Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with Sticky Virus Please Help me [RESOLVED]


  • This topic is locked This topic is locked

#16
AtlantaFalcon

AtlantaFalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Computer seems fine, I haven't had the internet explorer issue yet. It ran basically perfect before, just after I removed the trojan I felt like they were some .dll files that maybe didn't belong and wanted a second opinion. Thank you for all your help. BTW, I forgot to post a new HJT log for you to see, looks clean to me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:21 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5870 bytes
  • 0

Advertisements


#17
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. lets do another checking.. I mean, another online scanner just to make sure we got everything..


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

  • 0

#18
AtlantaFalcon

AtlantaFalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have tried the F-Secure Online Scanner 3 times now. The first time it downloaded all applicable components and databases to 100 percent. It attempted to start the scan but didn't scan one file before it froze the scanner and my pc. I couldn't even open task manager and had to shut down holding the power button. The other two times I tried to do it, it froze and closed internet explorer. Is there another scanner I can try? Thanks.
  • 0

#19
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. that's odd... Try this one..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Then post me a fresh DSS log after ESET Online step :)
  • 0

#20
AtlantaFalcon

AtlantaFalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, sounds good. Will do tomorrow evening. I have to attend a funeral for a family member out of state on Monday, so please forgive me if I take a day or two before I respond.
  • 0

#21
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Alright.. will waiting for you.. Bump to know when you're reply.. :)
  • 0

#22
AtlantaFalcon

AtlantaFalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you for your patience. I just got back in town last night. Ok, I have performed the ESET Online Scanner and the scan didn't produce any text for me to paste here. The scan produced 0 (zero) threats found anyway. I have performed a new DSS scan and the log is as follows:

Deckard's System Scanner v20071014.68
Run by SiviK OutkasT on 2008-08-07 10:52:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 2.9 GiB (less than 15%) free.


-- HijackThis (run as SiviK OutkasT.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:10 AM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\SiviK OutkasT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SIVIKO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6176 bytes

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 09:38:22 0 d-------- C:\Program Files\EsetOnlineScanner
2008-08-07 08:35:28 0 d-------- C:\Uncle Reed's Pic's
2008-08-01 16:58:10 0 d-------- C:\cmdcons
2008-08-01 16:57:28 68096 --a------ C:\WINDOWS\zip.exe
2008-08-01 16:57:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-01 16:57:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-01 16:57:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-01 16:57:28 98816 --a------ C:\WINDOWS\sed.exe
2008-08-01 16:57:28 80412 --a------ C:\WINDOWS\grep.exe
2008-08-01 16:57:28 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-01 16:49:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-01 15:42:09 0 d-------- C:\LSP fix
2008-08-01 13:14:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 17:16:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-31 00:16:22 0 d-------- C:\d36cd63c986e6dc19b85c190
2008-07-30 18:16:23 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Malwarebytes
2008-07-30 18:16:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 18:16:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 18:16:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-29 13:10:11 0 dr-h----- C:\Documents and Settings\SiviK OutkasT\Recent
2008-07-25 15:13:55 0 d-------- C:\Program Files\SpywareBlaster
2008-07-25 13:39:44 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-25 13:39:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-25 13:39:23 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-25 13:38:02 0 d-------- C:\WINDOWS\Internet Logs
2008-07-24 01:36:48 0 d-------- C:\Program Files\VideoLAN
2008-07-23 13:56:34 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Media Player Classic
2008-07-22 21:46:19 0 d-------- C:\Your Work
2008-07-22 14:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-18 15:50:29 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\BitTorrent
2008-07-18 15:50:00 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\DNA
2008-07-18 15:49:59 0 d-------- C:\Program Files\BitTorrent
2008-07-14 20:28:27 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\vlc
2008-07-14 16:15:31 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Nero
2008-07-14 16:06:45 0 d-------- C:\New Folder (2)
2008-07-14 15:27:25 0 d-------- C:\Program Files\MP3 to WAV Decoder
2008-07-14 15:10:59 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-07-14 15:10:59 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:59 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:58 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:57 0 d-------- C:\Program Files\Nero
2008-07-14 15:10:57 0 d-------- C:\Program Files\Common Files\Nero
2008-07-14 15:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 15:35:33 0 d-------- C:\New Folder
2008-07-13 14:46:41 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-07-13 14:46:41 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-07-13 14:46:37 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2008-07-10 18:52:17 0 d-------- C:\WINDOWS\CSC
2008-07-10 18:13:12 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Desktopicon
2008-07-09 19:32:01 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-09 19:01:34 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-09 14:15:10 0 d-------- C:\WINDOWS\ie8updates
2008-07-08 18:09:12 0 d--h---c- C:\WINDOWS\ie8
2008-07-07 20:46:37 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-07 18:04:04 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

2008-08-02 09:22:52 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Adobe
2008-08-01 16:59:46 0 d-------- C:\Program Files\Common Files
2008-08-01 12:13:45 0 d-------- C:\Program Files\Yahoo!
2008-07-28 11:57:55 0 d-------- C:\Program Files\DVDFab 5
2008-07-28 11:57:54 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Vso
2008-07-22 19:51:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 15:50:00 0 d-------- C:\Program Files\DNA
2008-07-18 14:41:57 0 d-------- C:\Program Files\Java
2008-07-13 14:46:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 14:46:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-13 14:45:32 0 d-------- C:\Program Files\Dell
2008-07-07 21:01:25 668 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\vso_ts_preview.xml
2008-06-27 00:56:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-27 00:31:54 0 d-------- C:\Program Files\VSO
2008-06-26 18:29:17 0 d-------- C:\Program Files\DivX
2008-06-19 00:42:49 34 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.log
2008-06-19 00:42:42 47360 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-19 00:42:42 1144 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.inf
2008-06-19 00:42:42 7887 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.cat
2008-06-11 17:09:42 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\uTorrent
2008-06-11 17:08:54 0 d-------- C:\Program Files\RegCleaner
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 21:46:26 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 00:05:20 0 -rahs---- C:\MSDOS.SYS
2008-05-21 00:05:20 0 -rahs---- C:\IO.SYS
2008-05-21 00:05:20 0 --a------ C:\CONFIG.SYS
2008-05-21 00:05:20 0 --a------ C:\AUTOEXEC.BAT
2008-05-21 00:01:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-20 22:35:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 16:40:11 62 --ahs---- C:\Documents and Settings\SiviK OutkasT\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 08:30 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/22/2005 11:21 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/23/2005 01:46 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/23/2005 01:47 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 06:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 06:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 06:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 10:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/18/2008 03:50 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 01:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/23/2005 01:46 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll





-- End of Deckard's System Scanner: finished at 2008-08-07 10:53:54 ------------
  • 0

#23
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Your log looks clean to my eyes..

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#24
AtlantaFalcon

AtlantaFalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks fenzodahl512 for all your help. My computer seems to be running fine. I have joined Geek U as a freshman and hope to join the team of malware staff sooner than later. Thanks to all of you on this site.
  • 0

#25
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP