC:\Users\Owner\Desktop\Owner.exeC:\Program Files\Combined Community Codec Pack\Zoom Player\zplayer.exeC:\Windows\system32\SearchFilterHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.daemon-search.com/startpage"]http://www.daemon-search.com/startpage[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: XTTBPos00 - {E014A78F-34DC-4BE5-83BB-58CA12E384B6} - C:\Windows\system32\agino32.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTMO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exeO23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe--End of file - 6703 bytes-- File Associations -----------------------------------------------------------.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.txt - txtfile - shell\open\command - Notepad.exe %1-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R2 ScFBPNT3 (CanoScan FBP3 Port Driver) - \??\c:\windows\system32\drivers\scfbpnt3.sys-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>S2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Files created between 2008-06-04 and 2008-07-04 -----------------------------2008-07-03 23:38:35    161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>2008-07-03 22:23:04     28800 --a------ C:\Windows\system32\wvuTMFuR.dll2008-07-03 22:08:10     26624 --a------ C:\Windows\system32\agino32.dll2008-07-03 22:08:06     26624 --a------ C:\Windows\system32\agintas.dll2008-07-03 22:08:03     26624 --a------ C:\Windows\system32\snop_bho.dll2008-07-03 22:06:20     26624 --a------ C:\Windows\system32\wdol_bho.dll2008-07-03 22:05:41     26624 --a------ C:\Windows\system32\wdolo32.dll2008-07-03 22:05:11     26624 --a------ C:\Windows\system32\snoptas.dll2008-07-03 21:32:43         0 d-------- C:\Program Files\Anti-Virus&Trojan2008-07-03 19:12:22         0 d-------- C:\Users\All Users\PrevxCSI2008-07-03 19:02:37     68096 --a------ C:\Windows\zip.exe2008-07-03 19:02:37     49152 --a------ C:\Windows\VFind.exe2008-07-03 19:02:37    136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>2008-07-03 19:02:37     98816 --a------ C:\Windows\sed.exe2008-07-03 19:02:37     80412 --a------ C:\Windows\grep.exe2008-07-03 19:02:37     89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-07-03 19:02:20    212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>2008-07-01 00:31:14         0 d-------- C:\Users\All Users\Corel2008-07-01 00:31:07         0 d-------- C:\Program Files\Corel2008-06-29 11:45:46        56 --ah----- C:\Windows\system32\ezsidmv.dat2008-06-29 11:37:12         0 d-------- C:\Program Files\Skype2008-06-29 11:37:11         0 d-------- C:\Program Files\Common Files\Skype2008-06-29 11:36:57         0 d-------- C:\Users\All Users\Skype2008-06-27 13:23:38         0 d-------- C:\Program Files\IrfanView2008-06-23 20:09:39         0 d-------- C:\Windows\system32\WTablet2008-06-23 20:09:34         0 d-------- C:\Program Files\Tablet2008-06-22 23:24:56 244421782 --a------ C:\d2008-06-19 23:27:15         0 d-------- C:\Program Files\Audacity2008-06-17 15:52:23         0 d-------- C:\Program Files\MegauploadToolbar2008-06-06 00:31:21         0 d-------- C:\PerfLogs-- Find3M Report ---------------------------------------------------------------2008-07-04 00:00:08         0 d-------- C:\Users\Owner\AppData\Roaming\AVG72008-07-03 23:20:59         0 d-------- C:\Users\Owner\AppData\Roaming\WTablet2008-07-03 23:01:14         0 d-------- C:\Users\Owner\AppData\Roaming\uTorrent2008-07-02 01:31:52         0 d-------- C:\Users\Owner\AppData\Roaming\Skype2008-07-02 00:02:42         0 d-------- C:\Users\Owner\AppData\Roaming\skypePM2008-07-01 00:55:44         0 d-------- C:\Users\Owner\AppData\Roaming\Corel2008-06-30 08:02:07    135750 --a------ C:\Windows\HPHins18.dat2008-06-29 11:37:11         0 d-------- C:\Program Files\Common Files2008-06-27 10:04:07         0 d-------- C:\Users\Owner\AppData\Roaming\CyberLink2008-06-22 21:12:04         0 d-------- C:\Program Files\EA GAMES2008-06-21 23:28:51         0 d-------- C:\Users\Owner\AppData\Roaming\Mozilla2008-06-21 22:34:21         0 d-------- C:\Users\Owner\AppData\Roaming\dvdcss2008-06-20 22:53:04         0 d-------- C:\Users\Owner\AppData\Roaming\LimeWire2008-06-19 15:35:57         0 d-------- C:\Users\Owner\AppData\Roaming\Adobe2008-06-17 15:52:23         0 d-------- C:\Users\Owner\AppData\Roaming\MegauploadToolbar2008-06-11 18:52:15         0 d-------- C:\Program Files\Windows Mail2008-06-06 00:47:13       174 --ahs---- C:\Program Files\desktop.ini2008-06-06 00:36:50         0 d-------- C:\Program Files\Windows Calendar2008-06-06 00:36:48         0 d-------- C:\Program Files\Windows Sidebar2008-06-06 00:36:48         0 d-------- C:\Program Files\Movie Maker2008-06-06 00:36:45         0 d-------- C:\Program Files\Windows Collaboration2008-06-06 00:36:44         0 d-------- C:\Program Files\Windows Photo Gallery2008-06-06 00:36:34         0 d-------- C:\Program Files\Windows Defender2008-06-03 18:55:12         0 d-------- C:\Users\Owner\AppData\Roaming\HP2008-05-31 15:21:48         0 d-------- C:\Program Files\Canon2008-05-31 15:20:31         0 -rahs---- C:\MSDOS.SYS2008-05-31 15:20:31         0 -rahs---- C:\IO.SYS2008-05-18 20:07:59         0 d-------- C:\Program Files\Combined Community Codec Pack2008-05-07 11:21:19         0 d-------- C:\Program Files\MagicISO-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]03/03/2007 07:52 AM	177768	-ra------	C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E014A78F-34DC-4BE5-83BB-58CA12E384B6}]07/03/2008 10:08 PM	26624	--a------	C:\Windows\system32\agino32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2007 11:16 PM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 07:25 PM]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 11:07 AM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 02:16 PM]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/12/2007 12:34 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/28/2007 11:03 AM]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/18/2008 12:51 AM]"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [12/30/2007 06:23 PM]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk - C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe [6/4/2005 5:33:44 AM]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/12/2007 12:26:24 PM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"=2 (0x2)"EnableLUA"=0 (0x0)"EnableUIADesktopToggle"=0 (0x0)"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= C:\Windows\system32\wvuTMFuR.dll [07/03/2008 10:23 PM 28800][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 01/12/2008 07:36 AM 9216 C:\Windows\System32\avgwlntf.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]@="IEEE 1394 Bus host controllers"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]@="SBP2 IEEE 1394 Devices"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]@="SecurityDevices"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=C:\Windows\pss\Microsoft Office.lnk.CommonStartupbackupExtension=.CommonStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnkbackup=C:\Windows\pss\Symantec Fax Starter Edition Port.lnk.CommonStartupbackupExtension=.CommonStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvcLocalSystemNetworkRestricted	hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnumLocalServiceNoNetwork	PLA DPS BFE mpssvchpdevmgmt	hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0697010e-c6d6-11dc-95f1-001636b75b2c}]AutoRun\command- JDSecure\Windows\JDSecure20.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0950c53e-d051-11dc-92d6-001636b75b2c}]AutoRun\command- E:\Autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d3364-e630-11dc-a5c6-001636b75b2c}]AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorar.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9cf297a-44c5-11dd-a5a4-001636b75b2c}]Auto\command- noteped.exeAutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL noteped.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]C:\Windows\system32\unregmp2.exe /ShowWMP[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI-- End of Deckard's System Scanner: finished at 2008-07-04 00:28:00 ------------

(hope I'm doing this right)

BC AdBot (Login to Remove)

 


#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 23 July 2008 - 01:06 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please scan again with HijackThis and post a fresh log.

Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Post the fresh HijackThis log and the uninstall list in the body of your next reply.

Important:Please post the contents of your logs in-line with the rest of your reply, rather than in a "code box". Thank you! :thumbsup:
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 31 July 2008 - 06:35 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users