Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hgGayxxy.dll vundo?


  • Please log in to reply

#1
DannyJoe

DannyJoe

    Member

  • Member
  • PipPip
  • 14 posts
Hi! It's been a while since i've been back on here and I have another problem.

My brother was trying to install Photoshop on my computer by using keygens and all this other stuff i have no idea about.
Anyway, I have no idea what he did, but all i know is my computer is slowing down, my McAfee is detecting a vundo named hgGayxxy.dll, and also another one with weird random letters. it cannot be quarantiened, cleaned, or deleted using McAfee, and my VundoFix doesn't get rid of it.

I produced a VirtumondoBeGone txt file, and a HiJackThis txt file for you guys and hopefully you can take a look at it.

I appreciate your help so sooo much. It really is a great thing what you are doing for evereyone on here.

Here are the txt files for you.


--------------------------------------------------------------VBG FILE--------------------------------------------------------------



[06/10/2008, 17:29:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\a109\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 17:29:45] - Detected System Information:
[06/10/2008, 17:29:45] - Windows Version: 5.1.2600, Service Pack 2
[06/10/2008, 17:29:45] - Current Username: a109 (Admin)
[06/10/2008, 17:29:45] - Windows is in SAFE mode.
[06/10/2008, 17:29:45] - Searching for Browser Helper Objects:
[06/10/2008, 17:29:45] - BHO 1: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} ()
[06/10/2008, 17:29:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:29:45] - Checking for HKLM\...\Winlogon\Notify\hgGayxxy
[06/10/2008, 17:29:45] - Found: HKLM\...\Winlogon\Notify\hgGayxxy - This is probably Virtumundo.
[06/10/2008, 17:29:45] - Assigning {487C9905-26A8-42C8-8033-C58AD3D2AEC3} MSEvents Object
[06/10/2008, 17:29:45] - BHO list has been changed! Starting over...
[06/10/2008, 17:29:45] - BHO 1: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} (MSEvents Object)
[06/10/2008, 17:29:45] - ALERT: Found MSEvents Object!
[06/10/2008, 17:29:45] - BHO 2: {4f402daf-70fe-4a86-8662-fd59adcfb11e} ()
[06/10/2008, 17:29:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:29:45] - Checking for HKLM\...\Winlogon\Notify\nxkxdyrp
[06/10/2008, 17:29:45] - Key not found: HKLM\...\Winlogon\Notify\nxkxdyrp, continuing.
[06/10/2008, 17:29:45] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 17:29:45] - BHO 4: {E26F1378-87B7-4247-A804-E25756BAB783} ()
[06/10/2008, 17:29:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:29:45] - Checking for HKLM\...\Winlogon\Notify\awturSJB
[06/10/2008, 17:29:45] - Key not found: HKLM\...\Winlogon\Notify\awturSJB, continuing.
[06/10/2008, 17:29:45] - Finished Searching Browser Helper Objects
[06/10/2008, 17:29:45] - *** Detected MSEvents Object
[06/10/2008, 17:29:45] - Trying to remove MSEvents Object...
[06/10/2008, 17:29:46] - Terminating Process: IEXPLORE.EXE
[06/10/2008, 17:29:47] - Terminating Process: RUNDLL32.EXE
[06/10/2008, 17:29:47] - Disabling Automatic Shell Restart
[06/10/2008, 17:29:47] - Terminating Process: EXPLORER.EXE
[06/10/2008, 17:29:48] - Suspending the NT Session Manager System Service
[06/10/2008, 17:29:48] - Terminating Windows NT Logon/Logoff Manager
[06/10/2008, 17:29:48] - Re-enabling Automatic Shell Restart
[06/10/2008, 17:29:48] - File to disable: C:\WINDOWS\system32\hgGayxxy.dll
[06/10/2008, 17:29:48] - Renaming C:\WINDOWS\system32\hgGayxxy.dll -> C:\WINDOWS\system32\hgGayxxy.dll.vir
[06/10/2008, 17:29:48] - File successfully renamed!
[06/10/2008, 17:29:48] - Removing HKLM\...\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/10/2008, 17:29:48] - Removing HKCR\CLSID\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/10/2008, 17:29:48] - Adding Kill Bit for ActiveX for GUID: {487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/10/2008, 17:29:48] - Deleting ATLEvents/MSEvents Registry entries
[06/10/2008, 17:29:48] - Removing HKLM\...\Winlogon\Notify\hgGayxxy
[06/10/2008, 17:29:48] - Searching for Browser Helper Objects:
[06/10/2008, 17:29:48] - BHO 1: {4f402daf-70fe-4a86-8662-fd59adcfb11e} ()
[06/10/2008, 17:29:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:29:48] - Checking for HKLM\...\Winlogon\Notify\nxkxdyrp
[06/10/2008, 17:29:48] - Key not found: HKLM\...\Winlogon\Notify\nxkxdyrp, continuing.
[06/10/2008, 17:29:48] - BHO 2: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 17:29:48] - BHO 3: {E26F1378-87B7-4247-A804-E25756BAB783} ()
[06/10/2008, 17:29:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:29:48] - Checking for HKLM\...\Winlogon\Notify\awturSJB
[06/10/2008, 17:29:48] - Key not found: HKLM\...\Winlogon\Notify\awturSJB, continuing.
[06/10/2008, 17:29:48] - Finished Searching Browser Helper Objects
[06/10/2008, 17:29:48] - Finishing up...
[06/10/2008, 17:29:48] - A restart is needed.
[06/10/2008, 17:29:48] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/10/2008, 17:29:58] - Attempting to Restart via STOP error (Blue Screen!)

[06/10/2008, 17:33:20] - VirtumundoBeGone v1.5 ( "G:\VirtumundoBeGone.exe" )
[06/10/2008, 17:33:28] - Detected System Information:
[06/10/2008, 17:33:28] - Windows Version: 5.1.2600, Service Pack 2
[06/10/2008, 17:33:28] - Current Username: Administrator (Admin)
[06/10/2008, 17:33:28] - Windows is in SAFE mode.
[06/10/2008, 17:33:28] - Searching for Browser Helper Objects:
[06/10/2008, 17:33:28] - BHO 1: {0FF5BEB3-65C0-48C3-B045-AE3243A5025B} ()
[06/10/2008, 17:33:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:33:28] - Checking for HKLM\...\Winlogon\Notify\awturSJB
[06/10/2008, 17:33:28] - Key not found: HKLM\...\Winlogon\Notify\awturSJB, continuing.
[06/10/2008, 17:33:28] - BHO 2: {4f402daf-70fe-4a86-8662-fd59adcfb11e} ()
[06/10/2008, 17:33:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:33:28] - Checking for HKLM\...\Winlogon\Notify\nxkxdyrp
[06/10/2008, 17:33:28] - Key not found: HKLM\...\Winlogon\Notify\nxkxdyrp, continuing.
[06/10/2008, 17:33:28] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 17:33:28] - Finished Searching Browser Helper Objects
[06/10/2008, 17:33:28] - Finishing up...
[06/10/2008, 17:33:28] - Nothing found! Exiting...

[06/10/2008, 17:34:25] - VirtumundoBeGone v1.5 ( "G:\VirtumundoBeGone.exe" )
[06/10/2008, 17:34:25] - Detected System Information:
[06/10/2008, 17:34:25] - Windows Version: 5.1.2600, Service Pack 2
[06/10/2008, 17:34:25] - Current Username: a109 (Admin)
[06/10/2008, 17:34:25] - Windows is in SAFE mode.
[06/10/2008, 17:34:25] - Searching for Browser Helper Objects:
[06/10/2008, 17:34:25] - BHO 1: {0FF5BEB3-65C0-48C3-B045-AE3243A5025B} ()
[06/10/2008, 17:34:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:34:25] - Checking for HKLM\...\Winlogon\Notify\awturSJB
[06/10/2008, 17:34:25] - Key not found: HKLM\...\Winlogon\Notify\awturSJB, continuing.
[06/10/2008, 17:34:25] - BHO 2: {4f402daf-70fe-4a86-8662-fd59adcfb11e} ()
[06/10/2008, 17:34:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:34:25] - Checking for HKLM\...\Winlogon\Notify\nxkxdyrp
[06/10/2008, 17:34:25] - Key not found: HKLM\...\Winlogon\Notify\nxkxdyrp, continuing.
[06/10/2008, 17:34:25] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 17:34:25] - Finished Searching Browser Helper Objects
[06/10/2008, 17:34:25] - Finishing up...
[06/10/2008, 17:34:25] - Nothing found! Exiting...

[06/10/2008, 17:43:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\a109\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 17:43:43] - Detected System Information:
[06/10/2008, 17:43:43] - Windows Version: 5.1.2600, Service Pack 2
[06/10/2008, 17:43:43] - Current Username: a109 (Admin)
[06/10/2008, 17:43:43] - Windows is in NORMAL mode.
[06/10/2008, 17:43:43] - Searching for Browser Helper Objects:
[06/10/2008, 17:43:43] - BHO 1: {4f402daf-70fe-4a86-8662-fd59adcfb11e} ()
[06/10/2008, 17:43:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:43:43] - Checking for HKLM\...\Winlogon\Notify\nxkxdyrp
[06/10/2008, 17:43:43] - Key not found: HKLM\...\Winlogon\Notify\nxkxdyrp, continuing.
[06/10/2008, 17:43:43] - BHO 2: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 17:43:43] - BHO 3: {CDEBBC4F-75AF-431A-9691-32FAE3058F2C} ()
[06/10/2008, 17:43:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 17:43:43] - Checking for HKLM\...\Winlogon\Notify\awturSJB
[06/10/2008, 17:43:43] - Key not found: HKLM\...\Winlogon\Notify\awturSJB, continuing.
[06/10/2008, 17:43:43] - Finished Searching Browser Helper Objects
[06/10/2008, 17:43:43] - Finishing up...
[06/10/2008, 17:43:43] - Nothing found! Exiting...





--------------------------------------------------------------HiJackThis file----------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:29 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [d80d9d07] rundll32.exe "C:\WINDOWS\system32\hmbcpaes.dll",b
O4 - HKLM\..\Run: [BMdb3eae9b] Rundll32.exe "C:\WINDOWS\system32\cwkhuqid.dll",s
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 8353 bytes




Thank you once again!

--Danny
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello DannyJoe

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
DannyJoe

DannyJoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey! The DSS is only giving me one txt file. the main.txt

let me post it and can you tell me what i can do to make this work?

Deckard's System Scanner v20071014.68
Run by a109 on 2008-06-11 17:30:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as a109.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:15 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
G:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\a109.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {65196241-3cff-9159-b8a4-0fc5999b4614} - {4164b999-5cf0-4a8b-9519-ffc314269156} - C:\WINDOWS\system32\aodgukuc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B5B9FEEA-5701-4776-9E64-253C5D8FB6A1} - C:\WINDOWS\system32\awturSJB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [BMdb3eae9b] Rundll32.exe "C:\WINDOWS\system32\ulcurajw.dll",s
O4 - HKLM\..\Run: [d80d9d07] rundll32.exe "C:\WINDOWS\system32\jrhunhoq.dll",b
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 8774 bytes

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 17:26:11 80896 --a------ C:\WINDOWS\system32\jrhunhoq.dll
2008-06-11 17:26:05 98816 --a------ C:\WINDOWS\system32\aodgukuc.dll
2008-06-11 17:25:04 89600 --a------ C:\WINDOWS\system32\ulcurajw.dll
2008-06-11 17:23:55 0 dr-h----- C:\Documents and Settings\a109\Recent
2008-06-10 17:32:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-10 17:32:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-10 17:32:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-10 17:32:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-10 17:32:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-10 17:32:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-10 17:32:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-10 17:32:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-10 17:32:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-10 17:32:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-10 17:32:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-10 17:32:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-10 17:32:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-10 17:32:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-10 17:32:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-10 17:32:00 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-10 16:33:22 184320 --a------ C:\WINDOWS\system32\nxkxdyrp.dll
2008-06-10 16:30:22 147456 -----n--- C:\WINDOWS\system32\hmbcpaes.dll
2008-06-10 16:29:50 157184 --a------ C:\WINDOWS\system32\cwkhuqid.dll
2008-06-09 15:58:26 109056 --a------ C:\WINDOWS\system32\jkedjnld.dll
2008-06-05 16:22:30 0 d-------- C:\VundoFix Backups
2008-06-04 23:11:04 734538 --ahs---- C:\WINDOWS\system32\BJSrutwa.ini2
2008-06-04 23:11:00 371712 --a------ C:\WINDOWS\system32\awturSJB.dll
2008-06-04 18:49:54 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-04 17:45:32 0 d-------- C:\Program Files\Undisker
2008-06-01 11:35:44 0 d-------- C:\Program Files\ASIO4ALL v2
2008-06-01 11:34:08 0 d-------- C:\Program Files\Outsim
2008-05-27 19:58:35 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-18 18:39:50 0 d-------- C:\Documents and Settings\a109\Application Data\dvdcss
2008-05-18 13:27:47 0 d-------- C:\Documents and Settings\a109\Application Data\Google
2008-05-18 13:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-18 13:26:24 0 d-------- C:\Program Files\Google
2008-05-14 18:27:31 0 d-------- C:\Documents and Settings\a109\Application Data\DivX
2008-05-14 18:26:52 0 d-------- C:\Program Files\DivX
2008-05-14 18:20:45 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-05-14 18:17:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-14 18:17:16 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-14 18:17:16 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-14 18:17:16 3535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-05-14 18:17:16 4455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-05-14 13:50:29 0 d-------- C:\Program Files\iPod
2008-05-14 13:50:19 0 d-------- C:\Program Files\iTunes
2008-05-14 13:47:54 0 d-------- C:\Program Files\QuickTime
2008-05-14 13:44:15 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-06-11 17:23:52 3284 --a------ C:\WINDOWS\system32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-06-11 17:23:32 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-06-05 23:38:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-05 23:38:46 0 d-------- C:\Program Files\Common Files
2008-06-05 23:12:14 0 d-------- C:\Documents and Settings\a109\Application Data\Adobe
2008-06-04 23:09:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 11:41:09 0 d-------- C:\Program Files\VstPlugins
2008-06-01 11:41:09 0 d-------- C:\Program Files\Image-Line
2008-04-25 13:12:02 0 d-------- C:\Documents and Settings\a109\Application Data\vlc
2008-04-25 13:09:28 0 d-------- C:\Program Files\VideoLAN
2008-04-25 08:15:16 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-25 00:06:07 0 d-------- C:\Program Files\The Print Shop 21
2008-04-25 00:02:10 0 d-------- C:\Program Files\Autodesk
2008-04-21 10:44:32 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-21 10:44:32 0 d-------- C:\Program Files\Movie Maker
2008-04-21 10:44:30 0 d-------- C:\Program Files\Messenger
2008-04-21 10:44:29 0 d-------- C:\Program Files\AIM
2008-04-04 20:07:35 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4164b999-5cf0-4a8b-9519-ffc314269156}]
06/11/2008 05:26 PM 98816 --a------ C:\WINDOWS\system32\aodgukuc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5B9FEEA-5701-4776-9E64-253C5D8FB6A1}]
06/04/2008 11:11 PM 371712 --a------ C:\WINDOWS\system32\awturSJB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 03:01 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/10/2007 01:28 AM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 12:49 PM]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [08/20/2007 03:05 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 07:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 01:49 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 11:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 01:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Windows Sound"="svdhost.exe" [08/04/2004 12:56 AM C:\WINDOWS\SYSTEM32\svdhost.exe]
"BMdb3eae9b"="C:\WINDOWS\system32\ulcurajw.dll" [06/11/2008 05:25 PM]
"d80d9d07"="C:\WINDOWS\system32\jrhunhoq.dll" [06/11/2008 05:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [09/15/2005 03:00 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 12:56 AM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [02/20/2008 10:15 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/04/2008 11:09 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Sound"=svdhost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Photo TurboBackup"=C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s

C:\Documents and Settings\a109\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 3:36:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/04/2008 11:09 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
AutoRun\command- F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
AutoRun\command- F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
AutoRun\command- F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3093a2-e7b5-11dc-b9b7-001cf099a579}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-11 17:31:32 ------------




Thanks again!
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

#5
DannyJoe

DannyJoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
YAY! my internet is finally running smoothly!
i ran combofix and hijackthis
here are the two logs!

------------------------------------------combofix------------------------------------------------


ComboFix 08-06-11.1 - a109 2008-06-12 17:59:55.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -4:00]
Running from: G:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awturSJB.dll
C:\WINDOWS\SYSTEM32\BJSrutwa.ini
C:\WINDOWS\SYSTEM32\BJSrutwa.ini2
.
---- Previous Run -------
.
C:\WINDOWS\BMdb3eae9b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aodgukuc.dll
C:\WINDOWS\system32\asyyytrh.ini
C:\WINDOWS\SYSTEM32\BJSrutwa.ini
C:\WINDOWS\SYSTEM32\BJSrutwa.ini2
C:\WINDOWS\system32\ckfjhwan.dll
C:\WINDOWS\system32\cwkhuqid.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iaoxdamj.ini
C:\WINDOWS\system32\jkedjnld.dll
C:\WINDOWS\system32\jmadxoai.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlothkvj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nxkxdyrp.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\qohnuhrj.ini
C:\WINDOWS\system32\seapcbmh.ini
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\ulcurajw.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 23:08 . 2008-06-11 23:08 102,085 --a------ C:\VERVE.flp
2008-06-11 22:57 . 2008-06-11 22:58 981,228 --a------ C:\VERVE.mp3
2008-06-10 17:31 . 2008-06-10 17:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-09 17:44 . 2008-06-09 17:46 3,033,930 --a------ C:\Tu Dios.mp3
2008-06-05 16:22 . 2008-06-05 16:22 <DIR> d-------- C:\VundoFix Backups
2008-06-04 19:06 . 2007-03-21 21:27 7,364 --a------ C:\application.sif
2008-06-04 18:49 . 2008-06-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-04 17:45 . 2008-06-04 17:45 <DIR> d-------- C:\Program Files\Undisker
2008-06-01 11:35 . 2008-06-01 11:35 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-06-01 11:34 . 2008-06-01 11:34 <DIR> d-------- C:\Program Files\Outsim
2008-05-27 19:58 . 2008-05-27 19:58 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-05-18 18:39 . 2008-05-18 18:39 <DIR> d-------- C:\Documents and Settings\a109\Application Data\dvdcss
2008-05-18 13:26 . 2008-05-18 13:27 <DIR> d-------- C:\Program Files\Google
2008-05-18 13:26 . 2008-06-11 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-17 14:44 . 2008-05-17 14:45 38,776,832 --a------ C:\jenny's song with guitar.wav
2008-05-17 13:24 . 2008-05-17 13:25 37,389,262 --a------ C:\jennys song.wav
2008-05-14 18:27 . 2008-05-14 18:29 <DIR> d-------- C:\Documents and Settings\a109\Application Data\DivX
2008-05-14 18:27 . 2008-03-21 16:30 120,056 --a------ C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2008-05-14 18:27 . 2008-03-21 16:30 118,520 --a------ C:\WINDOWS\SYSTEM32\pxinsi64.exe
2008-05-14 18:26 . 2008-05-14 18:27 <DIR> d-------- C:\Program Files\DivX
2008-05-14 18:20 . 2008-05-14 18:23 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-05-14 18:20 . 2008-05-14 18:20 67 --a------ C:\WINDOWS\Easy Video to DVD.INI
2008-05-14 18:17 . 2008-06-12 16:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-14 18:17 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\SYSTEM32\Wnaspi32.dll
2008-05-14 18:17 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Aspi32.sys
2008-05-14 18:17 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\SYSTEM\Winaspi.dll
2008-05-14 18:17 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\SYSTEM\Wowpost.exe
2008-05-14 18:17 . 2008-05-14 18:17 0 --a------ C:\WINDOWS\AoADVDRipper.INI
2008-05-14 13:51 . 2008-06-12 18:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-14 13:51 . 2008-05-14 13:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-14 13:50 . 2008-05-14 13:50 <DIR> d-------- C:\Program Files\iTunes
2008-05-14 13:50 . 2008-05-14 13:50 <DIR> d-------- C:\Program Files\iPod
2008-05-14 13:47 . 2008-05-14 13:48 <DIR> d-------- C:\Program Files\QuickTime
2008-05-14 13:44 . 2008-05-14 13:44 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 03:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-05 03:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-01 15:41 --------- d-----w C:\Program Files\VstPlugins
2008-06-01 15:41 --------- d-----w C:\Program Files\Image-Line
2008-04-25 17:12 --------- d-----w C:\Documents and Settings\a109\Application Data\vlc
2008-04-25 17:09 --------- d-----w C:\Program Files\VideoLAN
2008-04-25 12:15 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-25 04:06 --------- d-----w C:\Program Files\The Print Shop 21
2008-04-25 04:02 --------- d-----w C:\Program Files\Autodesk
2008-04-25 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-21 14:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-21 14:44 --------- d-----w C:\Program Files\AIM
2008-04-20 17:42 94,423,744 ----a-w C:\12-panic_at_the_disco-folkin_around-ibg.zip
.

((((((((((((((((((((((((((((( [email protected]_17.50.46.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 21:41:57 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-12 22:04:18 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-12 22:04:36 16,384 ------w C:\WINDOWS\Temp\Perflib_Perfdata_2b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 03:00 512000]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 10:15 816368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 23:09 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 03:01 135264]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 01:28 36352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 15:05 1671168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 03:00 512000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 21:54:53 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-04 23:09 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17418:TCP"= 17418:TCP:BitCometBeta 17418 TCP
"17418:UDP"= 17418:UDP:BitCometBeta 17418 UDP
"13360:TCP"= 13360:TCP:BitCometBeta 13360 TCP
"13360:UDP"= 13360:UDP:BitCometBeta 13360 UDP

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 06:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 06:31]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 15:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
\Shell\AutoRun\command - F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3093a2-e7b5-11dc-b9b7-001cf099a579}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 16:30:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 18:05:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbkntservice.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
.
**************************************************************************
.
Completion time: 2008-06-12 18:13:43 - machine was rebooted [a109]
ComboFix-quarantined-files.txt 2008-06-12 22:13:39
ComboFix2.txt 2008-03-10 19:30:01

Pre-Run: 59,160,981,504 bytes free
Post-Run: 59,148,587,008 bytes free

207





and here is the hijackthis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:39 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 8143 bytes




thank you thank you thank youuuuuuuuu!
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
===============
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.

You can delete that after it merges.
==============
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===========================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
DannyJoe

DannyJoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
okay, so i did the whole ATF Cleaner thing, but the KasperSky wont work because it says I don't have Java, even after i just installed the Java link it sent me to.
so yet again, i'm another log short on this one
any suggestions?
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try to restart your browser and try it again.
Sometimes it doesn't know that you installed Java until you restart the whole thing.
Let me know if that fixes it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP