Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virtumonde & virtumonde.dll


  • Please log in to reply

#16
idkidd

idkidd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 509.98 MiB / 78.81 MiB
Pagefile Memory (total/avail): 863.56 MiB / 472.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.35 MiB

C: is Fixed (NTFS) - 33.68 GiB total, 6.75 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75JHC0 - 37.25 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 33.68 GiB - C:
\PARTITION2 - Unknown - 3.54 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\WebConference.com\\Version51239\\webconference.exe"="C:\\Program Files\\WebConference.com\\Version51239\\webconference.exe:*:Enabled:WebConference.com"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1140537316\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1140537316\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1140537316\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1140537316\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"="C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lynn Zerbe\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LYNN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lynn Zerbe
LOGONSERVER=\\LYNN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LYNNZE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LYNNZE~1\LOCALS~1\Temp
USERDOMAIN=LYNN
USERNAME=Lynn Zerbe
USERPROFILE=C:\Documents and Settings\Lynn Zerbe
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Lynn Zerbe (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Minutes to a Great Real Estate Sales Meeting --> C:\WINDOWS\iun506.exe C:\5 Minutes to a Great Real Estate Sales Meeting\irunin.ini
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Avery LabelPro 3.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery LabelPro\DeIsL1.isu"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Calendar Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}\setup.exe" -l0x9 anything
Canon iP4300 User Registration --> C:\Program Files\Canon\IJEREG\iP4300\UNINST.EXE
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eSync Modem Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B50F76AB-8ABB-4DCA-9767-19E6F8517EF6} SupraUnInstallText
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Image Expert --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra Imaging\Image Expert\Uninst.isu" -c"C:\Program Files\Sierra Imaging\Image Expert\uninstall.dll
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Learn.com Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
Lizardtech DjVu Control (autoinstall) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DjVuLite.us.inf,DefaultUninstall,5
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MGI PhotoSuite Mobile Edition (Remove only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite Mobile Edition\Uninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Lynn Zerbe\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b4) --> C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
My Way Search Assistant --> rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
NetBeans IDE 6.1 --> "C:\Program Files\NetBeans 6.1\uninstall.exe"
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rapattoni MLS PDF Creator --> MsiExec.exe /I{691652E3-D900-49C8-843B-2EB459A13653}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
ScrewDrivers Client v3 --> C:\PROGRA~1\triCerat\SIMPLI~1\SCREWD~1\UNWISE.EXE C:\PROGRA~1\triCerat\SIMPLI~1\SCREWD~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SereneScreen Marine Aquarium 2 + Time --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SereneScreen\Marine Aquarium 2 + Time\Uninst.isu"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
The Print Shop 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DD1FE66-5536-41E3-B786-70068887B3F4}\setup.exe" anything
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type15440 / Error
Event Submitted/Written: 06/18/2008 01:02:11 AM
Event ID/Source: 4510 / McUpdate
Event Description:
Cannot stop the On-Access Scanner. The .DAT Update cannot continue because the old .DAT files cannot be replaced.

Event Record #/Type15437 / Error
Event Submitted/Written: 06/17/2008 01:01:43 AM
Event ID/Source: 4510 / McUpdate
Event Description:
Cannot stop the On-Access Scanner. The .DAT Update cannot continue because the old .DAT files cannot be replaced.

Event Record #/Type15420 / Error
Event Submitted/Written: 06/12/2008 01:00:03 AM
Event ID/Source: 4505 / McUpdate
Event Description:
AutoUpdate failed. All the connections failed.

Event Record #/Type15403 / Error
Event Submitted/Written: 06/10/2008 08:06:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x012b1558.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type15397 / Error
Event Submitted/Written: 06/07/2008 03:47:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type60232 / Warning
Event Submitted/Written: 06/18/2008 07:12:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60207 / Warning
Event Submitted/Written: 06/18/2008 03:28:22 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60189 / Warning
Event Submitted/Written: 06/16/2008 11:08:52 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60188 / Warning
Event Submitted/Written: 06/15/2008 05:17:35 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60187 / Warning
Event Submitted/Written: 06/15/2008 07:49:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-06-18 19:14:20 ------------
  • 0

Advertisements


#17
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Good! :) Looks like you're clean, any specific issues you can point out?
  • 0

#18
idkidd

idkidd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I don't think I see any more problems. Thank you so much for your help. I've donated to you through Paypal and I just wish I could do more. Any recommendations at all to avoid this happening again in the future?
  • 0

#19
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Wow!!! Thank you for your very-very generous donation! :) It's greatly appreciated. You can give me a final DSS so we can take a most definite look, but you're looking clean.

Below are some steps to prevent this from happening again :)

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal
  • 0

#20
idkidd

idkidd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Tal,

Here's my final ds log. Also, I've followed the instructions and re-hidden the files. Am I all good? Thanks again!

Deckard's System Scanner v20071014.68
Run by Lynn Zerbe on 2008-07-01 23:17:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Lynn Zerbe.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:51 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Lynn Zerbe\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LYNNZE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...mp;ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file://C:\DOCUME~1\LYNNZE~1\LOCALS~1\Temp\IXP000.TMP\setup.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://66.192.131.66/msrdp.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cbu.webex.co...ing/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7226 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 18:00:22 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-01 17:54:37 0 d-------- C:\Program Files\Common Files\Logishrd
2008-07-01 17:53:54 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\InstallShield
2008-06-26 22:23:32 0 d-------- C:\WINDOWS\pss
2008-06-23 12:12:05 0 d-------- C:\Program Files\Apple Software Update
2008-06-14 13:50:10 68096 --a------ C:\WINDOWS\zip.exe
2008-06-14 13:50:10 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-14 13:50:10 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-14 13:50:10 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-14 13:50:10 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-14 13:50:10 98816 --a------ C:\WINDOWS\sed.exe
2008-06-14 13:50:10 80412 --a------ C:\WINDOWS\grep.exe
2008-06-14 13:50:10 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-13 17:09:23 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-03 18:20:45 0 d-------- C:\Documents and Settings\Lynn Zerbe\.netbeans-registration
2008-06-03 18:19:44 0 d-------- C:\Program Files\NetBeans 6.1
2008-06-03 18:15:12 0 d-------- C:\Program Files\Common Files\Java
2008-06-03 18:11:58 0 d-------- C:\Documents and Settings\Lynn Zerbe\.nbi
2008-06-01 17:32:14 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-07-01 20:48:08 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\Skype
2008-07-01 17:55:50 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-01 17:54:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 17:54:37 0 d-------- C:\Program Files\Common Files
2008-07-01 17:42:13 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\skypePM
2008-06-30 20:07:29 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\Azureus
2008-06-29 20:31:31 0 d-------- C:\Program Files\Azureus
2008-06-23 12:17:56 0 d-------- C:\Program Files\QuickTime
2008-06-22 19:32:19 0 d-------- C:\Program Files\Common Files\Broderbund
2008-06-22 19:30:53 0 d-------- C:\Program Files\Canon
2008-06-22 19:29:54 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-21 03:09:13 0 d-------- C:\Program Files\Pure Networks
2008-06-21 03:09:13 0 d-------- C:\Program Files\Common Files\AOL
2008-06-20 19:03:15 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\AOL
2008-06-18 22:27:58 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-06-14 00:06:46 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\U3
2008-06-03 18:19:32 0 d-------- C:\Program Files\Java
2008-05-27 00:07:17 49170 --a------ C:\WINDOWS\system32\jpwnw64q.exe <Not Verified; ; Browser Driver>
2008-05-16 14:22:53 0 d-------- C:\Program Files\Skype
2008-05-16 14:21:50 0 d-------- C:\Program Files\Common Files\Skype
2008-05-15 16:31:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 16:27:35 0 d-------- C:\Documents and Settings\Lynn Zerbe\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 03:42 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" []

C:\Documents and Settings\Lynn Zerbe\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [3/9/2007 10:49:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 05/02/2008 02:42 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25aab914-3aef-11dc-97ae-001a7036139d}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-01 23:18:11 ------------
  • 0

#21
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Looks good to me :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP