Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan_DNS changer and Trojan-downloader.popuper


  • Please log in to reply

#16
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Thanks. I'm looking over it right now, be back in a couple of minutes.
  • 0

Advertisements


#17
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ok, this is so wierd i never had this problem before. Just cause my anti virus was out for like 15 secs and a trojan comes. Unbelievable.
  • 0

#18
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
What do you mean? Is there a new trojan? Give me a new DSS.

Tal
  • 0

#19
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Spyware doctor i still giving my those two threats. Trojan DNS changer and Trojan Downloader.popuper. Should it have dissapeared when i fixed that line in Hijack This? I am still having the same internet connection problem with the message i showed you erlier. I was just talking about the whole incident, there is no new trojan.

Edited by ash_9118, 23 May 2008 - 05:29 PM.

  • 0

#20
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
OK, I really don't see anything else there, so let's run FixWareout again and fix the HJT entry right afterwards.

Please locate FixWareout. Double click on it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt).

Next:

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)
O17 - HKLM\System\CCS\Services\Tcpip\..\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}: NameServer = 85.255.116.164 85.255.112.81


Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Restart your computer again - when it boots, rescan with DSS and give me a fresh log. Hopefully that will do the trick :)

Tal
  • 0

#21
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts

Spyware doctor i still giving my those two threats. Trojan DNS changer and Trojan Downloader.popuper. Should it have dissapeared when i fixed that line in Hijack This? I am still having the same internet connection problem with the message i showed you erlier. I was just talking about the whole incident, there is no new trojan.


DNS changer is the name SpywareDoctor gives Wareout, which we're fixing right now. That's the O17 line you've fixed previously. It sets a certain DNS address so websites typed resolve to certain IPs. As for that error message, let's see if fixing this won't correct it :)

Tal
  • 0

#22
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It connected perfectly without needing to disable Ongaurd.I will post the DSS log now and i will restart my computer to see if it is connecting just fine, just to make sure it wasnt a fluke like last time.Here is the DSS log:

Deckard's System Scanner v20071014.68
Run by admin on 2008-05-23 19:43:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:51 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Other\dss.exe
C:\DOCUME~1\admin\Desktop\Ashwin\Other\HJ\admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201821736265
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5390 bytes

-- Files created between 2008-04-23 and 2008-05-23 -----------------------------

2008-05-21 19:39:22 0 d-------- C:\Documents and Settings\admin\.frugoo_file_store_32
2008-05-20 19:00:09 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-05-20 19:00:08 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-20 18:06:32 0 d-------- C:\Program Files\Common Files\L&H
2008-05-20 01:36:14 0 d-------- C:\Documents and Settings\admin\Application Data\Yahoo! Messenger
2008-05-19 17:50:43 0 d-------- C:\Program Files\Siber Systems
2008-05-18 13:28:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 13:28:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 16:28:12 0 d-------- C:\Program Files\ZD Soft
2008-05-13 17:14:05 5505024 --a------ C:\Documents and Settings\admin\ntuser.dat
2008-05-12 20:32:05 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-05-11 08:52:13 393216 --a------ C:\WINDOWS\system32\iMagicErrorLibrary.dll <Not Verified; iMagic; Innovasys vbCodeShield>
2008-05-11 08:52:12 161280 --a------ C:\WINDOWS\system32\TALBC.DLL
2008-05-11 08:52:12 163840 --a------ C:\WINDOWS\system32\FlicPlusSDK_Win32_API.dll
2008-05-11 08:52:11 0 d-------- C:\Program Files\iMagic Inventory
2008-05-09 13:11:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-08 17:10:18 0 d-------- C:\Program Files\Google
2008-05-07 16:50:58 0 d--h----- C:\$AVG8.VAULT$
2008-05-07 16:38:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 16:38:01 0 d-------- C:\Documents and Settings\admin\Application Data\AVGTOOLBAR
2008-05-07 16:37:53 0 d-------- C:\Program Files\AVG
2008-05-07 16:37:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 16:21:08 0 d-------- C:\Program Files\Spyware Doctor
2008-05-07 16:21:08 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-05-06 21:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-06 18:35:35 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-04 22:15:00 225 --a------ C:\WINDOWS\fastaero_config
2008-05-04 22:14:19 781824 --a------ C:\WINDOWS\FastAeroConfig.exe <Not Verified; ; FastAero Setting>
2008-05-03 16:43:14 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-05-02 23:53:30 0 d--h----- C:\Documents and Settings\admin\Recent(2)
2008-05-02 21:04:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-02 18:46:33 0 d-------- C:\Program Files\HyCam2
2008-05-02 18:43:25 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2008-05-02 18:43:24 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-05-02 14:58:41 0 d-------- C:\Documents and Settings\admin\dwhelper
2008-05-02 13:44:10 233472 -----n--- C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2008-05-02 13:44:10 61440 -----n--- C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-02 13:44:10 81920 -----n--- C:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-05-02 13:44:10 32512 -----n--- C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-05-01 16:09:35 0 d-------- C:\Program Files\iTunes
2008-05-01 15:46:27 0 d-------- C:\Documents and Settings\admin\Application Data\DivX
2008-05-01 13:36:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 19:20:18 0 d-------- C:\Program Files\SonicWallES
2008-04-25 14:16:51 0 d-------- C:\Documents and Settings\LocalService\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-05-23 18:13:41 0 d-------- C:\Program Files\LimeWire
2008-05-22 20:44:14 0 d-------- C:\Documents and Settings\admin\Application Data\FileZilla
2008-05-22 09:22:55 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-20 19:00:08 0 d-------- C:\Program Files\Common Files
2008-05-20 18:02:12 0 d-------- C:\Documents and Settings\admin\Application Data\utorrent
2008-05-20 17:44:42 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-17 15:51:43 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-05-09 01:35:03 0 d-------- C:\Program Files\Safari
2008-05-04 16:03:46 0 d-------- C:\Program Files\DivX
2008-05-04 15:43:48 685775 --a------ C:\Documents and Settings\admin\Application Data\NMM-MetaData.db
2008-05-02 14:46:40 0 d-------- C:\Program Files\QuickTime
2008-05-01 19:30:36 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 16:09:42 0 d-------- C:\Program Files\iPod
2008-04-22 18:08:22 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-22 18:08:14 0 d-------- C:\Program Files\BitDefender
2008-04-22 13:07:07 0 d-------- C:\Documents and Settings\admin\Application Data\CDBurnerXP_Soft
2008-04-22 13:06:45 0 d-------- C:\Program Files\CDBurnerXP
2008-04-20 13:56:20 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-19 23:27:47 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-18 21:20:00 0 d-------- C:\Documents and Settings\admin\Application Data\PowerChallenge
2008-04-15 19:26:18 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-04-14 14:41:34 50880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-13 15:17:24 0 d-------- C:\Program Files\MSECache
2008-04-12 22:03:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 21:32:47 0 d-------- C:\Program Files\Wisdom-soft MotionStudio
2008-04-09 20:15:32 0 d-------- C:\Program Files\Java
2008-04-08 22:44:57 0 d-------- C:\Program Files\Adobe CS3
2008-04-07 17:23:51 0 d-------- C:\Documents and Settings\admin\Application Data\NCH Swift Sound
2008-04-06 15:33:20 0 d-------- C:\Documents and Settings\admin\Application Data\Microsoft Games
2008-04-06 14:57:56 0 d-------- C:\Program Files\uTorrent
2008-04-05 16:21:06 0 d-------- C:\Program Files\Yahoo!
2008-04-05 14:52:20 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-05 14:52:19 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:43:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 14:16:57 0 d-------- C:\Program Files\Windows Live
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-30 21:06:03 0 d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-03-24 18:22:15 0 d-------- C:\Documents and Settings\admin\Application Data\Ulead Systems
2008-03-24 18:18:07 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-03-24 18:18:04 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-24 18:16:16 0 d-------- C:\Program Files\SmartSound Software
2008-03-24 18:14:44 0 d-------- C:\Program Files\Windows Media Components
2008-03-24 18:11:00 0 d-------- C:\Program Files\Ulead Systems
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-12 10:00:31 2578 --a------ C:\WINDOWS\mozver.dat
2008-02-27 16:52:31 49152 --a------ C:\WINDOWS\system32\ArmAccess.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/11/2008 12:29 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/11/2008 12:29 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [05/20/2008 07:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Automatic Update.lnk]
backup=C:\WINDOWS\pss\F-Secure Automatic Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"




-- End of Deckard's System Scanner: finished at 2008-05-23 19:44:25 ------------
  • 0

#23
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Yup, that entry is gone. You can reboot it several times if you wish, let me know if there are any issues :)
  • 0

#24
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OMG!!! Spyware doctor is still not letting me connect!!! What is happening? It says Spyware doctor has blocked high risked threat : Trojan-downloader.popuper Risk : high

Edited by ash_9118, 24 May 2008 - 08:41 AM.

  • 0

#25
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
OK, let's take a different approach at this...

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next reply, please include the Kaspersky log and a new DSS log.

I am off to sleep now, I will reply tomorrow.

Edited by Tal, 23 May 2008 - 06:29 PM.

  • 0

Advertisements


#26
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Also, please do this.

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29
NY -> @Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:3270185A
NY -> @Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:430C6D84
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersProfile%\Application Data\TEMP:C31F31E6
NY -> @Alternate Data Stream - 179 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
NY -> @Alternate Data Stream - 99 bytes -> %AllUsersProfile%\Application Data\TEMP:F1CF9611


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Any changes now?
  • 0

#27
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok, i still havent done those steps yet but i am just giving some additional information. This is exactly what spyware doctor says: "OnGuard: System Event Blocked
Threat Name - Trojan-Downloader.Popuper
Details - Spyware Doctor has blocked an application attempting to write to the registry.
Risk Level - High
Infection - HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS\INTERFACES\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}"
  • 0

#28
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Do you remember this line?

O17 - HKLM\System\CCS\Services\Tcpip\..\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}: NameServer = 85.255.116.164 85.255.112.81

Spyware Doctor says the same thing, something is getting it back and I'm trying to find what exactly...
  • 0

#29
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
OK, going through your logs once again I think we may have found the culprit. There are some sneaky files in your Temp section, did you run ATF cleaner when I asked you to?

Step1 : OTScanIt

Perform the steps in my post #26.

Step2 : OTMoveIt
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    c:\documents and settings\admin\local settings\temp\nsc29.tmp\iospecial.ini
    c:\documents and settings\admin\local settings\temp\nsg17.tmp\shortcuts.ini
    c:\documents and settings\admin\local settings\temp\perflib_perfdata_f88.dat
    c:\documents and settings\admin\local settings\temp\is-640ja.tmp\
    c:\documents and settings\admin\local settings\temp\is-dg4gn.tmp\
    c:\documents and settings\admin\local settings\temp\is-m5vnr.tmp\
    c:\documents and settings\admin\local settings\temp\is-oli7g.tmp\
    c:\documents and settings\admin\local settings\temp\is-pd8o0.tmp\
    c:\documents and settings\admin\local settings\temp\is-rfq11.tmp\
    c:\documents and settings\admin\local settings\temp\nsc29.tmp\
    c:\documents and settings\admin\local settings\temp\nsg17.tmp\
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Include a new DSS log in your next reply as well as the OTMoveIt log.

Edited by Tal, 24 May 2008 - 05:27 AM.

  • 0

#30
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yes i did clean my temprary files like you asked me to. And i just went through the DSS log and that line is still there.
here is the Move it log:

File/Folder c:\documents and settings\admin\local settings\temp\nsc29.tmp\iospecial.ini not found.
File/Folder c:\documents and settings\admin\local settings\temp\nsg17.tmp\shortcuts.ini not found.
File/Folder c:\documents and settings\admin\local settings\temp\perflib_perfdata_f88.dat not found.
Folder c:\documents and settings\admin\local settings\temp\is-640ja.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\is-dg4gn.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\is-m5vnr.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\is-oli7g.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\is-pd8o0.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\is-rfq11.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\nsc29.tmp\ not found.
Folder c:\documents and settings\admin\local settings\temp\nsg17.tmp\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05242008_103413

The DSS log:

Deckard's System Scanner v20071014.68
Run by admin on 2008-05-24 10:36:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:16 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Other\dss.exe
C:\DOCUME~1\admin\Desktop\Ashwin\Other\HJ\admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201821736265
O17 - HKLM\System\CCS\Services\Tcpip\..\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}: NameServer = 85.255.116.164 85.255.112.81
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5378 bytes

-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-24 10:19:16 0 d-------- C:\Program Files\Spyware Doctor
2008-05-24 10:19:16 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-05-24 10:07:36 1312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-24 10:07:36 40992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-24 09:59:04 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-05-24 09:59:00 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-21 19:39:22 0 d-------- C:\Documents and Settings\admin\.frugoo_file_store_32
2008-05-20 18:06:32 0 d-------- C:\Program Files\Common Files\L&H
2008-05-20 01:36:14 0 d-------- C:\Documents and Settings\admin\Application Data\Yahoo! Messenger
2008-05-19 17:50:43 0 d-------- C:\Program Files\Siber Systems
2008-05-18 13:28:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 13:28:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 16:28:12 0 d-------- C:\Program Files\ZD Soft
2008-05-13 17:14:05 5505024 --a------ C:\Documents and Settings\admin\ntuser.dat
2008-05-12 20:32:05 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-05-11 08:52:13 393216 --a------ C:\WINDOWS\system32\iMagicErrorLibrary.dll <Not Verified; iMagic; Innovasys vbCodeShield>
2008-05-11 08:52:12 161280 --a------ C:\WINDOWS\system32\TALBC.DLL
2008-05-11 08:52:12 163840 --a------ C:\WINDOWS\system32\FlicPlusSDK_Win32_API.dll
2008-05-11 08:52:11 0 d-------- C:\Program Files\iMagic Inventory
2008-05-09 13:11:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-08 17:10:18 0 d-------- C:\Program Files\Google
2008-05-07 16:50:58 0 d--h----- C:\$AVG8.VAULT$
2008-05-07 16:38:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 16:38:01 0 d-------- C:\Documents and Settings\admin\Application Data\AVGTOOLBAR
2008-05-07 16:37:53 0 d-------- C:\Program Files\AVG
2008-05-07 16:37:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-06 21:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-04 22:15:00 225 --a------ C:\WINDOWS\fastaero_config
2008-05-04 22:14:19 781824 --a------ C:\WINDOWS\FastAeroConfig.exe <Not Verified; ; FastAero Setting>
2008-05-03 16:43:14 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-05-02 23:53:30 0 d--h----- C:\Documents and Settings\admin\Recent(2)
2008-05-02 21:04:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-02 18:46:33 0 d-------- C:\Program Files\HyCam2
2008-05-02 18:43:25 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2008-05-02 18:43:24 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-05-02 14:58:41 0 d-------- C:\Documents and Settings\admin\dwhelper
2008-05-02 13:44:10 233472 -----n--- C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2008-05-02 13:44:10 61440 -----n--- C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-02 13:44:10 81920 -----n--- C:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-05-02 13:44:10 32512 -----n--- C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-05-01 16:09:35 0 d-------- C:\Program Files\iTunes
2008-05-01 15:46:27 0 d-------- C:\Documents and Settings\admin\Application Data\DivX
2008-05-01 13:36:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 19:20:18 0 d-------- C:\Program Files\SonicWallES
2008-04-25 14:16:51 0 d-------- C:\Documents and Settings\LocalService\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-05-24 10:18:51 0 d-------- C:\Documents and Settings\admin\Application Data\utorrent
2008-05-24 10:04:59 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-24 09:59:00 0 d-------- C:\Program Files\Common Files
2008-05-24 09:52:41 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-23 18:13:41 0 d-------- C:\Program Files\LimeWire
2008-05-22 20:44:14 0 d-------- C:\Documents and Settings\admin\Application Data\FileZilla
2008-05-17 15:51:43 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-05-09 01:35:03 0 d-------- C:\Program Files\Safari
2008-05-04 16:03:46 0 d-------- C:\Program Files\DivX
2008-05-04 15:43:48 685775 --a------ C:\Documents and Settings\admin\Application Data\NMM-MetaData.db
2008-05-02 14:46:40 0 d-------- C:\Program Files\QuickTime
2008-05-01 19:30:36 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 16:09:42 0 d-------- C:\Program Files\iPod
2008-04-22 18:08:22 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-22 18:08:14 0 d-------- C:\Program Files\BitDefender
2008-04-22 13:07:07 0 d-------- C:\Documents and Settings\admin\Application Data\CDBurnerXP_Soft
2008-04-22 13:06:45 0 d-------- C:\Program Files\CDBurnerXP
2008-04-20 13:56:20 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-19 23:27:47 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-18 21:20:00 0 d-------- C:\Documents and Settings\admin\Application Data\PowerChallenge
2008-04-15 19:26:18 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-04-14 14:41:34 50880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-13 15:17:24 0 d-------- C:\Program Files\MSECache
2008-04-12 22:03:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 21:32:47 0 d-------- C:\Program Files\Wisdom-soft MotionStudio
2008-04-09 20:15:32 0 d-------- C:\Program Files\Java
2008-04-08 22:44:57 0 d-------- C:\Program Files\Adobe CS3
2008-04-07 17:23:51 0 d-------- C:\Documents and Settings\admin\Application Data\NCH Swift Sound
2008-04-06 15:33:20 0 d-------- C:\Documents and Settings\admin\Application Data\Microsoft Games
2008-04-06 14:57:56 0 d-------- C:\Program Files\uTorrent
2008-04-05 16:21:06 0 d-------- C:\Program Files\Yahoo!
2008-04-05 14:52:20 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-05 14:52:19 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:43:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 14:16:57 0 d-------- C:\Program Files\Windows Live
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-30 21:06:03 0 d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-03-24 18:22:15 0 d-------- C:\Documents and Settings\admin\Application Data\Ulead Systems
2008-03-24 18:18:07 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-03-24 18:18:04 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-24 18:16:16 0 d-------- C:\Program Files\SmartSound Software
2008-03-24 18:14:44 0 d-------- C:\Program Files\Windows Media Components
2008-03-24 18:11:00 0 d-------- C:\Program Files\Ulead Systems
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-12 10:00:31 2578 --a------ C:\WINDOWS\mozver.dat
2008-02-27 16:52:31 49152 --a------ C:\WINDOWS\system32\ArmAccess.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/11/2008 12:29 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/11/2008 12:29 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [02/25/2008 04:49 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
C:\DOCUME~1\admin\LOCALS~1\Temp\~frjutdi.tmp\temp00
C:\DOCUME~1\admin\LOCALS~1\Temp\~frjutdi.tmp\run_a.txt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [02/25/2008 04:49 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Automatic Update.lnk]
backup=C:\WINDOWS\pss\F-Secure Automatic Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"




-- End of Deckard's System Scanner: finished at 2008-05-24 10:37:11 ------------

Edited by ash_9118, 24 May 2008 - 08:38 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP