Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how do you remove darksma? [CLOSED]


  • This topic is locked This topic is locked

#1
Keven01

Keven01

    New Member

  • Member
  • Pip
  • 9 posts
i need help when i scan with ca yahoo antispy it shows darksma but for norton it doesntLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:26 AM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Safari\Safari.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [c017c955] rundll32.exe "C:\windows\system32\qcwvgqye.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O20 - AppInit_DLLs: aviyvv.dll
O21 - SSODL: BootSDRAM - {c9d529f1-139e-4324-a4a1-b9c466b18e92} - C:\windows\Resources\BootSDRAM.dll
O21 - SSODL: PreBootCheck - {6cb3baaa-a62c-44a5-9911-780e202bfba4} - C:\windows\Resources\AlrtStd.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8784 bytes

Edited by Keven01, 04 August 2008 - 10:42 PM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window:Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again
  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply, along with virusinfo_syscheck.zip.

  • 0

#3
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is the attachments you wanted

Attached Files


  • 0

#4
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
and

Attached Files


  • 0

#5
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:


    • C:\windows\System32\Drivers\spyb.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Next,

Go to add or remove programs and uninstall Viewpoint and delete C:\program files\Viewpoint.

  • Double click on AVZ.exe
  • Click on File, then Custom Scripts
  • Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
    begin
    SetAVZGuardStatus(True);
     DelBHO('{D6258CA6-2028-4CDD-B496-CACC18721A60}');
     DelBHO('{dda53789-cb35-4cb2-bb46-25e1d205dfe9}');
     DelBHO('{36C38422-602D-48A3-8110-4174CBDDA12C}');
     DeleteService('Viewpoint Manager Service');
     StopService('Viewpoint Manager Service');
     DeleteFile('C:\windows\system32\geBqQGXO.dll');
     DeleteFile('C:\windows\system32\iSecurity.cpl');
     DeleteFile('geBqQGXO.dll');
     DeleteFile('C:\windows\system32\960932\960932.dll');
     DeleteFile('C:\windows\system32\ejwwxu.dll');
     DeleteFile('D:\autorun.inf');
     DeleteFile('C:\Program Files\iSecurity\v20\iSecurity.cpl');
    SearchRootkit(true, true);
    BC_ImportDeletedList;
    BC_Activate;
    ExecuteSysClean;
    RebootWindows(true);
    end.
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.

Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a separate reply.

Edited by Mike, 06 August 2008 - 01:09 PM.

  • 0

#6
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
for some reason my comp wont let me download both Malwarebytes' Anti-Malware and Deckards system scanner
  • 0

#7
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Do you have access to another PC where you could possibly transfer the tools?

Are you getting an error when downloading it?
  • 0

#8
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
no it says that windows found this file is poteintally harmful so windows has blocked it
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Can you get this to run?

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Run it and try downloading the tool again - does it work? If not do this please.

Please download OTScanIt.exe to your Desktop.
Double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close all other programs.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
  • (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the file in your next post, do not try to copy/paste it into the post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#10
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
for the SUPERAntiSpyware.exe when i run it a windows installer message pops up and says windows installer cannot be accesed
  • 0

Advertisements


#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
How is OTScanIt going? Also what about the results from VIRScan.org?

Edited by Mike, 07 August 2008 - 12:40 PM.

  • 0

#12
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is the superantispyware log
Memory items scanned : 358
Memory threats detected : 0
Registry items scanned : 9478
Registry threats detected : 3
File items scanned : 18115
File threats detected : 59

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1863405692-2512887711-682732193-1005\Software\Microsoft\rdfa

Adware.Rogue-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP0\A0000001.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP0\A0000002.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0001004.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0001005.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0001006.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0001007.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0001012.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0001013.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0002018.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0002017.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0002019.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0002020.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0002872.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0002873.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033270.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033271.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033272.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033282.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033284.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033287.LNK
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\DESKTOP\MALWARE PROTECTOR 2008.LNK
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\DESKTOP\SYSTEMDEFENDER.LNK

Adware.E404 Helper/Variant-C
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0002968.DLL
C:\WINDOWS\SYSTEM32\689371\689371.DLL

Trojan.SecurityCenter/Fake
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0004034.CPL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032205.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033286.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033291.CPL

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0022657.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0023664.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0024700.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0029951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032177.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032168.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032176.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032195.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032178.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032180.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032181.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032196.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032197.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032198.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032199.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032201.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032202.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032203.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032204.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0033326.DLL
C:\WINDOWS\SYSTEM32\ADYNCBRF.DLL
C:\WINDOWS\SYSTEM32\AVIYVV.DLL
C:\WINDOWS\SYSTEM32\GQLLXKQV.DLL
C:\WINDOWS\SYSTEM32\MTBENAYQ.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0032200.DLL

Adware.E404 Helper/Variant-E
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0034363.DLL

Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\AAEOEA.DLL
C:\WINDOWS\SYSTEM32\AVMLIS.DLL
C:\WINDOWS\SYSTEM32\LKVRWL.DLL

Trojan.Vundo-Variant/Small-V2
C:\WINDOWS\SYSTEM32\BQIBJXVE.DLL


Here is the second one

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2008 at 05:44 PM

Application Version : 4.15.1000

Core Rules Database Version : 3529
Trace Rules Database Version: 1519

Scan type : Complete Scan
Total Scan Time : 136:00:19

Memory items scanned : 332
Memory threats detected : 0
Registry items scanned : 9480
Registry threats detected : 0
File items scanned : 19210
File threats detected : 20

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034591.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034584.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034585.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034586.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034587.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034588.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034589.DLL
C:\WINDOWS\SYSTEM32\UXYXHQWR.DLL

Adware.Rogue-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034581.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034582.LNK

Adware.E404 Helper/Variant-C
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0034583.DLL

Trojan.Vundo-Variant/Small-V2
C:\WINDOWS\SYSTEM32\PJAMOHSB.DLL
C:\WINDOWS\SYSTEM32\PVLRILXY.DLL
C:\WINDOWS\SYSTEM32\SFTJQQCX.DLL
C:\WINDOWS\SYSTEM32\SMKOSXHF.DLL
C:\WINDOWS\SYSTEM32\TVMLEPON.DLL
C:\WINDOWS\SYSTEM32\WLICHJQE.DLL

Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\SSQNMDBB.DLL
C:\WINDOWS\SYSTEM32\VGGDOC.DLL
C:\WINDOWS\SYSTEM32\ZFEQJS.DLL

Edited by Keven01, 07 August 2008 - 09:14 PM.

  • 0

#13
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Good,

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\windows\System32\Drivers\spyb.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Then,

Let's see if you can run DSS now.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a separate reply.

If you cannot run DSS, please run OTScanIt as instructed here http://www.geekstogo...52#entry1302052
and post the results :)

Edited by Mike, 08 August 2008 - 04:01 AM.

  • 0

#14
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
for the virscan.org it says file not found or something so here is the dss log
Deckard's System Scanner v20071014.68
Run by Keven Nguyen on 2008-08-06 20:01:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Keven Nguyen.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:50 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\phuong nguyen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVENN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {03E0B753-15AB-43AA-A8A3-809089FEE882} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EAB976EB-6999-4847-AFAD-D28C6E7EA18A} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBqQGXO - C:\windows\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

--
End of file - 10050 bytes
  • 0

#15
Keven01

Keven01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
and-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-07 10:34:58 0 d-------- C:\Program Files\SpeedFan
2008-08-07 09:52:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-07 09:52:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-07 09:52:34 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\SUPERAntiSpyware.com
2008-08-06 22:21:24 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Comodo
2008-08-06 22:21:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-08-06 22:18:54 0 d-------- C:\Program Files\Comodo
2008-08-06 18:14:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-05 19:17:25 0 dr-h----- C:\Documents and Settings\phuong nguyen\Recent
2008-08-05 17:50:56 90112 -----n--- C:\windows\system32\hpqnt.dll <Not Verified; Hewlett-Packard Development Company, L.P.; hpqnt Dynamic Link Library>
2008-08-01 20:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-01 18:41:15 0 d-------- C:\Program Files\Alwil Software
2008-08-01 04:22:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 03:47:08 0 d-------- C:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-08-01 03:38:35 1 --a------ C:\windows\fmark2.dat
2008-08-01 03:37:54 0 d-------- C:\windows\system32\960932
2008-07-31 06:10:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-31 06:10:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-31 06:10:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-31 06:10:17 0 d-------- C:\Program Files\Common Files\AOL
2008-07-31 03:59:39 0 d-------- C:\DVDVideoSoft
2008-07-31 03:59:19 0 d-------- C:\Program Files\DVDVideoSoft
2008-07-31 03:59:19 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-28 22:34:02 0 d-------- C:\Documents and Settings\phuong nguyen\.SunDownloadManager
2008-07-17 07:34:39 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-16 19:07:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-16 19:07:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-16 19:03:03 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-13 13:11:03 0 d-------- C:\Program Files\Trend Micro
2008-07-13 10:29:51 0 d-------- C:\CA Yahoo! Anti-Spy


-- Find3M Report ---------------------------------------------------------------

2008-08-07 10:26:14 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Adobe
2008-08-05 17:50:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-08-05 17:50:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 18:59:13 0 d-------- C:\Program Files\music_now
2008-08-01 17:32:29 1324 --a------ C:\windows\system32\d3d9caps.dat
2008-08-01 04:22:09 0 d-------- C:\Program Files\Common Files
2008-08-01 03:58:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-01 03:55:49 479 --ahs---- C:\windows\system32\ilSYIRqr.ini2
2008-08-01 03:47:06 0 d-------- C:\Program Files\Symantec
2008-07-31 04:03:58 0 d-------- C:\Program Files\DivX
2008-07-13 13:48:57 0 d-------- C:\Program Files\Dcads Games Collection
2008-07-08 02:28:30 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Uniblue
2008-07-07 10:28:29 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-03 07:30:11 1624819 ---hs---- C:\windows\system32\apcmsoyd.ini2
2008-06-29 20:55:10 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Symantec
2008-06-29 19:18:27 1721727 ---hs---- C:\windows\system32\qsxtbfim.ini2
2008-06-25 20:53:09 236911 --ahs---- C:\windows\system32\YGjRtBeg.ini2
2008-06-25 19:01:34 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-25 18:19:19 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\shcgw5j0ee21
2008-06-25 18:13:39 0 d-------- C:\Program Files\RocketDock
2008-06-23 07:13:04 92032 --a------ C:\windows\system32\rqowbkcu.dll
2008-06-22 13:43:48 0 d-------- C:\Program Files\QuickTime
2008-06-20 20:28:14 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Sonic
2008-06-20 20:28:01 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Leadertech
2008-06-20 20:27:08 0 d-a------ C:\Documents and Settings\phuong nguyen\Application Data\Apple Computer
2008-06-19 20:18:05 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\GTek
2008-06-19 19:14:40 0 d-------- C:\Program Files\Datel
2008-06-17 20:38:41 0 d-------- C:\Program Files\Safari
2008-06-17 20:12:16 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Macromedia
2008-06-17 18:53:18 22 --a------ C:\windows\ShellIcon32.dll
2008-06-15 12:24:16 104960 --a------ C:\windows\svcadmin.exe
2008-06-14 18:33:38 61004 --ah----- C:\windows\system32\mlfcache.dat
2008-06-12 20:02:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 19:58:56 0 d-------- C:\Program Files\Google
2008-06-12 19:24:34 0 d-------- C:\Documents and Settings\phuong nguyen\Application Data\Opera
2008-06-07 17:07:15 0 d-------- C:\Program Files\Sun
2008-06-07 17:07:00 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E0B753-15AB-43AA-A8A3-809089FEE882}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAB976EB-6999-4847-AFAD-D28C6E7EA18A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
06/02/2008 01:56 PM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 09:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [05/30/2006 05:02 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 05:47 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/03/2006 10:58 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/31/2006 10:01 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 11:23 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/11/2006 10:55 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 12:33 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/28/2006 10:00 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 02:12 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 05:30 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 05:30 PM]
"nwiz"="nwiz.exe" [06/28/2006 10:00 PM C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/08/2007 02:13 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/01/2006 05:02 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [06/28/2006 10:00 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [11/28/2007 08:51 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 07:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [03/15/2006 09:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQGXO]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\windows\\system32\\rqRIYSli


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMshcgw5j0ee21]
C:\Program Files\shcgw5j0ee21\shcgw5j0ee21.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows defend]
C:\Program Files\iSecurity\{9DA536DD-32B1-4944-B34F-98A8E18CF2BA}\install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"avg8emc"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NWCWorkstation"=2 (0x2)
"Nla"=3 (0x3)
"Netlogon"=3 (0x3)
"MSMQTriggers"=2 (0x2)
"MSMQ"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Anyplace Control Security"=2 (0x2)
"ALG"=3 (0x3)
"6to4"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370f512a-bfe6-11dc-bca0-001636a411c6}]
AutoRun\command- H:\.\Start.exe




-- End of Deckard's System Scanner: finished at 2008-08-06 20:03:30 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP