1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

dll errors

Discussion in 'Malware and Virus Removal Archive' started by bluesub, 2008/03/21.

  1. 2008/03/21
    bluesub

    bluesub Inactive Thread Starter

    Joined:
    2008/03/20
    Messages:
    1
    Likes Received:
    0
    Hello

    I use NOD32 virus checker and after a (very) brief useage of utorrent (which I have now deleted) NOD keeps alerting me to various dll files with trojans, worms etc..

    Even though I hit the delete button when prompted every time, they appear next time I re-boot and using the internet is unstable to say the least.

    I cant access hotmail anymore either using IE6 or Mozilla Firefox and I'm not sure if this is related.

    Also if my wife logs in as her name then different files are shown with virus alerts.

    I have done a DSS scan and attach the file to see if anybody out there can shed some light on what to do next.

    Fingers crossed

    Deckard's System Scanner v20071014.68
    Run by Iain on 2008-03-21 09:40:45
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Iain.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:40:52, on 21/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Iain\Desktop\dss.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Iain.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: {90b666cc-574d-5f2a-df84-d07c2077e904} - {409e7702-c70d-48fd-a2f5-d475cc666b09} - C:\WINDOWS\system32\ombaksan.dll
    O2 - BHO: (no name) - {86EC183B-D708-4DED-A1EE-29A80D2E0334} - C:\WINDOWS\system32\awtqn.dll
    O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\vtutstr.dll (file missing)
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - blank (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe "
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe "
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
    O4 - HKLM\..\Run: [BM17b6c3bc] Rundll32.exe "C:\WINDOWS\system32\chgtrmcr.dll ",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Iain\Local Settings\Application Data\spool.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.amaena.com (HKLM)
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1206039556250
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206040956765
    O20 - Winlogon Notify: vtutstr - vtutstr.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8775 bytes

    -- Files created between 2008-02-21 and 2008-03-21 -----------------------------

    2008-03-21 01:01:59 0 d-------- C:\Program Files\Trend Micro
    2008-03-20 20:39:43 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
    2008-03-20 20:39:43 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
    2008-03-20 20:39:43 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-03-20 20:39:43 153088 --a------ C:\WINDOWS\system32\unrar3.dll
    2008-03-20 20:39:43 75264 --a------ C:\WINDOWS\system32\unacev2.dll
    2008-03-20 20:34:39 0 d-------- C:\Documents and Settings\Iain\Application Data\Simply Super Software
    2008-03-20 20:34:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2008-03-20 20:03:50 0 d-------- C:\Documents and Settings\Lorraine\Application Data\Mozilla
    2008-03-20 19:00:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
    2008-03-20 18:32:52 0 d-------- C:\Program Files\RegistryFix
    2008-03-20 16:35:45 87104 --a------ C:\WINDOWS\system32\wgcdibww.dll
    2008-03-20 16:32:45 91712 --a------ C:\WINDOWS\system32\ombaksan.dll
    2008-03-20 16:29:49 89664 --a------ C:\WINDOWS\system32\chgtrmcr.dll
    2008-03-19 22:27:08 16896 --a------ C:\WINDOWS\system32\~.exe
    2008-03-19 16:33:19 93248 --a------ C:\WINDOWS\system32\forsnxwx.dll
    2008-03-19 16:30:19 90688 --a------ C:\WINDOWS\system32\aphqcrhb.dll
    2008-03-18 16:32:48 92736 --a------ C:\WINDOWS\system32\ltxvvdyk.dll
    2008-03-18 16:29:38 91200 --a------ C:\WINDOWS\system32\mumqholx.dll
    2008-03-17 16:59:57 0 d-------- C:\Documents and Settings\Iain\Application Data\ScanSoft
    2008-03-17 16:59:28 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-03-17 16:59:27 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
    2008-03-17 16:58:26 0 d-------- C:\Program Files\ScanSoft
    2008-03-17 16:46:34 0 d-------- C:\Program Files\Common Files\CANON
    2008-03-17 16:42:11 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-03-17 16:41:47 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2008-03-17 16:40:44 0 d--h----- C:\Program Files\CanonBJ
    2008-03-17 16:37:40 0 d-------- C:\Program Files\Canon
    2008-03-17 14:17:42 0 d-------- C:\Documents and Settings\Iain\Application Data\Mozilla
    2008-03-17 10:14:55 99392 --a------ C:\WINDOWS\system32\iveabcek.dll
    2008-03-17 10:10:12 93760 --a------ C:\WINDOWS\system32\jlkkslvc.dll
    2008-03-16 09:25:59 99904 --a------ C:\WINDOWS\system32\tufabljw.dll
    2008-03-16 09:23:16 95296 --a------ C:\WINDOWS\system32\gfhpbdoj.dll
    2008-03-16 09:21:12 95296 --a------ C:\WINDOWS\system32\dkjcggeo.dll
    2008-03-15 13:04:02 8253 --ahs---- C:\WINDOWS\system32\nqtwa.ini2
    2008-03-15 13:04:02 63 --a------ C:\WINDOWS\system32\1485e2ae
    2008-03-15 13:03:59 298496 --a------ C:\WINDOWS\system32\awtqn.dll
    2008-03-14 22:21:56 32764 --a------ C:\WINDOWS\17PHolmes572.exe
    2008-03-14 22:21:42 37376 --a------ C:\WINDOWS\system32\nnnkjkh.dll
    2008-03-08 22:07:59 0 d-------- C:\Documents and Settings\Sophie & Elisa\Application Data\Teleca
    2008-03-08 22:07:52 0 d-------- C:\Documents and Settings\Sophie & Elisa\Application Data\Sony Ericsson
    2008-03-07 15:23:58 0 d-------- C:\Documents and Settings\New User\Application Data\Corel Photo Album
    2008-03-07 14:48:32 0 d-------- C:\Documents and Settings\New User\Application Data\AdobeAUM
    2008-03-07 14:33:43 0 d---s---- C:\Documents and Settings\New User\UserData
    2008-03-05 09:26:00 0 d-------- C:\Documents and Settings\New User\Application Data\Teleca
    2008-03-05 09:25:48 0 d-------- C:\Documents and Settings\New User\Application Data\Sony Ericsson


    -- Find3M Report ---------------------------------------------------------------

    2008-03-20 17:11:42 66 --a------ C:\WINDOWS\anticrash.dat
    2008-03-19 20:57:31 133 --ah----- C:\WINDOWS\winshell.dat
    2008-03-17 16:59:27 0 d-------- C:\Program Files\Common Files
    2008-03-13 16:36:30 0 d-------- C:\Documents and Settings\Iain\Application Data\Adobe
    2008-03-07 15:24:16 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-03-07 15:24:12 88 -r-hs---- C:\WINDOWS\system32\00E4528ED4.sys


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{409e7702-c70d-48fd-a2f5-d475cc666b09}]
    20/03/2008 16:32 91712 --a------ C:\WINDOWS\system32\ombaksan.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86EC183B-D708-4DED-A1EE-29A80D2E0334}]
    15/03/2008 13:04 298496 --a------ C:\WINDOWS\system32\awtqn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
    C:\WINDOWS\system32\vtutstr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 17:48]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [06/04/2006 13:58]
    "Broadcom Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY.exe" [19/12/2005 14:08]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [09/12/2005 19:29]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [12/07/2005 18:05]
    "nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [11/03/2007 23:56]
    "Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [09/02/2006 22:34]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
    "Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/01/2007 13:36]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
    "CanonSolutionMenu "= "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [14/05/2007 16:01]
    "CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/04/2007 16:50]
    "SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 09:03]
    "OpwareSE4 "= "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 12:02]
    "Ad-watch "= "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [12/02/2003 22:04]
    "ntuser "= "C:\WINDOWS\system32\drivers\ctfmon.exe" []
    "BM17b6c3bc "= "C:\WINDOWS\system32\chgtrmcr.dll" [20/03/2008 16:29]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/06/2007 22:22]
    "ntuser "= "C:\WINDOWS\system32\drivers\ctfmon.exe" []
    "autoload "= "C:\Documents and Settings\Iain\Local Settings\Application Data\spool.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ntuser "=C:\WINDOWS\system32\drivers\ctfmon.exe
    "autoload "=C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 03:44:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{E9383002-FC55-4330-B9C9-67E03BC5C840} "= C:\WINDOWS\system32\vtutstr.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutstr]
    vtutstr.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 C:\WINDOWS\system32\awtqn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
    c:\dell\bldbubg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    C:\Program Files\NetWaiting\netWaiting.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
    C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe




    -- End of Deckard's System Scanner: finished at 2008-03-21 09:41:28 ------------
     
    bluesub,
    #1
  2. 2008/03/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS bluesub :)

    Download ComboFix by sUBs from here, saving the file to your desktop.

    Please disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...