Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search-daily.com!

Started by greenelephant , Dec 22 2007 11:13 AM

  • Please log in to reply

#1
greenelephant
Posted 22 December 2007 - 11:13 AM

greenelephant

    New Member

  • Member
  • Pip
  • 3 posts
Hi every1

I've got some sorta virus. Basically every time I use google 2 seach 4 something every entry I click directs me to search-daily.com. Here is My logs from DSS. Im no expert but this 2 me is ringing alarm bells

O2 - BHO: (no name) - {9F0D1613-11B5-4AF6-A524-5D51EBAAFC26} - C:\WINDOWS\system32\bitsprx.dll (from main.txt)

Cause it has nothing to identify itself with when every other entry does

Id love ur feedback on this please

greenelephant


MAIN.TXT

---------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Brendan on 2007-12-22 16:49:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
5: 2007-12-22 15:53:18 UTC - RP26 - Deckard's System Scanner Restore Point
4: 2007-12-22 15:21:59 UTC - RP25 - Software Distribution Service 3.0
3: 2007-12-21 16:11:13 UTC - RP24 - Installed Adobe Reader 8.1.1
2: 2007-12-21 10:42:02 UTC - RP23 - Deckard's System Scanner Restore Point
1: 2007-12-18 16:31:18 UTC - RP22 - Installed Windows Media Format 9 Series Runtime Setup


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Brendan.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:58, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brendan.BRENDAN-3530838\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brendan.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9F0D1613-11B5-4AF6-A524-5D51EBAAFC26} - C:\WINDOWS\system32\bitsprx.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - (no file)
O9 - Extra button: (no name) - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...186/mcfscan.cab
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 3959 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 gfjdlgpx - c:\windows\system32\drivers\exyelexu.dat
R3 BTCOMM - c:\windows\system32\drivers\btcomm.sys <Not Verified; Windigo Systems; >
R3 BTKRNBDG (Bluetooth COM Bridge) - c:\windows\system32\drivers\btkrnbdg.sys <Not Verified; Windigo Systems; >
R3 vad_multi (Windigo Virtual Audio Device (WDM)) - c:\windows\system32\drivers\vadmulti.sys <Not Verified; Windigo Systems; >

S3 CSRBC01 (%CSRBC01.SvcDesc%) - c:\windows\system32\drivers\csrbc01.sys <Not Verified; Windigo; Windigo USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0084&SUBSYS_00841849&REV_A1\3&267A616A&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0084&SUBSYS_00841849&REV_A1\3&267A616A&0&09
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_008C&SUBSYS_09001849&REV_A3\3&267A616A&0&20
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_008C&SUBSYS_09001849&REV_A3\3&267A616A&0&20
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_008A&SUBSYS_97611849&REV_A1\3&267A616A&0&30
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_008A&SUBSYS_97611849&REV_A1\3&267A616A&0&30
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_FFFFFFFF&REV_11\4&258F4AE7&0&4040
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_FFFFFFFF&REV_11\4&258F4AE7&0&4040
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_FFFFFFFF&REV_11\4&258F4AE7&0&4140
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_FFFFFFFF&REV_11\4&258F4AE7&0&4140
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Game Port for Creative
Device ID: LEGACY\JOYSTICK\5&180AD777&0&ENUM&
Manufacturer: Creative Technology Ltd.
Name: Game Port for Creative
PNP Device ID: LEGACY\JOYSTICK\5&180AD777&0&ENUM&
Service: gameenum

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\_NVRAIDBUS\3&267A616A&0
Manufacturer:
Name:
PNP Device ID: ACPI\_NVRAIDBUS\3&267A616A&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-22 15:20:16 386 --a------ C:\WINDOWS\Tasks\SpyScan.job
2007-12-17 11:59:14 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-12-17 11:59:11 356 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-11-22 and 2007-12-22 -----------------------------

2007-12-22 15:22:33 0 d-------- C:\WINDOWS\LastGood
2007-12-21 16:34:09 0 d-------- C:\Barclays Spain Accounts
2007-12-21 16:11:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2007-12-21 16:06:30 0 d-------- C:\WINDOWS\Sun
2007-12-21 10:10:35 0 d-------- C:\Program Files\Trend Micro
2007-12-19 21:44:10 0 d-------- C:\$WINDOWS.~BT
2007-12-18 17:37:05 0 d-------- C:\$WIN_NT$.~BT
2007-12-18 14:40:45 0 d-------- C:\Program Files\Xilisoft
2007-12-18 13:37:42 0 d-------- C:\Program Files\ImgBurn
2007-12-18 12:19:24 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\ImgBurn
2007-12-18 12:03:57 0 d-------- C:\Program Files\MagicISO
2007-12-18 10:35:11 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-12-18 09:31:41 0 d-------- C:\Program Files\Spyware Doctor
2007-12-18 09:31:41 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\PC Tools
2007-12-17 12:53:30 0 d-------- C:\Program Files\McAfee.com
2007-12-17 11:56:38 0 d-------- C:\Program Files\Common Files\McAfee
2007-12-17 11:52:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2007-12-17 02:18:14 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Shared
2007-12-17 02:18:11 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Incomplete
2007-12-17 02:11:13 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\LimeWire
2007-12-17 02:10:51 0 d-------- C:\Program Files\LimeWire
2007-12-17 00:25:28 0 d-------- C:\Program Files\Orca
2007-12-17 00:11:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2007-12-16 23:27:26 0 d--hs---- C:\TrustedAntivirus
2007-12-16 23:26:44 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\TrustedAntivirus
2007-12-16 23:26:26 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
2007-12-16 19:26:41 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\STOPzilla!
2007-12-16 18:57:18 335 --a------ C:\WINDOWS\nsreg.dat
2007-12-16 18:38:06 838 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 16:59:06 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-12-16 16:55:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-12-16 16:55:12 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\SUPERAntiSpyware.com
2007-12-16 16:43:46 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 16:43:46 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-16 16:43:46 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-16 16:43:46 77824 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-16 16:43:46 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 16:36:18 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-16 16:36:07 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Application Data\Adobe
2007-12-15 19:32:37 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-12-15 19:32:37 118784 --a------ C:\WINDOWS\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-12-15 17:05:43 0 d-------- C:\Program Files\Common Files\Winferno
2007-12-15 17:04:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
2007-12-15 17:01:47 0 d-------- C:\Program Files\Common Files\iS3
2007-12-15 17:01:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-12-15 04:02:14 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\Sun
2007-12-15 03:49:34 0 d-------- C:\jad maker
2007-12-15 03:25:35 638976 --a------ C:\Uploader.exe
2007-12-15 03:25:14 0 d-------- C:\Program Files\Softick
2007-12-15 01:59:22 0 d---s---- C:\Documents and Settings\Brendan.BRENDAN-3530838\UserData
2007-12-15 00:26:54 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-12-15 00:24:09 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\XTND_BTUIObjects
2007-12-15 00:19:32 0 d-------- C:\Program Files\Samsung
2007-12-15 00:01:11 17792 -----n--- C:\WINDOWS\system32\drivers\vadmulti.sys <Not Verified; Windigo Systems; >
2007-12-15 00:01:11 24859 -----n--- C:\WINDOWS\system32\drivers\CSRBC01.sys <Not Verified; Windigo; Windigo USB Device Driver>
2007-12-15 00:01:10 41520 --a------ C:\WINDOWS\system32\drivers\ccport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Millennium Operating System>
2007-12-15 00:01:10 32131 --a------ C:\WINDOWS\system32\drivers\BtLegacy.sys <Not Verified; Extended Systems Inc.; Bluetooth Legacy>
2007-12-15 00:01:10 15876 --a------ C:\WINDOWS\system32\drivers\BtKrnBdg.sys <Not Verified; Windigo Systems; >
2007-12-15 00:01:10 57512 -----n--- C:\WINDOWS\system32\drivers\Btcomm.sys <Not Verified; Windigo Systems; >
2007-12-15 00:01:10 6430 --a------ C:\WINDOWS\system32\drivers\BT3CSer.sys <Not Verified; Extended Systems Inc.; Bluetooth Legacy>
2007-12-15 00:01:09 90112 --a------ C:\WINDOWS\system32\ESICOMMN.DLL <Not Verified; ; XTNDConnect Blue SDK for Windows>
2007-12-15 00:01:08 317952 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-12-15 00:01:08 50176 --a------ C:\WINDOWS\system32\CSH.DLL <Not Verified; Blue Sky Software Corporation; What's This? Help Composer>
2007-12-15 00:01:08 53248 --a------ C:\WINDOWS\system32\BtUsrBdg.exe <Not Verified; Extended Systems, Inc.; >
2007-12-15 00:01:08 36864 --a------ C:\WINDOWS\system32\BTSetBootKey.exe
2007-12-15 00:01:08 69632 --a------ C:\WINDOWS\system32\BTOBEXOP.DLL <Not Verified; Extended Systems, Inc.; Windows Bluetooth Drivers>
2007-12-15 00:01:08 69632 --a------ C:\WINDOWS\system32\BtObexFt.dll <Not Verified; Extended Systems, Inc.; Windows Bluetooth Drivers>
2007-12-15 00:01:08 69632 --a------ C:\WINDOWS\system32\BtFileStore.dll <Not Verified; Extended Systems, Inc.; Windows Bluetooth Drivers>
2007-12-15 00:01:08 77824 -----n--- C:\WINDOWS\system32\BTAPI1.dll <Not Verified; Windigo Systems; Windows Bluetooth Stack>
2007-12-15 00:01:06 0 d-------- C:\WINDOWS\BTFXTEMP
2007-12-15 00:01:06 0 d-------- C:\Program Files\Extended Systems
2007-12-14 23:01:05 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\Macromedia
2007-12-14 23:01:04 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\Adobe
2007-12-14 21:57:51 0 d-------- C:\Program Files\McAfee
2007-12-14 21:57:51 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\McAfee
2007-12-14 21:57:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee.com
2007-12-14 17:43:51 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\BitTorrent
2007-12-14 17:43:46 0 d-------- C:\Program Files\BitTorrent
2007-12-14 13:39:27 19456 --a------ C:\WINDOWS\system32\drivers\exyelexu.dat
2007-12-14 13:35:55 84992 --a------ C:\WINDOWS\system32\bitsprx.dll
2007-12-14 13:23:16 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\Identities
2007-12-14 13:23:00 0 d--h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\Templates
2007-12-14 13:23:00 0 dr------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Start Menu
2007-12-14 13:23:00 0 dr-h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\SendTo
2007-12-14 13:23:00 0 dr-h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\Recent
2007-12-14 13:23:00 0 d--h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\PrintHood
2007-12-14 13:23:00 1835008 --ah----- C:\Documents and Settings\Brendan.BRENDAN-3530838\NTUSER.DAT
2007-12-14 13:23:00 0 d--h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\NetHood
2007-12-14 13:23:00 0 dr------- C:\Documents and Settings\Brendan.BRENDAN-3530838\My Documents
2007-12-14 13:23:00 0 d--h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\Local Settings
2007-12-14 13:23:00 0 dr------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Favorites
2007-12-14 13:23:00 0 d-------- C:\Documents and Settings\Brendan.BRENDAN-3530838\Desktop
2007-12-14 13:23:00 0 d---s---- C:\Documents and Settings\Brendan.BRENDAN-3530838\Cookies
2007-12-14 13:23:00 0 d--h----- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data
2007-12-14 13:21:36 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2007-12-14 13:21:36 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2007-12-14 13:21:36 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2007-12-14 13:21:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2007-12-14 13:21:36 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2007-12-14 13:21:18 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-12-14 13:21:18 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2007-12-14 13:21:18 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2007-12-14 13:21:18 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2007-12-14 13:21:18 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2007-12-14 13:12:38 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-12-14 13:10:27 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-12-14 13:07:29 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-14 13:06:07 215552 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 12:35:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2007-12-14 12:35:45 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2007-12-14 12:35:45 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2007-12-14 12:35:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2007-12-14 12:35:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2007-12-14 12:35:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2007-12-14 12:35:45 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2007-12-14 12:35:45 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2007-12-14 12:35:45 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2007-12-14 12:35:45 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2007-12-14 12:35:45 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2007-12-14 12:35:45 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2007-12-14 12:35:45 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2007-12-14 12:35:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2007-12-14 12:35:45 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-12-14 12:35:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2007-12-14 12:35:16 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2007-12-14 12:35:16 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2007-12-14 12:35:16 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-12-14 12:35:16 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2007-12-14 12:00:00 0 d-------- C:\WINDOWS\setup.pss
2007-12-13 15:05:22 0 d-------- C:\Program Files\HDD Regenerator
2007-12-13 14:50:23 0 d-------- C:\Documents and Settings\Brendan\Application Data\BitTorrent
2007-12-06 00:53:53 0 d-------- C:\Program Files\Flobo Hard Disk Repair
2007-12-06 00:46:09 0 d-------- C:\Documents and Settings\Brendan\Contacts
2007-12-06 00:44:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-05 06:33:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-05 06:33:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-05 06:33:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-05 06:33:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-12-05 06:33:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-05 06:33:22 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-05 06:33:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-05 06:33:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-12-05 06:33:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-05 06:33:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-12-05 06:33:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-05 06:33:22 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-05 06:33:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-05 06:33:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-04 18:24:04 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2007-12-21 16:12:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-17 11:56:38 0 d-------- C:\Program Files\Common Files
2007-12-15 04:02:09 0 d-------- C:\Program Files\Java
2007-12-15 00:26:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-14 23:53:49 0 d-------- C:\Program Files\GameSpy Arcade
2007-12-14 12:35:45 62 --ahs---- C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data\desktop.ini
2007-12-06 00:45:35 0 d-------- C:\Program Files\MSN Messenger
2007-12-04 22:52:35 0 d-------- C:\Program Files\Partition Table Doctor 3.0
2007-12-04 18:24:56 0 d--h----- C:\Program Files\WindowsUpdate


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F0D1613-11B5-4AF6-A524-5D51EBAAFC26}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPS Remover]
C:\Program Files\BPS Remover\SpyRem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPS Spyware Remover]
C:\Program Files\BPS Remover\BPSRem.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTSETBOOTKEY]
BTSetBootKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTUSRBDG]
BtUsrBdg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ptask]
C:\Program Files\TrustedAntivirus\ptask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
"C:\Program Files\Softick\PPP\Bin\PPPGate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinfernoUpdate]
"C:\Program Files\Common Files\Winferno\WSCUpdtr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
C:\WINDOWS\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2beb6642-aa3f-11dc-9d93-806d6172696f}]
AutoRun\command- D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f1ae411-3bef-11d8-a6d1-806d6172696f}]
AutoRun\command- Q:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-12-22 16:51:27 ------------

------------------------------------------------------


EXTRA.TXT
--------------------------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 1500+
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 255.23 MiB / 63.25 MiB
Pagefile Memory (total/avail): 617.99 MiB / 351.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 62.01 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 16.97 GiB total, 16.36 GiB free.
Q: is CDROM (UDF)

\\.\PHYSICALDRIVE1 - SAMSUNG SV1824D - 16.98 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 16.97 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHA0 - 74.52 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Uploader.exe"="C:\\Uploader.exe:*:Disabled:Uploader"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Brendan.BRENDAN-3530838\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRENDAN-3530838
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brendan.BRENDAN-3530838
LOGONSERVER=\\BRENDAN-3530838
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRENDA~1.BRE\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRENDA~1.BRE\LOCALS~1\Temp
USERDOMAIN=BRENDAN-3530838
USERNAME=Brendan
USERPROFILE=C:\Documents and Settings\Brendan.BRENDAN-3530838
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Brendan.BRENDAN-3530838 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adaptec UDF Reader --> C:\WINDOWS\system32\UDFRUNIN.EXE
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
HDD Regenerator --> MsiExec.exe /X{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mpowerplayer --> C:\WINDOWS\system32\javaws.exe -uninstall "http://mpowerplayer....lib/player.jar"
Orca --> MsiExec.exe /I{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 2.0 PIM & File Manager --> MsiExec.exe /I{4513F51E-3D1B-4791-B652-4C8B263ACD07}
Samsung PC Studio USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Softick PPP 2.21 (remove only) --> "C:\Program Files\Softick\PPP\uninstall.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
XTNDConnect Blue Manager 3.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0C65E65-5CF2-4C16-8023-950BA678FE15}\Setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type336 / Error
Event Submitted/Written: 12/22/2007 03:55:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type318 / Error
Event Submitted/Written: 12/21/2007 11:38:23 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type315 / Error
Event Submitted/Written: 12/21/2007 11:35:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011bf4.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type311 / Error
Event Submitted/Written: 12/21/2007 11:16:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss[1].exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001152a.
Processing media-specific event for [dss[1].exe!ws!]

Event Record #/Type309 / Error
Event Submitted/Written: 12/21/2007 11:09:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss[1].exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e.
Processing media-specific event for [dss[1].exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1923 / Warning
Event Submitted/Written: 12/22/2007 03:44:11 PM / 12/22/2007 03:44:12 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1902 / Warning
Event Submitted/Written: 12/22/2007 03:20:07 PM / 12/22/2007 03:20:42 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Event Record #/Type1897 / Warning
Event Submitted/Written: 12/21/2007 08:19:59 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002018801261. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1893 / Warning
Event Submitted/Written: 12/21/2007 07:55:12 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1874 / Warning
Event Submitted/Written: 12/21/2007 07:33:31 PM / 12/21/2007 07:34:03 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.



-- End of Deckard's System Scanner: finished at 2007-12-22 16:51:27 ------------

---------------------------------------
  • 0

Advertisements

#2
greenelephant
Posted 23 December 2007 - 04:30 AM

greenelephant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
^BUMP^
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP