Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Suspected! Please Check Logs


  • Please log in to reply
1 reply to this topic

#1 Tess44

Tess44

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 30 July 2008 - 07:37 PM

Deckard's System Scanner v20071014.68
Run by Mary on 2008-07-30 19:34:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mary.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:39 PM, on 7/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mary\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mary.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://www.gfi.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c7/v21.156/qboax10.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7568 bytes

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-28 01:05:40 0 d-------- C:\Program Files\iPod
2008-07-28 01:05:34 0 d-------- C:\Program Files\iTunes
2008-07-28 01:05:15 0 d-------- C:\Program Files\Bonjour
2008-07-28 01:04:38 0 d-------- C:\Program Files\QuickTime
2008-07-28 01:04:37 0 d-------- C:\Users\All Users\Apple Computer
2008-07-28 01:04:17 0 d-------- C:\Program Files\Apple Software Update
2008-07-28 01:03:21 0 d-------- C:\Program Files\Common Files\Apple
2008-07-22 15:43:38 0 d-------- C:\Program Files\Citrix
2008-07-18 17:45:16 0 d-------- C:\Program Files\Fast Photos
2008-07-09 23:19:17 0 d-------- C:\Users\All Users\WEBREG
2008-07-09 23:14:30 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-07-09 23:12:09 0 d-------- C:\Users\All Users\HP Product Assistant
2008-07-09 23:11:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-09 23:08:12 1039 -----n--- C:\Windows\hpomdl15.dat
2008-07-09 23:08:12 139041 --a------ C:\Windows\hpoins15.dat
2008-07-09 22:52:54 118272 --a------ C:\Windows\system32\hpz3l5ha.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2008-07-09 22:50:19 364544 --a------ C:\Windows\system32\hppldcoi.dll <Not Verified; Hewlett-Packard; Preload Driver CoInstaller>
2008-07-09 22:50:19 675840 --a------ C:\Windows\system32\hpowiax4.dll <Not Verified; Hewlett-Packard; hpowiax4.dll>
2008-07-09 22:50:19 303104 --a------ C:\Windows\system32\hpovst11.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-07-09 22:50:18 958464 --a------ C:\Windows\system32\hpotiop4.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-07-09 22:50:18 309760 --a------ C:\Windows\system32\difxapi.dll <Not Verified; Microsoft Corporation; Driver Install Frameworks API (DIFxAPI)>
2008-07-09 11:33:10 0 d-------- C:\Windows\LastGood
2008-07-09 11:05:36 0 d-------- C:\Windows\LastGood.Tmp
2008-07-07 01:01:25 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-07-07 00:44:50 0 d-------- C:\Users\All Users\Yahoo!
2008-07-06 22:51:09 0 d-------- C:\Program Files\Scribd Uploader
2008-07-05 22:12:10 0 d-------- C:\Program Files\FastStone MaxView
2008-07-05 22:10:26 0 d-------- C:\Program Files\XnView
2008-07-05 21:43:32 0 d-------- C:\Users\All Users\NOS
2008-07-05 15:17:16 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-07-05 15:16:45 0 d-------- C:\Program Files\MSECACHE
2008-07-05 14:51:21 0 d-------- C:\Windows\system32\URTTEMP
2008-07-05 14:41:55 0 d-------- C:\temp
2008-07-05 04:19:14 0 d-------- C:\Users\All Users\PCPitstop
2008-07-05 04:12:17 0 d-------- C:\Windows\Sun
2008-07-05 00:01:28 0 d-------- C:\Program Files\NeoSmart Technologies
2008-07-04 22:17:16 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-07-04 21:39:33 0 --a------ C:\Windows\system32\SBRC.dat
2008-07-04 21:39:33 0 --a------ C:\Windows\system32\SBFC.dat
2008-07-04 21:04:32 0 d-------- C:\Program Files\Synaptics
2008-07-04 18:46:34 0 d-------- C:\Program Files\Yamicsoft
2008-07-04 18:23:35 0 d-------- C:\Program Files\VS Revo Group
2008-07-04 14:48:37 0 d-------- C:\Program Files\Avira
2008-07-04 02:42:02 0 d-------- C:\Users\All Users\Comcast
2008-07-03 22:15:18 0 d-------- C:\Users\All Users\SupportSoft
2008-07-03 22:14:53 0 d-------- C:\Program Files\Common Files\supportsoft
2008-07-03 22:14:53 0 d-------- C:\Program Files\Comcast
2008-07-03 21:37:35 0 d-------- C:\Program Files\WMI Tools
2008-07-03 20:55:28 0 d-------- C:\Windows\pss
2008-07-02 21:32:04 0 d-------- C:\Program Files\Common Files\Adobe(14)
2008-07-02 21:27:47 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 08:54:32 0 d-------- C:\Program Files\GPLGS
2008-07-02 08:53:20 0 d-------- C:\Program Files\Acro Software
2008-07-02 08:05:33 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-07-02 08:05:33 0 d-------- C:\Users\All Users\Spyware Terminator
2008-07-02 08:05:30 0 d-------- C:\Program Files\Spyware Terminator
2008-07-01 15:30:42 0 d-------- C:\Program Files\Broadcom
2008-07-01 00:43:42 0 d-------- C:\Program Files\Microsoft
2008-06-30 12:39:08 0 d-------- C:\Program Files\NVIDIA Corporation
2008-06-30 12:35:32 0 d-------- C:\NVIDIA
2008-06-30 12:27:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 01:23:11 0 d-------- C:\Program Files\Trend Micro
2008-06-30 01:12:25 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-30 01:12:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware


-- Find3M Report ---------------------------------------------------------------

2008-07-30 19:28:19 0 d-------- C:\Users\Mary\AppData\Roaming\Spyware Terminator
2008-07-30 18:54:30 0 d-------- C:\Users\Mary\AppData\Roaming\XnView
2008-07-30 18:54:26 0 d-------- C:\Program Files\Microsoft Works
2008-07-30 18:54:26 0 d-------- C:\Program Files\CCleaner
2008-07-30 16:29:04 27240 --a------ C:\Users\Mary\AppData\Roaming\nvModes.001
2008-07-30 00:26:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 01:05:54 0 d-------- C:\Users\Mary\AppData\Roaming\Apple Computer
2008-07-28 01:03:21 0 d-------- C:\Program Files\Common Files
2008-07-22 15:43:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-17 01:07:53 0 d-------- C:\Users\Mary\AppData\Roaming\CyberLink
2008-07-15 07:52:21 0 d-------- C:\Program Files\SugarSync
2008-07-09 23:20:02 0 d-------- C:\Users\Mary\AppData\Roaming\HP
2008-07-09 23:14:31 0 d-------- C:\Program Files\HP
2008-07-09 21:58:08 0 d-------- C:\Program Files\Java
2008-07-08 19:11:37 0 d-------- C:\Program Files\Windows Mail
2008-07-07 11:53:02 0 d-------- C:\Users\Mary\AppData\Roaming\Adobe
2008-07-07 01:11:59 0 d-------- C:\Program Files\Yahoo!
2008-07-07 01:09:15 0 d-------- C:\Users\Mary\AppData\Roaming\Yahoo!
2008-07-06 22:53:21 0 d-------- C:\Users\Mary\AppData\Roaming\Scribd.com
2008-07-06 22:53:11 0 d-------- C:\Users\Mary\AppData\Roaming\Scribd
2008-07-04 22:17:14 0 d-------- C:\Program Files\Diskeeper Corporation
2008-07-04 21:31:52 0 d-------- C:\Users\Mary\AppData\Roaming\Sunbelt Software
2008-07-04 15:03:07 0 d-------- C:\Users\Mary\AppData\Roaming\Avira
2008-07-03 19:12:43 0 d-------- C:\Users\Mary\AppData\Roaming\Hewlett-Packard
2008-07-03 19:12:37 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-30 13:39:58 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-30 08:20:21 0 d-------- C:\Program Files\Microsoft Games
2008-06-30 01:12:27 0 d-------- C:\Users\Mary\AppData\Roaming\Malwarebytes
2008-06-29 22:47:32 0 d-------- C:\Program Files\Undelete for Outlook
2008-06-29 20:10:02 0 d-------- C:\Users\Mary\AppData\Roaming\TuneUp Software
2008-06-29 19:02:05 0 d-------- C:\Program Files\Stellar Phoenix Outlook Pst Repair
2008-06-29 17:07:27 27240 --a------ C:\Users\Mary\AppData\Roaming\nvModes.dat
2008-06-29 17:06:49 0 d-------- C:\Users\Mary\AppData\Roaming\Diskeeper Corporation
2008-06-29 15:55:38 0 d-------- C:\Program Files\Google
2008-06-29 13:21:25 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-06-28 22:53:17 0 d-------- C:\Users\Mary\AppData\Roaming\WinRAR
2008-06-28 21:18:00 0 d-------- C:\Users\Mary\AppData\Roaming\InstallShield
2008-06-28 20:35:42 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-28 20:28:59 0 d-------- C:\Program Files\Secunia
2008-06-28 20:25:55 0 d-------- C:\Program Files\filehippo.com
2008-06-28 19:43:38 0 d-------- C:\Program Files\Electronic Arts
2008-06-28 19:28:21 0 d-------- C:\Users\Mary\AppData\Roaming\Mozilla
2008-06-28 19:10:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-28 19:05:04 0 d-------- C:\Program Files\CONEXANT
2008-06-28 18:47:56 90166 --a------ C:\Windows\hpqins15.dat
2008-06-28 18:43:11 0 d-------- C:\Users\Mary\AppData\Roaming\Symantec
2008-06-28 18:42:10 0 d-------- C:\Users\Mary\AppData\Roaming\Identities
2008-06-28 18:41:33 81 --a------ C:\Windows\system32\LOG
2008-06-28 18:39:21 0 d-------- C:\Users\Mary\AppData\Roaming\Macromedia
2008-06-28 18:37:12 0 dr------- C:\Program Files\Online Services
2008-06-28 18:28:05 0 d-------- C:\Program Files\HPQ
2008-06-28 18:28:01 0 d-------- C:\Program Files\Common Files\LightScribe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
03/27/2008 11:51 PM 501056 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/14/2007 07:50 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/14/2007 07:29 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [06/20/2007 11:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [07/03/2008 12:08 PM]

C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [6/16/2008 4:03:08 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SugarSync"="C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
iissvcs w3svc was
apphost apphostsvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-30 19:35:30 ------------

BC AdBot (Login to Remove)

 


m

#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:04:51 PM

Posted 10 August 2008 - 04:29 AM

Hello Tess44 and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please make sure you post back with fresh logs of the DSS scan and with any details for changes that might have occurred since your last post.

Please do the following:
  • Close all programs and/or windows so that you have nothing open and are at your Desktop.
  • Click on Start, then click on Run.
  • In the Open: field copy and paste the entire contents inside the CODE box below and press the OK button.

    "%userprofile%\Desktop\dss.exe" /config

    This will open up DSS configuration.
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • When finished, please post back both logs that open in Notepad: main.txt and extra.txt.
Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users