Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis and DSS logs

Started by IhateMS , Jun 20 2008 12:43 PM

  • This topic is locked This topic is locked

#1
IhateMS
Posted 20 June 2008 - 12:43 PM

IhateMS

    New Member

  • Member
  • Pip
  • 9 posts
Hey guys

Below I am posting my logs from Hijackthis and DSS because my brother screwed up his computer and I am at a loss! Basically he has what seems to me to be a fraudulent Windows Security Centre that keeps popping up, asking to download "System Defender". There was a load more stuff before that I got rid of with Smitfraudfix (such as "VIRUS ALERT" over the time in the bottom right, and other pop ups) but there is still pop ups, crashing and this area on the desktop (the top left quarter) that darkens when the cursor is over it...

Anyway, logs below, any help much appreciated. Thanks in advance guys!

Additional note: In trying to download the newer version of hijack this my browser crashed 3 times in a row! :)

p.s. I'm running XP pro, just in case





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:32, on 20/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\vrmdtneg.dll (file missing)
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [1ce7b183] rundll32.exe "C:\WINDOWS\System32\eluglwws.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212614478061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212614464623
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
O21 - SSODL: PreBootCheck - {af379abe-7263-4efb-b9eb-ef5629b336a6} - C:\WINDOWS\Resources\SysDrv.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4138 bytes




********************************************************************************
******************************




Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-20 19:16:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
14: 2008-06-20 18:13:27 UTC - RP89 - Deckard's System Scanner Restore Point
13: 2008-06-19 20:49:58 UTC - RP88 - System Checkpoint
12: 2008-06-17 01:00:36 UTC - RP87 - Configured Broadcom 440x 10/100 Integrated Controller
11: 2008-06-16 23:38:59 UTC - RP86 - Last known good configuration
10: 2008-06-16 23:38:57 UTC - RP85 - Removed USB DVB-T TV Tuner


-- First Restore Point --
1: 2008-06-16 23:38:56 UTC - RP76 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 0.62 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:16:14, on 20/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\Administrator.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {203F901B-BF73-4F4A-9D6F-83FA158E9A85} - C:\WINDOWS\System32\awtusrQh.dll
O2 - BHO: (no name) - {45D06DD4-7B73-4CE0-BF56-B3B2142E93FA} - C:\WINDOWS\System32\nnnkHbXR.dll
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\vrmdtneg.dll (file missing)
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [1ce7b183] rundll32.exe "C:\WINDOWS\System32\eluglwws.dll",b
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212614478061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212614464623
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: nnnkHbXR - C:\WINDOWS\SYSTEM32\nnnkHbXR.dll
O20 - Winlogon Notify: routew - C:\WINDOWS\SYSTEM32\routew.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
O21 - SSODL: PreBootCheck - {af379abe-7263-4efb-b9eb-ef5629b336a6} - C:\WINDOWS\Resources\SysDrv.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 rotw (WIRELESS Route service) - c:\windows\system32\rotw.sys
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 EC168BDA (EC168BDA service) - c:\windows\system32\drivers\ec168bda.sys <Not Verified; e3C, Inc.; e3C DTV Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 FCI - c:\windows\system32\svchost.exe:ext.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: USB Device
Device ID: USB\VID_046D&PID_08B2&MI_00\6&33E2D93F&0&0000
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_046D&PID_08B2&MI_00\6&33E2D93F&0&0000
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_265C&SUBSYS_01991028&REV_03\3&172E68DD&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_265C&SUBSYS_01991028&REV_03\3&172E68DD&0&EF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&10F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&10F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_266A&SUBSYS_01991028&REV_03\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_266A&SUBSYS_01991028&REV_03\3&172E68DD&0&FB
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0103\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0103\2&DABA3FF&0
Service:


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-19 18:59:30 1270 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-19 18:49:48 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-06-19 18:49:48 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 18:49:48 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 18:49:48 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 18:49:48 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-19 18:49:48 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 18:49:48 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-06-19 18:49:48 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-19 16:54:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-19 01:47:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\shctjpj0eeee
2008-06-19 01:47:11 0 d-------- C:\Program Files\shctjpj0eeee
2008-06-18 21:00:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-18 20:40:56 0 d-------- C:\iSecurity
2008-06-18 20:35:58 1 --a------ C:\WINDOWS\tmark2.dat
2008-06-18 20:35:55 26112 --a------ C:\WINDOWS\mstre5.exe
2008-06-18 20:35:52 0 d-------- C:\WINDOWS\System32\689371
2008-06-18 20:35:49 0 d-------- C:\Program Files\iSecurity
2008-06-18 19:40:14 93568 --a------ C:\WINDOWS\System32\gpihtglh.dll
2008-06-17 19:04:07 94080 --a------ C:\WINDOWS\System32\yahjmbgr.dll
2008-06-17 10:08:28 0 d--hs---- C:\Documents and Settings\LocalService\Application Data\wsnpoem
2008-06-17 10:04:15 0 d-------- C:\WINDOWS\System32\763444
2008-06-17 02:03:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-06-17 00:39:28 92544 --a------ C:\WINDOWS\System32\tykqtiqm.dll
2008-06-17 00:38:46 237756 --ahs---- C:\WINDOWS\System32\hQrsutwa.ini2
2008-06-17 00:38:44 322432 --a------ C:\WINDOWS\System32\awtusrQh.dll
2008-06-17 00:33:30 180224 --a------ C:\WINDOWS\xvorfwbd.dll
2008-06-17 00:33:30 155648 --a------ C:\WINDOWS\vrmdtneg.dll
2008-06-17 00:33:30 245760 --a------ C:\WINDOWS\ksendlbtdpl.dll
2008-06-17 00:33:29 229376 --a------ C:\WINDOWS\wpvmqosg.dll
2008-06-17 00:33:29 94208 --a------ C:\WINDOWS\exwd.exe
2008-06-17 00:33:28 30336 --a------ C:\WINDOWS\System32\nnnkHbXR.dll
2008-06-16 21:08:15 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 21:08:15 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 21:06:18 0 d-------- C:\Program Files\USB DVB-T TV Tuner
2008-06-12 23:59:25 0 d-------- C:\Program Files\7-Zip
2008-06-10 03:11:17 22322 --a------ C:\WINDOWS\System32\routew.dll
2008-06-10 03:11:17 8352 --a------ C:\WINDOWS\System32\rotw.sys
2008-06-10 03:11:17 6239 --a------ C:\WINDOWS\System32\rdata.bin
2008-06-09 21:09:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-06-09 21:02:01 96896 --a------ C:\WINDOWS\System32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-06-09 21:02:00 0 d-------- C:\Program Files\MagicDisc
2008-06-06 09:41:43 0 d-------- C:\Program Files\MSXML 4.0
2008-06-05 11:49:56 20261 --a------ C:\d1.exe
2008-06-05 11:49:50 2 --a------ C:\484946220
2008-06-05 11:49:29 12288 --a------ C:\sedjecny.exe
2008-06-05 11:49:06 12961 --a------ C:\syam.exe
2008-06-05 11:48:58 12800 --a------ C:\rhdhhha.exe
2008-06-05 11:46:58 23180 --a------ C:\htab.exe
2008-06-05 03:08:45 0 d--hs---- C:\Documents and Settings\NetworkService\Application Data\wsnpoem
2008-06-05 03:00:32 25600 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-05 03:00:32 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2008-06-05 00:38:17 47105 --a------ C:\Documents and Settings\Administrator\schosst.exe
2008-06-04 22:30:00 0 d-------- C:\WINDOWS\System32\bits
2008-06-04 22:21:13 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-04 22:20:46 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-04 22:18:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-04 12:38:54 0 d-------- C:\Program Files\uTorrent
2008-06-04 12:38:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-04 09:46:22 0 d-------- C:\Program Files\BitTorrent
2008-06-04 09:23:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-06-04 09:22:52 0 d-------- C:\Program Files\DNA
2008-06-04 09:22:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-06-03 23:19:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-03 23:19:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-06-03 20:56:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-03 19:43:09 0 d-------- C:\Program Files\Yahoo!
2008-06-03 19:43:03 0 d-------- C:\Program Files\CCleaner
2008-06-03 19:37:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-03 19:37:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-03 19:29:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-06-03 19:28:43 0 d-------- C:\Program Files\O2
2008-06-03 19:25:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 19:25:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-03 19:24:10 0 d-------- C:\Program Files\SiteAdvisor
2008-06-03 19:21:15 0 d---s---- C:\WINDOWS\System32\Microsoft
2008-06-03 19:19:40 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-03 19:06:38 0 d-------- C:\Program Files\Broadcom
2008-06-03 18:50:43 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-05-30 23:16:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-30 23:15:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-30 23:14:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-30 23:14:36 0 d-------- C:\Program Files\Google
2008-05-29 21:29:21 0 d-------- C:\Program Files\BinaryBiz


-- Find3M Report ---------------------------------------------------------------

2008-06-16 21:22:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 22:47:01 0 d-------- C:\Program Files\Common Files
2008-06-04 22:21:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-04 22:18:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 19:06:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-19 16:27:55 0 d-------- C:\Program Files\Fujitsu
2008-04-20 23:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Samsung
2008-04-20 23:13:46 0 d-------- C:\Program Files\Samsung
2008-04-15 09:41:33 0 -rahs---- C:\MSDOS.SYS
2008-04-15 09:41:33 0 -rahs---- C:\IO.SYS
2008-04-15 09:41:33 0 --a------ C:\CONFIG.SYS
2008-04-15 09:41:33 0 --a------ C:\AUTOEXEC.BAT
2008-04-15 09:39:03 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-04-15 08:30:36 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{203F901B-BF73-4F4A-9D6F-83FA158E9A85}]
17/06/2008 00:38 322432 --a------ C:\WINDOWS\System32\awtusrQh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45D06DD4-7B73-4CE0-BF56-B3B2142E93FA}]
17/06/2008 00:33 30336 --a------ C:\WINDOWS\System32\nnnkHbXR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B552B8A4-76AC-4e8c-A469-C1585B111116}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iSecurity applet"="iSecurity.cpl" [18/06/2008 20:35 C:\WINDOWS\system32\iSecurity.cpl]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"1ce7b183"="C:\WINDOWS\System32\eluglwws.dll" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WintelUpdate"=c:\rhdhhha.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{45D06DD4-7B73-4CE0-BF56-B3B2142E93FA}"= C:\WINDOWS\System32\nnnkHbXR.dll [17/06/2008 00:33 30336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"iSecurity"= {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl [ ]
"PreBootCheck"= {af379abe-7263-4efb-b9eb-ef5629b336a6} - C:\WINDOWS\Resources\SysDrv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHbXR]
nnnkHbXR.dll 17/06/2008 00:33 30336 C:\WINDOWS\system32\nnnkHbXR.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\routew]
routew.dll 10/06/2008 03:11 22322 C:\WINDOWS\system32\routew.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=iSecurity.cpl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\awtusrQh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe




-- End of Deckard's System Scanner: finished at 2008-06-20 19:17:01 ------------
  • 0

Advertisements

#2
Rorschach112
Posted 20 June 2008 - 04:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't waste our time by posting at multiple forums

http://www.bleepingc...opic153325.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP