Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Virus Help Needed


  • This topic is locked This topic is locked
2 replies to this topic

#1 bruinator

bruinator

  • Members
  • 498 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 28 July 2008 - 11:09 AM

Here is the log that you guys suggested. Can I please get some help with it.

Deckard's System Scanner v20071014.68
Run by larry f on 2008-07-28 12:04:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as larry f.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:21 PM, on 7/28/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3apphk.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\larry f\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\larry f.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/support/ie6/welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4082 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080725-224957-109 O2 - BHO: (no name) - {FD880EA1-C7E0-42AC-AE17-F030B676B111} - (no file)
backup-20080725-224957-147 O2 - BHO: (no name) - {D2B61D94-94AC-4ACE-BE75-FAF2A8CBABC4} - (no file)
backup-20080725-224957-167 O2 - BHO: (no name) - {EA2570AE-65D3-40AB-B4EB-D3309F131741} - (no file)
backup-20080725-224957-173 O2 - BHO: (no name) - {2DE27072-C012-4E5B-8051-FB8160EA54D1} - (no file)
backup-20080725-224957-186 O2 - BHO: (no name) - {43359B37-15E9-41AE-B8FB-831BBA238E5D} - (no file)
backup-20080725-224957-193 O2 - BHO: (no name) - {400E00C9-BEAC-431D-BA4F-1BE47258516E} - (no file)
backup-20080725-224957-197 O2 - BHO: (no name) - {90DBD51B-9A6D-417E-938F-9A730824E12D} - (no file)
backup-20080725-224957-206 O2 - BHO: (no name) - {4DA2D640-D807-4143-9284-D988689BFF3E} - (no file)
backup-20080725-224957-258 O2 - BHO: (no name) - {3FFBFE87-FCA1-4727-B96F-C1295EA56AEE} - (no file)
backup-20080725-224957-260 O2 - BHO: (no name) - {5DBC02BF-1D10-4CE1-8C5C-A777B204C660} - (no file)
backup-20080725-224957-305 O2 - BHO: (no name) - {B25521E5-A303-4A0E-9979-90C1480D7F3C} - (no file)
backup-20080725-224957-310 O2 - BHO: (no name) - {B177C3AC-60A3-4FD2-B487-104CEB19E369} - (no file)
backup-20080725-224957-359 O2 - BHO: (no name) - {29DB108C-8371-4303-8A8B-918ED379A872} - (no file)
backup-20080725-224957-384 O2 - BHO: (no name) - {BC2F4D04-6A01-4BC4-9941-6382AE25F6DD} - (no file)
backup-20080725-224957-401 O2 - BHO: (no name) - {D8305537-57DC-4716-9692-AD2DFFD47440} - (no file)
backup-20080725-224957-444 O2 - BHO: (no name) - {ADA9F749-0E76-4704-A726-0E74B2BFC0F9} - (no file)
backup-20080725-224957-450 O2 - BHO: (no name) - {D6D68E5C-17D5-45DE-AE72-619DD27A73B9} - (no file)
backup-20080725-224957-471 O2 - BHO: (no name) - {4DB2524E-3F1A-4A79-965F-43B04CCE348A} - (no file)
backup-20080725-224957-527 O2 - BHO: (no name) - {3366BBE6-0395-448A-8248-E072578A65FF} - (no file)
backup-20080725-224957-535 O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - (no file)
backup-20080725-224957-549 O2 - BHO: (no name) - {DF088CAB-FE77-435D-BBBC-66B68F6DC8E9} - (no file)
backup-20080725-224957-673 O2 - BHO: (no name) - {03E99860-E029-4B85-A901-4F76458A6658} - (no file)
backup-20080725-224957-690 O2 - BHO: (no name) - {8D249A9F-EDD1-47F4-AC31-4230292B6B3C} - (no file)
backup-20080725-224957-698 O2 - BHO: (no name) - {1854EAE1-5D81-4930-B4BF-1160D0EFD30E} - (no file)
backup-20080725-224957-856 O2 - BHO: (no name) - {04A5F9A9-76A2-4D48-940A-2F8F8D754642} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\winnt\system32\drivers\bantext.sys
R3 pcouffin (VSO Software pcouffin) - c:\winnt\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\winnt\system32\drivers\nsdriver.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ekrn (Eset Service) - "c:\program files\eset\eset smart security\ekrn.exe" <Not Verified; ESET; ESET Smart Security>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: SyncMasterH9LPC07595
Device ID: DISPLAY\SAM030C\5&88A3863&0&22446688&01&00
Manufacturer:
Name: SyncMasterH9LPC07595
PNP Device ID: DISPLAY\SAM030C\5&88A3863&0&22446688&01&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_125D&DEV_1988&SUBSYS_B2070E11&REV_10\3&61AAA01&0&68
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_125D&DEV_1988&SUBSYS_B2070E11&REV_10\3&61AAA01&0&68
Service:


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-25 23:08:53 68096 --a------ C:\WINNT\zip.exe
2008-07-25 23:08:53 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-25 23:08:53 98816 --a------ C:\WINNT\sed.exe
2008-07-25 23:08:53 80412 --a------ C:\WINNT\grep.exe
2008-07-25 23:08:53 89504 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-25 23:08:52 49152 --a------ C:\WINNT\VFind.exe
2008-07-25 23:08:50 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-25 23:08:49 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-25 22:02:11 0 d-------- C:\Program Files\Trend Micro
2008-07-25 21:54:14 0 d-------- C:\VundoFix Backups
2008-07-25 21:50:04 0 d---s---- C:\Documents and Settings\larry f\UserData
2008-07-23 19:39:58 232075 --a------ C:\WINNT\Burn4Free_Toolbar_Uninstaller_1485.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2008-07-23 19:39:52 0 d-------- C:\Program Files\Burn4Free Toolbar
2008-07-23 19:39:46 0 d-------- C:\Program Files\Burn4Free
2008-07-21 23:26:29 0 d-------- C:\Documents and Settings\larry f\Application Data\ESET
2008-07-21 23:21:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-19 19:46:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 19:44:56 162304 --a------ C:\WINNT\system32\ztvunrar36.dll
2008-07-19 19:44:56 77312 --a------ C:\WINNT\system32\ztvunace26.dll
2008-07-19 19:44:56 69632 --a------ C:\WINNT\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-07-19 19:44:56 153088 --a------ C:\WINNT\system32\UNRAR3.dll
2008-07-19 19:44:56 75264 --a------ C:\WINNT\system32\unacev2.dll
2008-07-19 19:44:51 0 d-a------ C:\Program Files\Trojan Remover
2008-07-19 19:44:51 0 d-------- C:\Documents and Settings\larry f\Application Data\Simply Super Software
2008-07-19 19:44:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-17 20:46:17 0 d-------- C:\Program Files\Driver-Soft
2008-07-17 18:05:03 0 d-------- C:\Documents and Settings\userone\Application Data\Comodo
2008-07-17 18:05:02 0 d-------- C:\Documents and Settings\userone\Application Data\Nero
2008-07-17 18:04:45 0 d-------- C:\Documents and Settings\userone\Application Data\Identities
2008-07-17 18:04:18 0 d--h----- C:\Documents and Settings\userone\Templates
2008-07-17 18:04:18 0 d-------- C:\Documents and Settings\userone\Start Menu
2008-07-17 18:04:18 0 d--h----- C:\Documents and Settings\userone\SendTo
2008-07-17 18:04:18 0 dr-h----- C:\Documents and Settings\userone\Recent
2008-07-17 18:04:18 0 d--h----- C:\Documents and Settings\userone\PrintHood
2008-07-17 18:04:18 208896 --ah----- C:\Documents and Settings\userone\NTUSER.DAT
2008-07-17 18:04:18 0 d--h----- C:\Documents and Settings\userone\NetHood
2008-07-17 18:04:18 0 d-------- C:\Documents and Settings\userone\My Documents
2008-07-17 18:04:18 0 d--h----- C:\Documents and Settings\userone\Local Settings
2008-07-17 18:04:18 0 dr------- C:\Documents and Settings\userone\Favorites
2008-07-17 18:04:18 0 d-------- C:\Documents and Settings\userone\Desktop
2008-07-17 18:04:18 0 d---s---- C:\Documents and Settings\userone\Cookies
2008-07-17 18:04:18 0 d--h----- C:\Documents and Settings\userone\Application Data
2008-07-17 18:04:18 0 d---s---- C:\Documents and Settings\userone\Application Data\Microsoft
2008-07-17 14:57:02 0 d-------- C:\Program Files\Invisible IP Map
2008-07-17 14:55:06 0 d-a------ C:\WINNT\system32\appmgmt
2008-07-16 18:38:04 0 d-------- C:\Documents and Settings\larry f\Application Data\Hide IP NG
2008-07-16 18:34:25 32 --a------ C:\WINNT\go
2008-07-13 19:21:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 19:21:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 19:21:36 0 d-------- C:\Documents and Settings\larry f\Application Data\SUPERAntiSpyware.com
2008-07-13 19:10:52 0 d-------- C:\Program Files\uTorrent
2008-07-13 19:10:47 0 d-------- C:\Documents and Settings\larry f\Application Data\uTorrent
2008-07-11 19:42:40 0 d-------- C:\Documents and Settings\larry f\Application Data\vlc
2008-07-11 19:38:24 0 d-------- C:\Program Files\VideoLAN
2008-07-11 15:58:49 0 d-------- C:\Program Files\Alcohol Soft
2008-07-11 15:53:47 685816 --a------ C:\WINNT\system32\drivers\sptd.sys
2008-07-10 21:45:07 0 d-------- C:\Documents and Settings\larry f\Application Data\Nero
2008-07-10 21:38:54 0 d-------- C:\Program Files\Nero
2008-07-10 21:38:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-10 21:38:53 0 d-------- C:\Program Files\Common Files\Nero
2008-07-10 21:33:55 997888 --a------ C:\WINNT\system32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-07-10 21:33:55 892416 --a------ C:\WINNT\system32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-07-10 21:33:55 1111040 --a------ C:\WINNT\system32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-07-10 20:31:33 0 d--h----- C:\WINNT\msdownld.tmp
2008-07-10 20:31:28 0 d-------- C:\WINNT\Windows Update Setup Files
2008-07-10 19:23:15 0 d-------- C:\WINNT\winsxs
2008-07-10 19:11:27 0 d--h---c- C:\WINNT\$MSI30UninstallMSI30-KB884016$
2008-07-08 23:26:38 167936 -ra------ C:\WINNT\system32\S3Info2.dll <Not Verified; S3 Graphics, Inc.; S3 Information Utility>
2008-07-08 23:26:38 28672 -ra------ C:\WINNT\system32\S3apphk.exe
2008-07-08 23:25:28 286720 --a------ C:\WINNT\system32\S3Gamma2.dll <Not Verified; S3 Graphics, Inc.; S3 Graphics Utilities>
2008-07-08 23:25:27 299008 --a------ C:\WINNT\system32\S3Disply.dll <Not Verified; S3 Graphics, Inc.; S3 Graphics, Inc. Utilities>
2008-07-08 23:25:27 45056 --a------ C:\WINNT\system32\S3appdll.dll <Not Verified; S3 Graphics, Inc.; S3 Graphics, Inc. s3appdll>
2008-07-08 21:15:56 0 d-------- C:\Documents and Settings\larry f\Application Data\Comodo
2008-07-08 21:15:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-08 20:41:34 0 d-------- C:\Program Files\Comodo
2008-07-08 20:11:30 0 d-------- C:\trident graphics card
2008-07-08 17:37:02 0 d-------- C:\Documents and Settings\larry f\Application Data\Malwarebytes
2008-07-08 17:36:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-08 17:36:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 16:48:13 0 d-------- C:\Documents and Settings\larry f\Application Data\WinRAR
2008-07-08 13:58:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 13:58:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 13:57:29 0 d-------- C:\Program Files\DAMN NFO Viewer
2008-07-08 13:08:31 47360 --a------ C:\WINNT\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-08 13:08:31 47360 --a------ C:\Documents and Settings\larry f\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-08 13:08:30 0 d-------- C:\Documents and Settings\larry f\Application Data\Vso
2008-07-08 13:08:15 217127 --a------ C:\WINNT\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-08 13:08:14 208935 --a------ C:\WINNT\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-08 13:08:14 176165 --a------ C:\WINNT\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-08 13:08:14 65602 --a------ C:\WINNT\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-08 13:08:13 626688 --a------ C:\WINNT\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-08 13:08:06 0 d-------- C:\Program Files\VSO
2008-07-08 13:04:32 0 d-------- C:\WINNT\RegisteredPackages
2008-07-08 13:03:59 733184 --a------ C:\WINNT\system32\qedwipes.dll
2008-07-08 13:03:59 1798144 --a------ C:\WINNT\system32\qedit.dll
2008-07-08 13:03:59 324096 --a------ C:\WINNT\system32\mswebdvd.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-07-08 13:03:59 13312 --a------ C:\WINNT\system32\msdmo.dll
2008-07-08 13:03:58 18944 --a------ C:\WINNT\system32\encapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:57 18432 --a------ C:\WINNT\system32\dswave.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:57 76800 --a------ C:\WINNT\system32\dmscript.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:57 664576 --a------ C:\WINNT\system32\dinput8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:57 1703936 --a------ C:\WINNT\system32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 80896 --a------ C:\WINNT\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-07-08 13:03:56 1769472 --a------ C:\WINNT\system32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 491520 --a------ C:\WINNT\system32\dsdmoprp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 186880 --a------ C:\WINNT\system32\dsdmo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 112128 --a------ C:\WINNT\system32\dpvvox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 80896 --a------ C:\WINNT\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 381952 --a------ C:\WINNT\system32\dpvoice.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 19968 --a------ C:\WINNT\system32\dpvacm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:56 1201152 --a------ C:\WINNT\system32\d3d8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 1189888 --a------ C:\WINNT\system32\dx8vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 16896 --a------ C:\WINNT\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 3072 --a------ C:\WINNT\system32\dpnlobby.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 68096 --a------ C:\WINNT\system32\dpnhupnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 32768 --a------ C:\WINNT\system32\dpnhpast.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 723968 --a------ C:\WINNT\system32\dpnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 3072 --a------ C:\WINNT\system32\dpnaddr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 44032 --a------ C:\WINNT\system32\dimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 459264 --a------ C:\WINNT\system32\diactfrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:55 7168 --a------ C:\WINNT\system32\d3d8thk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-08 13:03:41 0 d-a------ C:\WINNT\system32\DirectX
2008-07-08 13:03:36 0 d-------- C:\WINNT\Logs
2008-07-08 12:57:25 0 d-------- C:\Program Files\directx
2008-07-07 21:08:55 642698 ---h----- C:\WINNT\ShellIconCache
2008-07-07 21:08:21 0 d-a------ C:\WUTemp
2008-07-07 19:28:30 0 d-------- C:\Program Files\MWSnap
2008-07-07 19:22:45 0 --a------ C:\WINNT\nsreg.dat
2008-07-07 19:22:36 0 d-------- C:\Documents and Settings\larry f\Application Data\Mozilla
2008-07-07 18:58:34 0 d-------- C:\Documents and Settings\larry f\Application Data\Macromedia
2008-07-07 18:58:33 0 d-------- C:\Documents and Settings\larry f\Application Data\Adobe
2008-07-07 18:58:29 0 d-a------ C:\WINNT\system32\Macromed
2008-07-07 11:08:06 0 d-------- C:\Program Files\InstallShield Installation Information
2008-07-07 11:07:36 0 d-------- C:\Program Files\D-Link
2008-07-07 11:07:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-07 10:47:44 3840 --a------ C:\WINNT\system32\drivers\BANTExt.sys
2008-07-07 10:47:44 0 d-------- C:\Program Files\Belarc
2008-07-07 09:56:52 0 d-a------ C:\WINNT\system32\CertSrv
2008-07-07 09:56:52 0 d-------- C:\WINNT\ServicePackFiles
2008-07-06 23:45:43 0 d--hs---- C:\WINNT\Installer
2008-07-06 23:45:42 0 d-------- C:\Documents and Settings\larry f\Application Data\Identities
2008-07-06 23:45:37 0 d-ah----- C:\WINNT\system32\GroupPolicy
2008-07-06 23:45:35 0 d--h----- C:\Documents and Settings\larry f\Templates
2008-07-06 23:45:35 0 d-------- C:\Documents and Settings\larry f\Start Menu
2008-07-06 23:45:35 0 d--h----- C:\Documents and Settings\larry f\SendTo
2008-07-06 23:45:35 0 dr-h----- C:\Documents and Settings\larry f\Recent
2008-07-06 23:45:35 0 d--h----- C:\Documents and Settings\larry f\PrintHood
2008-07-06 23:45:35 638976 --ah----- C:\Documents and Settings\larry f\NTUSER.DAT
2008-07-06 23:45:35 0 d--h----- C:\Documents and Settings\larry f\NetHood
2008-07-06 23:45:35 0 d-------- C:\Documents and Settings\larry f\My Documents
2008-07-06 23:45:35 0 d--h----- C:\Documents and Settings\larry f\Local Settings
2008-07-06 23:45:35 0 dr------- C:\Documents and Settings\larry f\Favorites
2008-07-06 23:45:35 0 d-------- C:\Documents and Settings\larry f\Desktop
2008-07-06 23:45:35 0 d---s---- C:\Documents and Settings\larry f\Cookies
2008-07-06 23:45:35 0 d--h----- C:\Documents and Settings\larry f\Application Data
2008-07-06 23:45:34 0 d--hs---- C:\WINNT\CSC
2008-07-06 23:45:30 0 d-a------ C:\WINNT\system32\NtmsData
2008-07-06 23:44:48 0 d--hs---- C:\System Volume Information
2008-07-06 23:44:46 0 d-a------ C:\WINNT\system32\Microsoft
2008-07-06 23:39:17 0 d-a------ C:\WINNT\system32\rpcproxy
2008-07-06 23:39:17 0 d-a------ C:\WINNT\system32\rocket
2008-07-06 23:39:17 0 d-a------ C:\WINNT\system32\inetsrv
2008-07-06 23:39:17 0 d-------- C:\WINNT\mww32
2008-07-06 23:39:17 0 d-------- C:\WINNT\ime
2008-07-06 23:39:17 0 d-------- C:\Program Files\microsoft frontpage
2008-07-06 23:38:16 122880 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-06 23:38:00 0 -rahs---- C:\MSDOS.SYS
2008-07-06 23:38:00 0 -rahs---- C:\IO.SYS
2008-07-06 23:38:00 0 ---h----- C:\CONFIG.SYS
2008-07-06 23:38:00 0 ---h----- C:\AUTOEXEC.BAT
2008-07-06 23:36:27 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-06 23:36:10 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-06 23:36:04 0 dr------- C:\WINNT\Offline Web Pages
2008-07-06 23:36:04 0 d---s---- C:\WINNT\Downloaded Program Files
2008-07-06 23:35:38 0 d-a-s---- C:\WINNT\Tasks
2008-07-06 23:35:04 15012 --a------ C:\WINNT\system32\emptyregdb.dat
2008-07-06 23:34:16 0 d-------- C:\WINNT\Registration
2008-07-06 23:33:58 0 d-a------ C:\WINNT\system32\DTCLog
2008-07-06 23:33:52 0 d-ah----- C:\Program Files\WindowsUpdate
2008-07-06 23:33:18 0 d-------- C:\Program Files\Accessories
2008-07-06 23:33:11 0 d-------- C:\Program Files\Windows NT
2008-07-06 23:33:06 0 d-a------ C:\WINNT\system32\Com
2008-07-06 23:31:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-06 16:25:47 0 d-a------ C:\Program Files\Common Files\ODBC
2008-07-06 16:25:42 0 d-a------ C:\WINNT\Speech
2008-07-06 16:25:40 0 dra------ C:\Program Files
2008-07-06 16:25:40 0 d-a------ C:\Program Files\Common Files
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\Default User\Start Menu
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\SendTo
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-06 16:25:22 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\Default User\Application Data
2008-07-06 16:25:22 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\All Users\Start Menu
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-06 16:25:22 0 d-a------ C:\Documents and Settings\All Users\Documents
2008-07-06 16:25:22 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-06 16:25:22 0 d-ah----- C:\Documents and Settings\All Users\Application Data
2008-07-06 16:25:07 0 d-a------ C:\WINNT\system32\CatRoot
2008-07-06 16:24:50 0 d-a------ C:\Documents and Settings
2008-07-06 16:20:35 0 d-a------ C:\WINNT
2008-07-06 16:20:35 0 d---s---- C:\WINNT\Web
2008-07-06 16:20:35 0 d-a------ C:\WINNT\twain_32
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\wins
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\wbem
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\spool
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\ShellExt
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\Setup
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\ras
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\os2
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\npp
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\mui
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\ie_de
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\ias
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\export
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\drivers
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\drivers\etc
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\drivers\disdn
2008-07-06 16:20:35 0 drahs--c- C:\WINNT\system32\dllcache
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\dhcp
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system32\config
2008-07-06 16:20:35 0 d-a------ C:\WINNT\system
2008-07-06 16:20:35 0 d-a------ C:\WINNT\security
2008-07-06 16:20:35 0 d-a------ C:\WINNT\repair
2008-07-06 16:20:35 0 d-a------ C:\WINNT\msapps
2008-07-06 16:20:35 0 d-a------ C:\WINNT\msagent
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Media
2008-07-06 16:20:35 0 d--h----- C:\WINNT\inf
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Help
2008-07-06 16:20:35 0 dra-s---- C:\WINNT\Fonts
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Driver Cache
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Debug
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Cursors
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Connection Wizard
2008-07-06 16:20:35 0 d-a------ C:\WINNT\Config
2008-07-06 16:20:35 0 d-a------ C:\WINNT\AppPatch
2008-07-06 16:20:35 0 d-a------ C:\WINNT\addins


-- Find3M Report ---------------------------------------------------------------

2008-07-08 14:18:08 668 --a------ C:\Documents and Settings\larry f\Application Data\vso_ts_preview.xml
2008-07-08 13:08:34 97 --a------ C:\Documents and Settings\larry f\Application Data\pcouffin.log
2008-07-08 13:08:31 1144 --a------ C:\Documents and Settings\larry f\Application Data\pcouffin.inf
2008-07-08 13:08:31 7887 --a------ C:\Documents and Settings\larry f\Application Data\pcouffin.cat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
07/23/08 07:39p 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [07/23/08 07:39p 806912]

[-HKEY_CLASSES_ROOT\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 09:05a C:\WINNT\system32\mobsync.exe]
"S3apphk"="S3apphk.exe" [12/04/01 04:02p C:\WINNT\system32\S3apphk.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/07 02:57p]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/07 02:21p]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [07/25/08 06:43p]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/01/08 04:54a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/07 07:10p]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/13/08 07:28p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/08 10:13a 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9281A4FC-C581-3449-5FA6-456C6F7B9079}]
C:\WINNT\system32:winsock32.exe



-- End of Deckard's System Scanner: finished at 2008-07-28 12:08:41 ------------

thanks

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:13 AM

Posted 08 August 2008 - 01:43 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:13 AM

Posted 13 August 2008 - 06:27 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users