Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Bombed; Locked Out Of Admin, C:\\, Task Manager, Etc


  • This topic is locked This topic is locked
3 replies to this topic

#1 EuphoricAnguish

EuphoricAnguish

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 04 August 2008 - 08:31 AM

I downloaded a file, scanned it with AVG 3 times, it was said to be clear. When I installed it my system was taken over.

I have no access to my Admin account (it was changed and a new password generated).
I can't access a command prompt.
I can't access the Task Manager.

I am getting constant pop-ups about Spyware Alerts that want me to click 'OK' but I don't.

Below is my HijackThis/DSS log...

Deckard's System Scanner v20071014.68
Run by Roger on 2008-08-04 09:18:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Roger.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:18: VIRUS ALERT!, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Roger\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Roger.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1A4BA860-573E-4059-8337-6A34AC65C535} - C:\WINDOWS\system32\tuvWnmNF.dll
O2 - BHO: QXK Olive - {37355961-6141-4D45-845C-BE65438D9F66} - C:\WINDOWS\wnlmdakqpmr.dll
O2 - BHO: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - C:\Program Files\Congoo Netpass\congootb.dll
O2 - BHO: (no name) - {4F20FB7B-853B-48B4-BC9E-52ECF740D95E} - C:\WINDOWS\system32\khfGwWOI.dll
O2 - BHO: {21538f50-8415-865a-a264-703bd841be55} - {55eb148d-b307-462a-a568-514805f83512} - C:\WINDOWS\system32\eoqwga.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - C:\Program Files\Congoo Netpass\congootb.dll
O3 - Toolbar: bgrqfetx - {29752075-A2DA-4AB7-97E9-C07AC3138561} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Roger\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UniUploader] C:\Program Files\UniUploader\UniUploader.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [\Win1C1.exe] C:\Windows\system32\Win1C1.exe
O4 - HKLM\..\Run: [\Win1C2.exe] C:\Windows\system32\Win1C2.exe
O4 - HKLM\..\Run: [\Win1C3.exe] C:\Windows\system32\Win1C3.exe
O4 - HKLM\..\Run: [\Win1C4.exe] C:\Windows\system32\Win1C4.exe
O4 - HKLM\..\Run: [\Win1C5.exe] C:\Windows\system32\Win1C5.exe
O4 - HKLM\..\Run: [04f999e5] rundll32.exe "C:\WINDOWS\system32\syjnaknd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\Win1C1.exe] C:\Windows\system32\Win1C1.exe
O4 - HKCU\..\Run: [\Win1C2.exe] C:\Windows\system32\Win1C2.exe
O4 - HKCU\..\Run: [\Win1C3.exe] C:\Windows\system32\Win1C3.exe
O4 - HKCU\..\Run: [\Win1C4.exe] C:\Windows\system32\Win1C4.exe
O4 - HKCU\..\Run: [\Win1C5.exe] C:\Windows\system32\Win1C5.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - C:\Program Files\Congoo Netpass\congootb.dll
O9 - Extra 'Tools' menuitem: Congoo Netpass - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - C:\Program Files\Congoo Netpass\congootb.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188519450037
O20 - AppInit_DLLs: eoqwga.dll
O20 - Winlogon Notify: tuvWnmNF - C:\WINDOWS\SYSTEM32\tuvWnmNF.dll
O21 - SSODL: tfnslopk - {D20A6591-0FAC-426E-AAA9-D8D26FB6653F} - C:\WINDOWS\tfnslopk.dll
O21 - SSODL: xokvrpwg - {047B5A52-358C-4515-9317-AA4D2397F859} - C:\WINDOWS\xokvrpwg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

--
End of file - 8753 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 09:14:39 0 d-------- C:\Program Files\Trend Micro
2008-08-04 08:44:33 0 d-------- C:\Program Files\Lavasoft
2008-08-04 08:37:09 99200 --a------ C:\WINDOWS\system32\syjnaknd.dll
2008-08-04 08:35:25 129920 --a------ C:\WINDOWS\system32\huqitoen.dll
2008-08-04 08:35:25 129920 --a------ C:\WINDOWS\system32\eoqwga.dll
2008-08-04 08:34:08 231764 --ahs---- C:\WINDOWS\system32\IOWwGfhk.ini2
2008-08-04 08:34:04 323328 --a------ C:\WINDOWS\system32\khfGwWOI.dll
2008-08-04 08:31:01 0 dr-h----- C:\$VAULT$.AVG
2008-08-04 08:28:23 0 d-------- C:\WINDOWS\CSC
2008-08-04 08:20:59 7652 --a------ C:\WINDOWS\system32\tdssinit.dll
2008-08-04 08:20:58 40960 --a------ C:\WINDOWS\system32\tdssadw.dll
2008-08-04 08:20:57 9216 --a------ C:\WINDOWS\system32\tdssmain.dll
2008-08-04 08:20:56 217 --a------ C:\WINDOWS\system32\tdssservers.dat
2008-08-04 08:20:38 15360 --a------ C:\WINDOWS\system32\tdssl.dll
2008-08-04 08:20:38 33280 --a------ C:\WINDOWS\system32\drivers\tdssserv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-04 08:20:35 34176 --a------ C:\WINDOWS\system32\tuvWnmNF.dll
2008-08-04 08:20:35 34176 --a------ C:\WINDOWS\system32\pmnlmJYq.dll
2008-08-04 08:20:09 0 d-------- C:\WINDOWS\privacy_danger
2008-08-04 08:20:08 0 d-------- C:\Documents and Settings\Roger\Application Data\TmpRecentIcons
2008-08-04 08:19:55 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-04 08:19:55 393216 --a------ C:\WINDOWS\wnlmdakqpmr.dll
2008-08-04 08:19:55 200704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-04 08:19:55 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-04 08:19:55 139264 --a------ C:\WINDOWS\eefq.exe
2008-08-04 08:19:55 192512 --a------ C:\WINDOWS\bgrqfetx.dll
2008-08-04 08:18:32 0 d-------- C:\Program Files\VAV
2008-08-04 08:18:30 0 d-------- C:\Program Files\PCHealthCenter
2008-07-30 05:01:25 0 d-------- C:\Program Files\MSXML 4.0
2008-07-30 04:49:48 0 d-------- C:\WINDOWS\Prefetch
2008-07-30 04:41:32 0 d-------- C:\WINDOWS\system32\scripting
2008-07-30 04:41:32 0 d-------- C:\WINDOWS\system32\en
2008-07-30 04:41:32 0 d-------- C:\WINDOWS\l2schemas
2008-07-30 04:41:31 0 d-------- C:\WINDOWS\system32\bits
2008-07-30 04:39:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 23:52:03 1093632 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-07-29 23:52:03 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-07-29 23:51:57 0 d-------- C:\Program Files\SigmaTel
2008-07-29 23:10:27 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-29 21:02:03 0 d-------- C:\Documents and Settings\Roger\Logs
2008-07-29 20:52:34 0 d-------- C:\WINDOWS\system32\Data
2008-07-27 14:09:37 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-07-27 14:08:24 0 d-------- C:\Program Files\Creative
2008-07-27 14:08:13 86 --a------ C:\WINDOWS\setuplog
2008-07-09 05:27:46 0 d-------- C:\Program Files\Winamp
2008-07-09 05:27:46 0 d-------- C:\Documents and Settings\Roger\Application Data\Winamp


-- Find3M Report ---------------------------------------------------------------

2008-08-04 08:55:24 0 d-------- C:\Documents and Settings\Roger\Application Data\AVG7
2008-08-04 08:18:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-30 04:41:53 0 d-------- C:\Program Files\Messenger
2008-07-30 04:41:31 0 d-------- C:\Program Files\Movie Maker
2008-07-30 04:39:10 0 d-------- C:\Program Files\Windows NT
2008-07-29 23:11:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 23:10:27 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-07-29 21:14:50 0 d-------- C:\Program Files\Java
2008-07-29 21:06:05 0 d-------- C:\Program Files\World of Warcraft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4BA860-573E-4059-8337-6A34AC65C535}]
08/04/2008 08:20: VIRUS ALERT! 34176 --a------ C:\WINDOWS\system32\tuvWnmNF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37355961-6141-4D45-845C-BE65438D9F66}]
08/04/2008 07:01: VIRUS ALERT! 393216 --a------ C:\WINDOWS\wnlmdakqpmr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40498DEF-8B13-44A6-A1A7-69DFE36E9210}]
04/05/2007 09:26: VIRUS ALERT! 915160 --------- C:\Program Files\Congoo Netpass\congootb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F20FB7B-853B-48B4-BC9E-52ECF740D95E}]
08/04/2008 08:34: VIRUS ALERT! 323328 --a------ C:\WINDOWS\system32\khfGwWOI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55eb148d-b307-462a-a568-514805f83512}]
08/04/2008 08:35: VIRUS ALERT! 129920 --a------ C:\WINDOWS\system32\eoqwga.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIUCU"="C:\DOCUME~1\Roger\LOCALS~1\Temp\UIUCU.exe" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 18:41: VIRUS ALERT!]
"bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [06/03/2006 23:37: VIRUS ALERT!]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [10/15/2005 21:15: VIRUS ALERT!]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27: VIRUS ALERT!]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 04:10: VIRUS ALERT! C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54: VIRUS ALERT!]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 21:52: VIRUS ALERT!]
"UniUploader"="C:\Program Files\UniUploader\UniUploader.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 09:04: VIRUS ALERT!]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"P17Helper"="P17.dll" [05/03/2005 19:38: VIRUS ALERT! C:\WINDOWS\system32\P17.DLL]
"SigmatelSysTrayApp"="stsystra.exe" [07/27/2006 14:19: VIRUS ALERT! C:\WINDOWS\stsystra.exe]
"\Win1C1.exe"="C:\Windows\system32\Win1C1.exe" []
"\Win1C2.exe"="C:\Windows\system32\Win1C2.exe" []
"\Win1C3.exe"="C:\Windows\system32\Win1C3.exe" []
"\Win1C4.exe"="C:\Windows\system32\Win1C4.exe" []
"\Win1C5.exe"="C:\Windows\system32\Win1C5.exe" []
"04f999e5"="C:\WINDOWS\system32\syjnaknd.dll" [08/04/2008 08:37: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12: VIRUS ALERT!]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 20:12: VIRUS ALERT!]
"\Win1C1.exe"="C:\Windows\system32\Win1C1.exe" []
"\Win1C2.exe"="C:\Windows\system32\Win1C2.exe" []
"\Win1C3.exe"="C:\Windows\system32\Win1C3.exe" []
"\Win1C4.exe"="C:\Windows\system32\Win1C4.exe" []
"\Win1C5.exe"="C:\Windows\system32\Win1C5.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/5/2007 1:58:41 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1A4BA860-573E-4059-8337-6A34AC65C535}"= C:\WINDOWS\system32\tuvWnmNF.dll [08/04/2008 08:20: VIRUS ALERT! 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"tfnslopk"= {D20A6591-0FAC-426E-AAA9-D8D26FB6653F} - C:\WINDOWS\tfnslopk.dll [08/04/2008 07:01: VIRUS ALERT! 200704]
"xokvrpwg"= {047B5A52-358C-4515-9317-AA4D2397F859} - C:\WINDOWS\xokvrpwg.dll [08/04/2008 07:01: VIRUS ALERT! 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 11:10: VIRUS ALERT! 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWnmNF]
tuvWnmNF.dll 08/04/2008 08:20: VIRUS ALERT! 34176 C:\WINDOWS\system32\tuvWnmNF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eoqwga.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2008-08-04 09:19:41 ------------



BC AdBot (Login to Remove)

 


#2 EuphoricAnguish

EuphoricAnguish
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 04 August 2008 - 03:07 PM

Hello?

Anyone out there?

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:50 PM

Posted 11 August 2008 - 05:34 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:50 PM

Posted 20 August 2008 - 01:56 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users