Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virus - Winfixer? Vundo?


  • Please log in to reply
1 reply to this topic

#1 aedsb

aedsb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 12 July 2008 - 07:47 AM

I have been infected by a virus that Micro Trend says is deleted from my machine but it reinstalls itself. The virus seems to be "activated" by placing a CD in the drive that uses an autorun.exe file. This immediately causes Trend to stop the program and ask me to restart to remove the trojan virus. I have run Vundofix and it found nothing. I also ran DSS once and Hijack This was not installed and failed to install. I installed HJT and reran DSS. On the second run, I only received the main.txt log (no extra was created) which is what I have attached below.


HijackThis log is here:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-12 08:35:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:00 AM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Owner.gateway\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8583 bytes

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-11 21:28:56 0 d-------- C:\VundoFix Backups
2008-07-11 21:28:34 119808 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-07-11 21:09:13 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-07-11 13:38:38 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Snapfish
2008-07-05 15:55:22 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Logitech
2008-07-05 15:52:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-05 15:52:21 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\InstallShield
2008-07-03 14:20:10 0 d-------- C:\WINDOWS\PrimoPDF4
2008-07-03 07:49:33 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\CyberLink
2008-07-02 18:56:21 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\OpenOffice.org2
2008-07-02 18:44:18 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-02 18:42:48 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Sun
2008-06-30 12:50:56 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Apple Computer
2008-06-30 12:50:17 0 d-------- C:\Program Files\Bonjour
2008-06-29 20:47:37 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Serif
2008-06-28 18:54:58 0 d-------- C:\Program Files\Privacy and Registry Cleaner
2008-06-27 14:37:10 0 d-------- C:\WINDOWS\network diagnostic
2008-06-27 09:45:38 0 d-------- C:\Documents and Settings\Owner.gateway\Desktop
2008-06-27 09:17:15 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\gtk-2.0
2008-06-27 09:16:26 0 d-------- C:\Documents and Settings\Owner.gateway\.thumbnails
2008-06-27 08:39:18 0 d-------- C:\Program Files\Windows Resource Kits
2008-06-26 23:21:12 0 d-------- C:\Program Files\ACW
2008-06-26 12:54:00 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Leadertech
2008-06-25 21:49:37 0 d-------- C:\Documents and Settings\Owner.gateway\.gimp-2.4
2008-06-25 16:41:46 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Adobe
2008-06-25 13:39:37 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Template
2008-06-25 13:39:36 208 --a------ C:\Documents and Settings\Owner.gateway\Application Data\wklnhst.dat
2008-06-25 12:07:47 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Macromedia
2008-06-25 12:02:46 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Thunderbird
2008-06-25 06:14:26 0 d-------- C:\Program Files\MSXML 4.0
2008-06-25 06:04:50 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Mozilla
2008-06-25 06:03:02 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Google
2008-06-25 05:57:52 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\McAfee.com Personal Firewall
2008-06-25 05:42:15 0 dr------- C:\Documents and Settings\Owner.gateway\Favorites
2008-06-25 05:42:15 0 d--hs---- C:\Documents and Settings\Owner.gateway\Cookies
2008-06-25 05:42:15 0 dr-h----- C:\Documents and Settings\Owner.gateway\Application Data
2008-06-25 05:42:15 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\You've Got Pictures Screensaver
2008-06-25 05:42:15 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\SampleView
2008-06-25 05:42:15 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\Identities
2008-06-25 05:42:15 0 d-------- C:\Documents and Settings\Owner.gateway\Application Data\ATI
2008-06-25 05:42:14 0 d-------- C:\Documents and Settings\Owner.gateway\WINDOWS
2008-06-25 05:42:14 0 d--h----- C:\Documents and Settings\Owner.gateway\Templates
2008-06-25 05:42:14 0 dr------- C:\Documents and Settings\Owner.gateway\Start Menu
2008-06-25 05:42:14 0 dr-h----- C:\Documents and Settings\Owner.gateway\SendTo
2008-06-25 05:42:14 0 dr-h----- C:\Documents and Settings\Owner.gateway\Recent
2008-06-25 05:42:14 0 d--h----- C:\Documents and Settings\Owner.gateway\PrintHood
2008-06-25 05:42:14 2883584 --ah----- C:\Documents and Settings\Owner.gateway\NTUSER.DAT
2008-06-25 05:42:14 0 d--h----- C:\Documents and Settings\Owner.gateway\NetHood
2008-06-25 05:42:14 0 dr------- C:\Documents and Settings\Owner.gateway\My Documents
2008-06-25 05:42:14 0 d--h----- C:\Documents and Settings\Owner.gateway\Local Settings
2008-06-25 04:42:00 23552 --a------ C:\WINDOWS\system32\jesterss.dll
2008-06-25 04:42:00 1239209 --a------ C:\WINDOWS\system32\gtw_logo.scr
2008-06-25 04:38:06 1069056 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-06-25 04:38:06 413696 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-06-25 04:37:15 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-25 04:29:54 21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
2008-06-25 04:29:42 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-25 04:28:54 0 d-------- C:\Program Files\Microsoft Works
2008-06-25 04:27:52 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-25 04:27:41 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-06-25 04:27:41 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-25 04:26:52 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 04:26:02 4 --a------ C:\WINDOWS\Pix11.dat
2008-06-25 04:21:39 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-06-25 04:20:21 94208 --a------ C:\WINDOWS\system32\bae.dll <Not Verified; Gateway Inc.; Browser Address Error Redirector>
2008-06-25 04:16:32 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-06-25 04:13:16 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-25 04:08:38 2 -r-hs---- C:\USER
2008-06-25 04:08:38 0 --a------ C:\REQUEST_OEMRESET_ENDUSER
2008-06-25 03:39:02 0 d--h----- C:\My Backup -- 25-06-08 0039
2008-06-24 18:17:05 60 --a------ C:\MOVE_RECOVERY
2008-06-24 18:16:31 0 d--h----- C:\My Backup -- 24-06-08 1516
2008-06-20 08:49:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-19 16:41:59 0 d-------- C:\Program Files\QuickTime
2008-06-17 09:16:39 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-16 09:39:45 0 d-------- C:\Program Files\Borland
2008-06-15 07:47:07 0 d-------- C:\Documents and Settings\Owner.GatewayLaptop\Application Data\Leadertech
2008-06-15 07:45:10 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-15 07:44:58 0 d-------- C:\Program Files\Logitech
2008-06-15 07:44:31 0 d-------- C:\Documents and Settings\Owner.GatewayLaptop\Application Data\InstallShield
2008-06-15 07:44:13 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-14 07:29:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Kristanix Games
2008-06-14 07:19:47 0 d-------- C:\Program Files\Mahjong Epic


-- Find3M Report ---------------------------------------------------------------

2008-07-12 08:34:05 0 d-------- C:\Program Files\Trend Micro
2008-07-09 22:12:32 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-09 20:58:04 6031 --a------ C:\Documents and Settings\Owner.gateway\Application Data\PrimoPDFSet.xml
2008-07-03 14:21:46 310 --a------ C:\Documents and Settings\Owner.gateway\Application Data\APUSet.xml
2008-07-03 14:20:13 0 d-------- C:\Program Files\activePDF
2008-07-03 07:40:30 0 d-------- C:\Program Files\Movie Maker
2008-07-02 18:44:02 0 d-------- C:\Program Files\Java
2008-06-28 19:24:55 0 d-------- C:\Program Files\Gateway Games
2008-06-25 21:54:40 0 d-------- C:\Program Files\Common Files
2008-06-25 21:37:43 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-25 21:37:42 0 d-------- C:\Program Files\WildVoice Studio
2008-06-25 21:37:39 0 d-------- C:\Program Files\VideoReDoPlus
2008-06-25 21:36:26 0 d-------- C:\Program Files\SundryTools
2008-06-25 21:35:47 0 d-------- C:\Program Files\Serif
2008-06-25 21:35:43 0 d-------- C:\Program Files\Realore
2008-06-25 21:34:47 0 d-------- C:\Program Files\Palm
2008-06-25 21:34:35 0 d-------- C:\Program Files\Netflix
2008-06-25 21:34:21 0 d-------- C:\Program Files\Native Instruments
2008-06-25 21:34:21 0 d-------- C:\Program Files\Musicnotes
2008-06-25 21:33:38 0 d-------- C:\Program Files\Macromedia
2008-06-25 21:32:30 0 d-------- C:\Program Files\iTunes
2008-06-25 21:32:15 0 d-------- C:\Program Files\iPod
2008-06-25 21:32:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 21:32:11 0 d-------- C:\Program Files\Google
2008-06-25 21:31:43 0 d-------- C:\Program Files\GIMP-2.0
2008-06-25 21:25:06 0 d-------- C:\Program Files\Fisher-Price
2008-06-25 21:24:40 0 d-------- C:\Program Files\DVDStyler
2008-06-25 21:24:37 0 d-------- C:\Program Files\DVD Shrink
2008-06-25 21:24:37 0 d-------- C:\Program Files\DVD Decrypter
2008-06-25 21:24:32 0 d-------- C:\Program Files\Disclib
2008-06-25 21:24:26 0 d-------- C:\Program Files\CoreFTP
2008-06-25 21:24:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 21:24:25 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-06-25 21:24:16 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-25 21:23:44 0 d-------- C:\Program Files\Common Files\Apple
2008-06-25 21:23:44 0 d-------- C:\Program Files\Common Files\AOL
2008-06-25 21:22:45 0 d-------- C:\Program Files\Apple Software Update
2008-05-26 16:48:19 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 05:47 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 05:47 AM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 08:41 PM]
"SigmatelSysTrayApp"="stsystra.exe" [12/27/2005 06:20 AM C:\WINDOWS\stsystra.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [05/23/2006 03:22 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/11/2005 05:40 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2008 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]

C:\Documents and Settings\Owner.gateway\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 4:41:28 PM]
Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [4/9/2007 11:23:32 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [6/25/2008 4:20:12 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/5/2008 3:53:01 PM]
REALTEK RTL8187 Wireless LAN Utility.lnk - C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [6/25/2008 4:29:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

*Newly Created Service* - SJYPKT



-- End of Deckard's System Scanner: finished at 2008-07-12 08:36:30 ------------

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:03 PM

Posted 03 August 2008 - 02:23 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users