Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.


  • This topic is locked This topic is locked
2 replies to this topic

#1 WebDept

WebDept

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 31 July 2008 - 08:47 PM

Deckard's System Scanner v20071014.68
Run by rodneybailey on 2008-07-31 21:19:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-08-01 01:19:46 UTC - RP425 - Deckard's System Scanner Restore Point
101: 2008-08-01 00:53:14 UTC - RP424 - Removed Norton Security Scan
100: 2008-08-01 00:41:12 UTC - RP423 - Installed Windows Internet Explorer 7.
99: 2008-08-01 00:40:49 UTC - RP422 - Installed Windows IDNMitigationAPIs.
98: 2008-08-01 00:40:10 UTC - RP421 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-07-19 19:02:52 UTC - RP324 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as rodneybailey.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:23 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\AV9\av2009.exe
C:\Documents and Settings\rodneybailey\Desktop\dss.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rodneybailey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: {5325b3d9-4f10-fe09-9e74-c6f1c1abce44} - {44ecba1c-1f6c-47e9-90ef-01f49d3b5235} - C:\WINDOWS\system32\vivbul.dll
O2 - BHO: (no name) - {9F5F5CFA-24FF-42E8-B92F-8F49ABB299B0} - C:\WINDOWS\system32\hgGYRLeb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [54f6d7b1] rundll32.exe "C:\WINDOWS\system32\xaiiqcig.dll",b
O4 - HKLM\..\Run: [BM57c5e42d] Rundll32.exe "C:\WINDOWS\system32\bnwryebf.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [18489962156534238127774843906744] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193255563765
O20 - Winlogon Notify: urqRHbYp - urqRHbYp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 10927 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\rodney~1\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows>

S3 PACSPTISVR - c:\progra~1\common~1\sonysh~1\avlib\pacspt~1.exe <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 09:04:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-15 01:07:36 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-01 01:01:21 346 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 21:08:49 0 d-------- C:\Program Files\AV9
2008-07-31 20:46:51 83456 --a------ C:\WINDOWS\system32\xaiiqcig.dll
2008-07-31 20:46:47 105472 --a------ C:\WINDOWS\system32\vivbul.dll
2008-07-31 20:46:46 105472 --a------ C:\WINDOWS\system32\sffcfdsa.dll
2008-07-31 20:46:39 91648 --a------ C:\WINDOWS\system32\bnwryebf.dll
2008-07-31 20:07:04 0 d-------- C:\WINDOWS\ERUNT
2008-07-31 19:49:46 0 dr-h----- C:\Documents and Settings\rodneybailey\Recent
2008-07-31 19:46:28 0 d-------- C:\Program Files\CCleaner
2008-07-31 19:42:18 0 d-------- C:\Program Files\Trend Micro
2008-07-31 19:21:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-31 19:21:30 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-30 20:50:16 83456 --a------ C:\WINDOWS\system32\ulbwjslh.dll
2008-07-30 20:47:18 105472 --a------ C:\WINDOWS\system32\fieqwu.dll
2008-07-30 20:47:16 105472 --a------ C:\WINDOWS\system32\ugwabjny.dll
2008-07-30 20:44:38 91648 --a------ C:\WINDOWS\system32\kjohonqs.dll
2008-07-29 20:47:18 105472 --a------ C:\WINDOWS\system32\pqqzbr.dll
2008-07-29 20:47:16 105472 --a------ C:\WINDOWS\system32\mlgkohnr.dll
2008-07-29 20:44:15 91648 --a------ C:\WINDOWS\system32\pcobqgsd.dll
2008-07-28 20:50:18 105472 --a------ C:\WINDOWS\system32\cmmmib.dll
2008-07-28 20:50:15 105472 --a------ C:\WINDOWS\system32\ovvlnssc.dll
2008-07-28 20:44:15 91648 --a------ C:\WINDOWS\system32\olryagya.dll
2008-07-27 20:46:36 105472 --a------ C:\WINDOWS\system32\ajhacf.dll
2008-07-27 20:46:34 105472 --a------ C:\WINDOWS\system32\gfyggqtd.dll
2008-07-27 20:43:34 91648 --a------ C:\WINDOWS\system32\ydijqwsx.dll
2008-07-26 20:47:57 105472 --a------ C:\WINDOWS\system32\nbtdfk.dll
2008-07-26 20:47:57 105472 --a------ C:\WINDOWS\system32\irtvuxxc.dll
2008-07-26 20:42:28 91648 --a------ C:\WINDOWS\system32\mohvmwxf.dll
2008-07-26 15:59:58 105472 --a------ C:\WINDOWS\system32\pndafx.dll
2008-07-26 15:59:57 105472 --a------ C:\WINDOWS\system32\jrdbbqqn.dll
2008-07-26 15:53:57 91648 --a------ C:\WINDOWS\system32\gcluggaq.dll
2008-07-19 21:35:17 105296 --a------ C:\WINDOWS\system32\zmzvcc.dll
2008-07-19 21:35:16 105296 --a------ C:\WINDOWS\system32\wgvrxsys.dll
2008-07-19 16:27:06 0 d-------- C:\WINDOWS\ofmf
2008-07-19 16:27:06 0 d-------- C:\Program Files\Common Files\ofmf
2008-07-19 15:02:42 872186 --ahs---- C:\WINDOWS\system32\beLRYGgh.ini2
2008-07-19 15:02:36 314656 --a------ C:\WINDOWS\system32\hgGYRLeb.dll
2008-07-19 14:57:42 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\?racle
2008-07-19 14:57:29 0 d-------- C:\WINDOWS\system32\carH01
2008-07-19 14:57:29 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-07-31 20:52:38 0 d-------- C:\Program Files\Online Services
2008-07-31 20:51:55 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-31 20:51:24 0 d-------- C:\Program Files\Common Files\AOL
2008-07-31 19:21:01 236123 --a------ C:\logfile
2008-07-31 19:12:21 0 d-------- C:\Program Files\McAfee
2008-07-29 15:08:45 3688 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-27 12:56:39 0 d-------- C:\Program Files\AIM
2008-07-26 15:21:44 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\AdobeUM
2008-07-26 13:42:04 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\Wal-Mart Digital Photo Viewer
2008-07-20 16:43:33 0 d-------- C:\Program Files\Common Files
2008-07-20 16:26:23 0 d-------- C:\Program Files\SiteAdvisor
2008-07-19 14:57:42 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\?racle
2008-06-06 18:03:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 19:07:59 13296 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44ecba1c-1f6c-47e9-90ef-01f49d3b5235}]
07/31/2008 08:46 PM 105472 --a------ C:\WINDOWS\system32\vivbul.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F5F5CFA-24FF-42E8-B92F-8F49ABB299B0}]
07/19/2008 03:02 PM 314656 --a------ C:\WINDOWS\system32\hgGYRLeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 02:29 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 05:57 PM]
"54f6d7b1"="C:\WINDOWS\system32\xaiiqcig.dll" [07/31/2008 08:46 PM]
"BM57c5e42d"="C:\WINDOWS\system32\bnwryebf.dll" [07/31/2008 08:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/28/2007 06:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"18489962156534238127774843906744"="C:\Program Files\AV9\av2009.exe" [07/31/2008 09:08 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHbYp]
urqRHbYp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGYRLeb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk
backup=C:\WINDOWS\pss\Remocon Driver.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54f6d7b1]
rundll32.exe "C:\WINDOWS\system32\ulbwjslh.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe




-- End of Deckard's System Scanner: finished at 2008-07-31 21:23:40 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:06 PM

Posted 09 August 2008 - 11:24 PM

Hello WebDept,

Sorry for the delay. We have many logs backed up. :thumbsup:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:06 PM

Posted 19 August 2008 - 11:55 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users